1--TEST-- 2PostgreSQL pg_insert() - test for CVE-2015-1532 3--SKIPIF-- 4<?php include("skipif.inc"); ?> 5--FILE-- 6<?php 7 8include('config.inc'); 9 10$conn = pg_connect($conn_str); 11 12foreach (array('', '.', '..') as $table) { 13 var_dump(pg_insert($conn, $table, array('id' => 1, 'id2' => 1))); 14} 15?> 16Done 17--EXPECTF-- 18Warning: pg_insert(): The table name must be specified in %s on line %d 19bool(false) 20 21Warning: pg_insert(): The table name must be specified in %s on line %d 22bool(false) 23 24Warning: pg_insert(): The table name must be specified in %s on line %d 25bool(false) 26Done 27
