1--TEST-- 2Bug #72963 (Null-byte injection in CreateFromFormat and related functions) 3--INI-- 4date.timezone=UTC 5--FILE-- 6<?php 7$strings = [ 8 '8/8/2016', 9 "8/8/2016\0asf", 10]; 11 12foreach ($strings as $string) { 13 $d1 = $d2 = $d3 = NULL; 14 echo "\nCovering string: ", addslashes($string), "\n\n"; 15 16 try { 17 $d1 = DateTime::createFromFormat('!m/d/Y', $string); 18 } catch (ValueError $v) { 19 echo $v->getMessage(), "\n"; 20 } 21 22 try { 23 $d2 = DateTimeImmutable::createFromFormat('!m/d/Y', $string); 24 } catch (ValueError $v) { 25 echo $v->getMessage(), "\n"; 26 } 27 28 try { 29 $d3 = date_parse_from_format('m/d/Y', $string); 30 } catch (ValueError $v) { 31 echo $v->getMessage(), "\n"; 32 } 33 34 var_dump($d1, $d2, $d3); 35} 36?> 37--EXPECT-- 38Covering string: 8/8/2016 39 40object(DateTime)#1 (3) { 41 ["date"]=> 42 string(26) "2016-08-08 00:00:00.000000" 43 ["timezone_type"]=> 44 int(3) 45 ["timezone"]=> 46 string(3) "UTC" 47} 48object(DateTimeImmutable)#2 (3) { 49 ["date"]=> 50 string(26) "2016-08-08 00:00:00.000000" 51 ["timezone_type"]=> 52 int(3) 53 ["timezone"]=> 54 string(3) "UTC" 55} 56array(12) { 57 ["year"]=> 58 int(2016) 59 ["month"]=> 60 int(8) 61 ["day"]=> 62 int(8) 63 ["hour"]=> 64 bool(false) 65 ["minute"]=> 66 bool(false) 67 ["second"]=> 68 bool(false) 69 ["fraction"]=> 70 bool(false) 71 ["warning_count"]=> 72 int(0) 73 ["warnings"]=> 74 array(0) { 75 } 76 ["error_count"]=> 77 int(0) 78 ["errors"]=> 79 array(0) { 80 } 81 ["is_localtime"]=> 82 bool(false) 83} 84 85Covering string: 8/8/2016\0asf 86 87DateTime::createFromFormat(): Argument #2 ($datetime) must not contain any null bytes 88DateTimeImmutable::createFromFormat(): Argument #2 ($datetime) must not contain any null bytes 89date_parse_from_format(): Argument #2 ($datetime) must not contain any null bytes 90NULL 91NULL 92NULL 93
