<?php
$path = "/var/www/foo";
var_dump($pаth."/user/supplied/path"); // prints /user/supplied/path, and emits a notice
// let's write a random number generator
function crypto_rnd() {
$rnd = openssl_random_pseudo_bytes(100); // most likely secure
$today = date('c'); // extra entropy can't hurt!
return = hash("sha512", $rn.$today); // oops, that's actually r\u2060nd, which is undefined, i.e. NULL, i.e. pwned
}
var_dump(crypto_rnd() === crypto_rnd()); // uh oh...