3v4l.org

run code in 300+ PHP versions simultaneously
<?php $allowed = array('txt', 'docx'); $zzfile = "flag.\x0a\xe2x08php"; $filename = $zzfile; print "\nfilename:\n"; var_dump($filename); if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed)) die("Extension ${matches[1]} is not allowed!"); echo "\nmatches:"; var_dump($matches); if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end $ext = substr($filename, strrpos($filename, '.')); else $ext = ''; $newfile = "flag$ext"; print $newfile; echo "Reading <strong>$newfile</strong>..."; // Hint: the flag is in flag.php echo '<pre>'; readfile($newfile); echo '</pre>'; ?>
Output for 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
Deprecated: Using ${var} in strings is deprecated, use {$var} instead in /in/ekr23 on line 8 filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(): open_basedir restriction in effect. File(flag. �x08php) is not within the allowed path(s): (/tmp:/in:/etc) in /in/ekr23 on line 19 Warning: readfile(flag. �x08php): Failed to open stream: Operation not permitted in /in/ekr23 on line 19 </pre>
Output for 8.0.0 - 8.0.12, 8.0.14 - 8.0.30, 8.1.0 - 8.1.28
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(): open_basedir restriction in effect. File(flag. �x08php) is not within the allowed path(s): (/tmp:/in:/etc) in /in/ekr23 on line 19 Warning: readfile(flag. �x08php): Failed to open stream: Operation not permitted in /in/ekr23 on line 19 </pre>
Output for 8.0.13
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(flag. �x08php): Failed to open stream: No such file or directory in /in/ekr23 on line 19 </pre>
Output for 4.3.2 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.30, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0, 7.3.32 - 7.3.33, 7.4.33
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(flag. �x08php): failed to open stream: No such file or directory in /in/ekr23 on line 19 </pre>
Output for 7.2.29 - 7.2.33, 7.3.16 - 7.3.31, 7.4.0 - 7.4.32
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(): open_basedir restriction in effect. File(flag. �x08php) is not within the allowed path(s): (/tmp:/in:/etc) in /in/ekr23 on line 19 Warning: readfile(flag. �x08php): failed to open stream: Operation not permitted in /in/ekr23 on line 19 </pre>
Output for 7.1.20, 7.2.6
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(): open_basedir restriction in effect. File(flag. �x08php) is not within the allowed path(s): (/tmp:/in) in /in/ekr23 on line 19 Warning: readfile(flag. �x08php): failed to open stream: Operation not permitted in /in/ekr23 on line 19 </pre>
Output for 4.3.0 - 4.3.1
filename: string(13) "flag. �x08php" matches:array(0) { } flag. �x08phpReading <strong>flag. �x08php</strong>...<pre> Warning: readfile(flag. �x08php) [http://www.php.net/function.readfile]: failed to create stream: No such file or directory in /in/ekr23 on line 19 </pre>
preferences:
286.23 ms | 402 KiB | 369 Q