1--TEST-- 2Testing null byte injection in imagepng 3--SKIPIF-- 4<?php 5if(!extension_loaded('gd')){ die('skip gd extension not available'); } 6$support = gd_info(); 7if (!isset($support['PNG Support']) || $support['PNG Support'] === false) { 8 print 'skip png support not available'; 9} 10?> 11--FILE-- 12<?php 13$image = imagecreate(1,1);// 1px image 14try { 15 imagepng($image, "./foo\0bar"); 16} catch (TypeError $e) { 17 echo $e->getMessage(), "\n"; 18} 19?> 20--EXPECT-- 21imagepng(): Argument #2 ($file) must not contain null bytes 22