3v4l.org

run code in 300+ PHP versions simultaneously
<?php // uncomment these to see what happens in different situations. // note that this only handles file security; it DOES NOT stop me from reading your files, or vice-versa. $_GET = ['user' => '__adrian', 'file' => 'foo.txt']; //$_GET = ['user' => '__adrian', 'file' => 'remote-file-inclusion.exe']; //$_GET = ['user' => 'UnicornTek', 'file' => 'filesystems-tutorial.pdf']; //$_GET = ['user' => 'UnicornTek', 'file' => 'bar.txt']; $allowed_files = [ '__adrian' => [ 'foo.txt', 'bar.png' ], 'UnicornTek' => [ 'filesystems-turoial.pdf', 'remote-file-inclusion.exe' ] ]; if (! isset($allowed_files[$_GET['user']]) || ! in_array($_GET['file'], $allowed_files[$_GET['user']])) { throw new Exception("File Not Found: {$_GET['user']}/{$_GET['file']}"); } readfile("/path/to/users/{$_GET['user']}/{$_GET['file']}");
Output for 8.0.0 - 8.0.12, 8.0.14 - 8.0.30, 8.1.0 - 8.1.31, 8.2.0 - 8.2.27, 8.3.0 - 8.3.15, 8.4.1 - 8.4.2
Warning: readfile(): open_basedir restriction in effect. File(/path/to/users/__adrian/foo.txt) is not within the allowed path(s): (/tmp:/in:/etc) in /in/1bm4p on line 27 Warning: readfile(/path/to/users/__adrian/foo.txt): Failed to open stream: Operation not permitted in /in/1bm4p on line 27
Output for 8.0.13
Warning: readfile(/path/to/users/__adrian/foo.txt): Failed to open stream: No such file or directory in /in/1bm4p on line 27
Output for 7.3.32 - 7.3.33, 7.4.33
Warning: readfile(/path/to/users/__adrian/foo.txt): failed to open stream: No such file or directory in /in/1bm4p on line 27
Output for 5.6.0 - 5.6.40, 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.31, 7.4.0 - 7.4.32
Warning: readfile(): open_basedir restriction in effect. File(/path/to/users/__adrian/foo.txt) is not within the allowed path(s): (/tmp:/in:/etc) in /in/1bm4p on line 27 Warning: readfile(/path/to/users/__adrian/foo.txt): failed to open stream: Operation not permitted in /in/1bm4p on line 27
preferences:
47.79 ms | 411 KiB | 5 Q