diff options
Diffstat (limited to '_test')
| -rw-r--r-- | _test/cases/inc/common_clientip.test.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/_test/cases/inc/common_clientip.test.php b/_test/cases/inc/common_clientip.test.php index 257229811..04d071e7d 100644 --- a/_test/cases/inc/common_clientip.test.php +++ b/_test/cases/inc/common_clientip.test.php @@ -141,6 +141,14 @@ class common_clientIP_test extends UnitTestCase { $this->assertEqual(clientIP(true),$out); } + function test_malicious(){ + $_SERVER['REMOTE_ADDR'] = ''; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '<?php set_time_limit(0);echo \'my_delim\';passthru(123.123.123.123);die;?>'; + $out = '123.123.123.123'; + $this->assertEqual(clientIP(),$out); + } + } |