xref: /PHP-8.0/ext/imap/tests/bug77153.phpt (revision 5aaffc80)
1--TEST--
2Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter)
3--SKIPIF--
4<?php
5extension_loaded('imap') or die('skip imap extension not available in this build');
6?>
7--CONFLICTS--
8defaultmailbox
9--FILE--
10<?php
11$payload = "echo 'BUG'> " . __DIR__ . '/__bug';
12$payloadb64 = base64_encode($payload);
13$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}";
14@imap_open('{'.$server.':143/imap}INBOX', '', '');
15// clean
16imap_errors();
17var_dump(file_exists(__DIR__ . '/__bug'));
18?>
19--EXPECT--
20bool(false)
21--CLEAN--
22<?php
23if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug');
24?>
25