--- /dev/null
+--TEST--
+Testing null byte injection in imagegd2
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegd2 TEST\n";
+imagegd2($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegd2 TEST
+
+Warning: imagegd2() expects parameter 2 to be a valid path, string given in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagegd
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegd TEST\n";
+imagegd($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegd TEST
+
+Warning: imagegd() expects parameter 2 to be a valid path, string given in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagegif
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['GIF Create Support']) || $support['GIF Create Support'] === false) {
+ print 'skip gif support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagegif TEST\n";
+imagegif($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagegif TEST
+
+Warning: imagegif(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagejpeg
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['JPEG Support']) || $support['JPEG Support'] === false) {
+ print 'skip jpeg support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagejpeg TEST\n";
+imagejpeg($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagejpeg TEST
+
+Warning: imagejpeg(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagepng
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['PNG Support']) || $support['PNG Support'] === false) {
+ print 'skip png support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagepng TEST\n";
+imagepng($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagepng TEST
+
+Warning: imagepng(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagewbmp
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['WBMP Support']) || $support['WBMP Support'] === false) {
+ print 'skip wbmp support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagewbmp TEST\n";
+imagewbmp($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagewbmp TEST
+
+Warning: imagewbmp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
--- /dev/null
+--TEST--
+Testing null byte injection in imagewebp
+--CLEAN--
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+rmdir($tempdir);
+--SKIPIF--
+<?php
+$support = gd_info();
+if (!isset($support['WEBP Support']) || $support['WEBP Support'] === false) {
+ print 'skip webp support not available';
+}
+?>
+--FILE--
+<?php
+$image = imagecreate(1,1);// 1px image
+
+
+$tempdir = sys_get_temp_dir(). '/php-gdtest';
+if (!file_exists($tempdir) && !is_dir($tempdir)) {
+ mkdir ($tempdir, 0777, true);
+}
+
+$userinput = "1\0"; // from post or get data
+$temp = $tempdir. "/test" . $userinput .".tmp";
+
+echo "\nimagewebp TEST\n";
+imagewebp($image, $temp);
+var_dump(file_exists($tempdir. "/test1"));
+var_dump(file_exists($tempdir. "/test1.tmp"));
+foreach (glob($tempdir . "/test*") as $file ) { unlink($file); }
+
+--EXPECTF--
+imagewbmp TEST
+
+Warning: imagewebp(): Invalid 2nd parameter, filename must not contain null bytes in %s on line %d
+bool(false)
+bool(false)
projects / php / commitdiff