1--TEST--
2Testing null byte injection in imagegif
3--CLEAN--
4$tempdir = sys_get_temp_dir(). '/php-gdtest';
5foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
6rmdir($tempdir);
7--SKIPIF--
8<?php
9if(!extension_loaded('gd')){ die('skip gd extension not available'); }
10$support = gd_info();
11if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) {
12	print 'skip gif support not available';
13}
14?>
15--FILE--
16<?php
17$image = imagecreate(1,1);// 1px image
18
19
20$tempdir = sys_get_temp_dir(). '/php-gdtest';
21if (!file_exists($tempdir) && !is_dir($tempdir)) {
22	mkdir ($tempdir, 0777, true);
23}
24
25$userinput = "1\0"; // from post or get data
26$temp = $tempdir. "/test" . $userinput .".tmp";
27
28echo "\nimagegif TEST\n";
29imagegif($image, $temp);
30var_dump(file_exists($tempdir. "/test1"));
31var_dump(file_exists($tempdir. "/test1.tmp"));
32foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
33--EXPECTF--
34imagegif TEST
35
36Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
37bool(false)
38bool(false)
39