3v4l.org

run code in 300+ PHP versions simultaneously
<?php class Renderer { function render(array $_data) { // normally you'd have some file you'd render from... $_data = $this->escapeData($_data); extract($_data, EXTR_SKIP); return <<<LIST {$foo}\n {$bar}\n {$baz}\n {$htmlSafe}\n LIST; } private function escapeData(array $data) { $safe = []; foreach ($data as $var => $value) { if (is_array($value)) { $safe[$var] = $this->escapeData($value); } else { if ($value instanceof HtmlSafeString) { $safe[$var] = (string) $value; } else { $safe[$var] = htmlspecialchars($value); } } } return $safe; } } class HtmlSafeString { private $str; function __construct($string) { $this->str = $string; } function __toString() { return $this->str; } } $renderer = new Renderer(); $unsafe = [ 'foo' => '<script>alert("xss");</script>', 'bar' => '<b>something</b>', 'baz' => '<i>foo</i>', 'htmlSafe' => new HtmlSafeString('<b>got through</b>') ]; echo $renderer->render($unsafe);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/1Ksi4
function name:  (null)
number of ops:  17
compiled vars:  !0 = $renderer, !1 = $unsafe
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   38     0  E >   DECLARE_CLASS                                            'htmlsafestring'
   52     1        NEW                                              $2      'Renderer'
          2        DO_FCALL                                      0          
          3        ASSIGN                                                   !0, $2
   54     4        INIT_ARRAY                                       ~5      '%3Cscript%3Ealert%28%22xss%22%29%3B%3C%2Fscript%3E', 'foo'
   55     5        ADD_ARRAY_ELEMENT                                ~5      '%3Cb%3Esomething%3C%2Fb%3E', 'bar'
   56     6        ADD_ARRAY_ELEMENT                                ~5      '%3Ci%3Efoo%3C%2Fi%3E', 'baz'
   57     7        NEW                                              $6      'HtmlSafeString'
          8        SEND_VAL_EX                                              '%3Cb%3Egot+through%3C%2Fb%3E'
          9        DO_FCALL                                      0          
         10        ADD_ARRAY_ELEMENT                                ~5      $6, 'htmlSafe'
   53    11        ASSIGN                                                   !1, ~5
   59    12        INIT_METHOD_CALL                                         !0, 'render'
         13        SEND_VAR_EX                                              !1
         14        DO_FCALL                                      0  $9      
         15        ECHO                                                     $9
         16      > RETURN                                                   1

Class Renderer:
Function render:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/1Ksi4
function name:  render
number of ops:  19
compiled vars:  !0 = $_data, !1 = $foo, !2 = $bar, !3 = $baz, !4 = $htmlSafe
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    5     0  E >   RECV                                             !0      
    7     1        INIT_METHOD_CALL                                         'escapeData'
          2        SEND_VAR_EX                                              !0
          3        DO_FCALL                                      0  $5      
          4        ASSIGN                                                   !0, $5
    8     5        INIT_FCALL                                               'extract'
          6        SEND_REF                                                 !0
          7        SEND_VAL                                                 1
          8        DO_ICALL                                                 
   10     9        ROPE_INIT                                     8  ~9      !1
         10        ROPE_ADD                                      1  ~9      ~9, '%0A%0A'
   11    11        ROPE_ADD                                      2  ~9      ~9, !2
         12        ROPE_ADD                                      3  ~9      ~9, '%0A%0A'
   12    13        ROPE_ADD                                      4  ~9      ~9, !3
         14        ROPE_ADD                                      5  ~9      ~9, '%0A%0A'
   13    15        ROPE_ADD                                      6  ~9      ~9, !4
         16        ROPE_END                                      7  ~8      ~9, '%0A'
         17      > RETURN                                                   ~8
   16    18*     > RETURN                                                   null

End of function render

Function escapedata:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 3, Position 2 = 25
Branch analysis from position: 3
2 jumps found. (Code = 78) Position 1 = 4, Position 2 = 25
Branch analysis from position: 4
2 jumps found. (Code = 43) Position 1 = 7, Position 2 = 13
Branch analysis from position: 7
1 jumps found. (Code = 42) Position 1 = 24
Branch analysis from position: 24
1 jumps found. (Code = 42) Position 1 = 3
Branch analysis from position: 3
Branch analysis from position: 13
2 jumps found. (Code = 43) Position 1 = 15, Position 2 = 19
Branch analysis from position: 15
1 jumps found. (Code = 42) Position 1 = 24
Branch analysis from position: 24
Branch analysis from position: 19
1 jumps found. (Code = 42) Position 1 = 3
Branch analysis from position: 3
Branch analysis from position: 25
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 25
filename:       /in/1Ksi4
function name:  escapeData
number of ops:  28
compiled vars:  !0 = $data, !1 = $safe, !2 = $value, !3 = $var
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   18     0  E >   RECV                                             !0      
   19     1        ASSIGN                                                   !1, <array>
   20     2      > FE_RESET_R                                       $5      !0, ->25
          3    > > FE_FETCH_R                                       ~6      $5, !2, ->25
          4    >   ASSIGN                                                   !3, ~6
   21     5        TYPE_CHECK                                  128          !2
          6      > JMPZ                                                     ~8, ->13
   22     7    >   INIT_METHOD_CALL                                         'escapeData'
          8        SEND_VAR                                                 !2
          9        DO_FCALL                                      0  $10     
         10        ASSIGN_DIM                                               !1, !3
         11        OP_DATA                                                  $10
         12      > JMP                                                      ->24
   24    13    >   INSTANCEOF                                               !2, 'HtmlSafeString'
         14      > JMPZ                                                     ~11, ->19
   25    15    >   CAST                                          6  ~13     !2
         16        ASSIGN_DIM                                               !1, !3
         17        OP_DATA                                                  ~13
         18      > JMP                                                      ->24
   27    19    >   INIT_FCALL                                               'htmlspecialchars'
         20        SEND_VAR                                                 !2
         21        DO_ICALL                                         $15     
         22        ASSIGN_DIM                                               !1, !3
         23        OP_DATA                                                  $15
   20    24    > > JMP                                                      ->3
         25    >   FE_FREE                                                  $5
   33    26      > RETURN                                                   !1
   34    27*     > RETURN                                                   null

End of function escapedata

End of class Renderer.

Class HtmlSafeString:
Function __construct:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/1Ksi4
function name:  __construct
number of ops:  4
compiled vars:  !0 = $string
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   42     0  E >   RECV                                             !0      
   43     1        ASSIGN_OBJ                                               'str'
          2        OP_DATA                                                  !0
   44     3      > RETURN                                                   null

End of function __construct

Function __tostring:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/1Ksi4
function name:  __toString
number of ops:  5
compiled vars:  none
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   47     0  E >   FETCH_OBJ_R                                      ~0      'str'
          1        VERIFY_RETURN_TYPE                                       ~0
          2      > RETURN                                                   ~0
   48     3*       VERIFY_RETURN_TYPE                                       
          4*     > RETURN                                                   null

End of function __tostring

End of class HtmlSafeString.

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
156.83 ms | 1404 KiB | 17 Q