3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php // uncomment these to see what happens in different situations. // note that this only handles file security; it DOES NOT stop me from reading your files, or vice-versa. $_GET = ['user' => '__adrian', 'file' => 'foo.txt']; //$_GET = ['user' => '__adrian', 'file' => 'remote-file-inclusion.exe']; //$_GET = ['user' => 'UnicornTek', 'file' => 'filesystems-tutorial.pdf']; //$_GET = ['user' => 'UnicornTek', 'file' => 'bar.txt']; $allowed_files = [ '__adrian' => [ 'foo.txt', 'bar.png' ], 'UnicornTek' => [ 'filesystems-turoial.pdf', 'remote-file-inclusion.exe' ] ]; if (! isset($allowed_files[$_GET['user']]) || ! in_array($_GET['file'], $allowed_files[$_GET['user']])) { throw new Exception("File Not Found: {$_GET['user']}/{$_GET['file']}"); } readfile("/path/to/users/{$_GET['user']}/{$_GET['file']}");
based on IMR2c
Output for 7.1.20, 7.2.8
Warning: readfile(): open_basedir restriction in effect. File(/path/to/users/__adrian/foo.txt) is not within the allowed path(s): (/tmp:/in) in /in/1bm4p on line 27 Warning: readfile(/path/to/users/__adrian/foo.txt): failed to open stream: Operation not permitted in /in/1bm4p on line 27
Output for 5.6.30, 7.0.30 - 7.1.17, 7.2.0 - 7.2.7
Warning: readfile(): open_basedir restriction in effect. File(/path/to/users/__adrian/foo.txt) is not within the allowed path(s): (/tmp:/in:/etc) in /in/1bm4p on line 27 Warning: readfile(/path/to/users/__adrian/foo.txt): failed to open stream: Operation not permitted in /in/1bm4p on line 27
Output for hhvm-3.22.0
Warning: No such file or directory in /in/1bm4p on line -1
Output for hhvm-3.18.5 - 3.21.3
Warning: No such file or directory in /in/1bm4p on line 27