1--TEST-- 2Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter) 3--EXTENSIONS-- 4imap 5--CONFLICTS-- 6defaultmailbox 7--FILE-- 8<?php 9$payload = "echo 'BUG'> " . __DIR__ . '/__bug'; 10$payloadb64 = base64_encode($payload); 11$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}"; 12@imap_open('{'.$server.':143/imap}INBOX', '', ''); 13// clean 14imap_errors(); 15var_dump(file_exists(__DIR__ . '/__bug')); 16?> 17--EXPECT-- 18bool(false) 19--CLEAN-- 20<?php 21if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug'); 22?> 23
