mirror of
https://github.com/php/php-src.git
synced 2026-04-19 14:01:01 +02:00
7e339a335e
Currently we treat paths with null bytes as a TypeError, which is incorrect, and rather inconsistent, as we treat empty paths as ValueError. We do this because the error is generated by zpp and it's easier to always throw TypeError there. This changes the zpp implementation to throw a TypeError only if the type is actually wrong and throw ValueError for null bytes. The error message is also split accordingly, to be more precise. Closes GH-6094.
18 lines
376 B
PHP
18 lines
376 B
PHP
--TEST--
|
|
Testing null byte injection in imagexbm
|
|
--SKIPIF--
|
|
<?php
|
|
if(!extension_loaded('gd')) die('skip gd extension not available');
|
|
?>
|
|
--FILE--
|
|
<?php
|
|
$image = imagecreate(1,1);// 1px image
|
|
try {
|
|
imagexbm($image, "./foo\0bar");
|
|
} catch (ValueError $e) {
|
|
echo $e->getMessage(), "\n";
|
|
}
|
|
?>
|
|
--EXPECT--
|
|
imagexbm(): Argument #2 ($filename) must not contain any null bytes
|