1--TEST-- 2Testing null byte injection in imagegif 3--SKIPIF-- 4<?php 5if(!extension_loaded('gd')){ die('skip gd extension not available'); } 6?> 7--CLEAN-- 8$tempdir = sprintf("%s/%s", sys_get_temp_dir(), preg_replace("~\.php$~", null, __FILE__)); 9foreach (glob($tempdir . "/test*") as $file ) { unlink($file); } 10rmdir($tempdir); 11--FILE-- 12<?php 13$image = imagecreate(1,1);// 1px image 14var_dump(imagegif($image, "./foo\0bar")); 15?> 16--EXPECTF-- 17Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d 18bool(false) 19