File: bug77153.phpt

package info (click to toggle)
php7.0 7.0.33-0%2Bdeb9u8
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 184,180 kB
  • sloc: ansic: 809,195; php: 22,035; sh: 11,873; cpp: 8,064; xml: 6,228; javascript: 2,546; yacc: 1,869; exp: 1,514; makefile: 1,231; pascal: 1,200; awk: 501; perl: 315; sql: 22
file content (24 lines) | stat: -rw-r--r-- 649 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
--TEST--                                 
Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter)
--SKIPIF--
<?php
        if (!extension_loaded("imap")) { 
                die("skip imap extension not available");  
        }
?>
--FILE--
<?php
$payload = "echo 'BUG'> " . __DIR__ . '/__bug';
$payloadb64 = base64_encode($payload);
$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}";
@imap_open('{'.$server.':143/imap}INBOX', '', '');
// clean
imap_errors();
var_dump(file_exists(__DIR__ . '/__bug'));
?>
--EXPECT--
bool(false)
--CLEAN--
<?php
if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug');
?>