archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.2' into PHP-8.3

Browse source 
* PHP-8.2:
  Fix bug71610.phpt
This commit is contained in:
Christoph M. Becker 2024-09-26 13:16:36 +02:00
commit 70eb8f06ed
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
ext/soap/tests/bug71610.phpt
View file

@ -4,11 +4,20 @@ SOAP Bug #71610 - Type Confusion Vulnerability - SOAP / make_http_soap_request()
soap
--SKIPIF--
<?php
if (getenv("SKIP_ONLINE_TESTS")) die("skip online test");
if (!file_exists(__DIR__ . "/../../../sapi/cli/tests/php_cli_server.inc")) {
echo "skip sapi/cli/tests/php_cli_server.inc required but not found";
}
?>
--FILE--
<?php
$exploit = unserialize('O:10:"SoapClient":3:{s:3:"uri";s:1:"a";s:8:"location";s:19:"http://example.org/";s:8:"_cookies";a:1:{s:8:"manhluat";a:3:{i:0;s:0:"";i:1;N;i:2;N;}}}');
include __DIR__ . "/../../../sapi/cli/tests/php_cli_server.inc";
php_cli_server_start();
$url = "http://" . PHP_CLI_SERVER_ADDRESS;
$ser = 'O:10:"SoapClient":3:{s:3:"uri";s:1:"a";s:8:"location";s:' . strlen($url) . ':"'
. $url . '";s:8:"_cookies";a:1:{s:8:"manhluat";a:3:{i:0;s:0:"";i:1;N;i:2;N;}}}';
$exploit = unserialize($ser);
try {
$exploit->blahblah();
} catch(SoapFault $e) {