1--TEST-- 2Dump eval blacklist 3--SKIPIF-- 4<?php 5if (!extension_loaded("snuffleupagus")) print "skip"; 6?> 7--POST-- 8post_a=data_post_a&post_b=data_post_b 9--GET-- 10get_a=data_get_a&get_b=data_get_b 11--COOKIE-- 12cookie_a=data_cookie_a&cookie_b=data_cookie_b 13--INI-- 14sp.configuration_file={PWD}/config/dump_eval_blacklist.ini 15--FILE-- 16<?php 17@mkdir("/tmp/dump_result/"); 18foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) { 19 @unlink($dump); 20} 21 22$a = strtoupper("1337 1337 1337"); 23echo "Outside of eval: $a\n"; 24eval('$a = strtoupper("1234");'); 25echo "After eval: $a\n"; 26$filename = glob('/tmp/dump_result/sp_dump.*')[0]; 27$res = file($filename); 28if ($res[3] != "GET:get_a='data_get_a' get_b='data_get_b' \n") { 29 echo "Invalid GET"; 30} elseif ($res[4] != "POST:post_a='data_post_a' post_b='data_post_b' \n") { 31 echo "Invalid POST"; 32} elseif ($res[5] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") { 33 echo "Invalid COOKIE"; 34} 35?> 36--EXPECTF-- 37Outside of eval: 1337 1337 1337 38 39Warning: [snuffleupagus][0.0.0.0][eval][simulation] A call to strtoupper was tried in eval, in %a/dump_eval_blacklist.php:1, logging it. in %a/dump_eval_blacklist.php(9) : eval()'d code on line 1 40After eval: 1234 41