- var_dump: documentation ( source)
- mt_rand: documentation ( source)
- hash: documentation ( source)
- date: documentation ( source)
<?php
$path = "/var/www/foo";
var_dump($pаth."/user/supplied/path"); // prints /user/supplied/path, and emits a notice
// let's write a random number generator
function crypto_rnd() {
$rnd = mt_rand(0, 1e10); // 3v4l apparently doesn't have openssl_random_pseudo_bytes
$today = date('c'); // extra entropy can't hurt!
return hash("sha512", $rn.$today); // oops, that's actually r\u2060nd, which is undefined, i.e. NULL, i.e. pwned
}
var_dump(crypto_rnd() === crypto_rnd()); // uh oh...