1--TEST-- 2GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs) 3--INI-- 4allow_url_fopen=1 5--CONFLICTS-- 6server 7--FILE-- 8<?php 9$serverCode = <<<'CODE' 10echo $_SERVER['REQUEST_URI']; 11CODE; 12 13include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc"; 14php_cli_server_start($serverCode, null, []); 15 16$host = PHP_CLI_SERVER_ADDRESS; 17$userinput = "index.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index2.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index.php"; 18$context = stream_context_create(['http' => ['proxy' => 'tcp://' . $host, 'request_fulluri' => true]]); 19echo file_get_contents("http://$host/$userinput", false, $context); 20?> 21--EXPECTF-- 22Warning: file_get_contents(http://localhost:%d/index.php HTTP/1.1 23Host: localhost:%d 24 25GET /index2.php HTTP/1.1 26Host: localhost:%d 27 28GET /index.php): Failed to open stream: HTTP wrapper full URI path does not allow CR or LF characters in %s on line %d 29
