Merge branch 'v2.6.x'

author Michael Wallner <mike@php.net>

Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)

committer Michael Wallner <mike@php.net>

Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)
author Michael Wallner <mike@php.net>
Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)
committer Michael Wallner <mike@php.net>
Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)
diff --git a/tests/bug73055.phpt b/tests/bug73055.phpt

new file mode 100644 (file)

index 0000000..04201c7
--- /dev/null
+++ b/tests/bug73055.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Bug #73055 (Type confusion vulnerability in merge_param())
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+
+echo "Test\n";
+
+try {
+       echo new http\QueryString("[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[&%C0[]E[=&2[&%C0[]E[16706[*[");
+} catch (Exception $e) {
+       echo $e;
+}
+?>
+
+===DONE===
+--EXPECTF--
+Test
+%r(exception ')?%rhttp\Exception\BadQueryStringException%r(' with message '|: )%rhttp\QueryString::__construct(): Max input nesting level of %d exceeded%r'?%r in %sbug73055.php:%d
+Stack trace:
+#0 %sbug73055.php(%d): http\QueryString->__construct('[[[[[[[[[[[[[[[...')
+#1 {main}
+===DONE===
author	Michael Wallner <mike@php.net>
	Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)
committer	Michael Wallner <mike@php.net>
	Mon, 12 Sep 2016 06:54:16 +0000 (08:54 +0200)