mirror of
https://github.com/php/php-src.git
synced 2026-03-24 08:12:21 +01:00
f9f769d4b9
In practice, we always act as an HTTP/1.1 client, for compatibility with servers which ignore protocol version. Sending the version in the request will avoid problems with servers which don't ignore it. HTTP/1.0 can still be forced using a stream context option. Closes GH-5899.
22 lines
667 B
PHP
22 lines
667 B
PHP
--TEST--
|
|
Bug #70264 (CLI server directory traversal)
|
|
--INI--
|
|
allow_url_fopen=1
|
|
--SKIPIF--
|
|
<?php
|
|
include "skipif.inc";
|
|
?>
|
|
--FILE--
|
|
<?php
|
|
include "php_cli_server.inc";
|
|
php_cli_server_start(null, null);
|
|
echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/..\\CREDITS");
|
|
echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/..%5CCREDITS");
|
|
?>
|
|
--EXPECTF--
|
|
Warning: file_get_contents(http://%s/..\CREDITS): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found
|
|
in %sbug70264.php on line %d
|
|
|
|
Warning: file_get_contents(http://%s/..%5CCREDITS): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found
|
|
in %sbug70264.php on line %d
|