hailin
/
php-8.0.30-src
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
php-8.0.30-src/ext/imap/tests/bug77153.phpt

25 lines
618 B
PHP
Raw Blame History

--TEST--
Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter)
--SKIPIF--
<?php
extension_loaded('imap') or die('skip imap extension not available in this build');
?>
--CONFLICTS--
defaultmailbox
--FILE--
<?php
$payload = "echo 'BUG'> " . __DIR__ . '/__bug';
$payloadb64 = base64_encode($payload);
$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}";
@imap_open('{'.$server.':143/imap}INBOX', '', '');
// clean
imap_errors();
var_dump(file_exists(__DIR__ . '/__bug'));
?>
--EXPECT--
bool(false)
--CLEAN--
<?php
if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug');
?>
Reference in New Issue View Git Blame Copy Permalink