3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php $allowed = array('txt', 'docx'); $zzfile = "TEST"; $filename = $zzfile; print "\nfilename:\n"; var_dump($filename); if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed)) die("Extension ${matches[1]} is not allowed!"); echo "\nmatches:"; var_dump($matches); if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end $ext = substr($filename, strrpos($filename, '.')); else $ext = ''; $newfile = "flag$ext"; print $newfile; echo "Reading <strong>$newfile</strong>..."; // Hint: the flag is in flag.php echo '<pre>'; readfile($newfile); echo '</pre>'; ?>
based on b0RKQ
Output for 7.1.20, 7.2.6
filename: string(4) "TEST" matches:array(0) { } flagReading <strong>flag</strong>...<pre> Warning: readfile(): open_basedir restriction in effect. File(flag) is not within the allowed path(s): (/tmp:/in) in /in/0f4ij on line 19 Warning: readfile(flag): failed to open stream: Operation not permitted in /in/0f4ij on line 19 </pre>
Output for 5.3.21 - 7.1.10, 7.2.0
filename: string(4) "TEST" matches:array(0) { } flagReading <strong>flag</strong>...<pre> Warning: readfile(flag): failed to open stream: No such file or directory in /in/0f4ij on line 19 </pre>