1--TEST-- 2PostgreSQL pg_insert() - test for CVE-2015-1532 3--EXTENSIONS-- 4pgsql 5--SKIPIF-- 6<?php include("skipif.inc"); ?> 7--FILE-- 8<?php 9 10include('config.inc'); 11 12$conn = pg_connect($conn_str); 13 14foreach (array('', '.', '..') as $table) { 15 try { 16 var_dump(pg_insert($conn, $table, array('id' => 1, 'id2' => 1))); 17 } catch (\ValueError $e) { 18 echo $e->getMessage() . \PHP_EOL; 19 } 20} 21?> 22Done 23--EXPECTF-- 24pg_insert(): Argument #2 ($table_name) cannot be empty 25 26Warning: pg_insert(): The table name must be specified in %s on line %d 27bool(false) 28 29Warning: pg_insert(): The table name must be specified in %s on line %d 30bool(false) 31Done 32
