3v4l.org

run code in 300+ PHP versions simultaneously
<?php $allowed = array('txt', 'docx'); $zzfile = "flag.\x0a\xe2x08php"; $filename = $zzfile; print "\nfilename:\n"; var_dump($filename); if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed)) die("Extension ${matches[1]} is not allowed!"); echo "\nmatches:"; var_dump($matches); if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end $ext = substr($filename, strrpos($filename, '.')); else $ext = ''; $newfile = "flag$ext"; print $newfile; echo "Reading <strong>$newfile</strong>..."; // Hint: the flag is in flag.php echo '<pre>'; readfile($newfile); echo '</pre>'; ?>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 46) Position 1 = 13, Position 2 = 15
Branch analysis from position: 13
2 jumps found. (Code = 46) Position 1 = 16, Position 2 = 23
Branch analysis from position: 16
2 jumps found. (Code = 43) Position 1 = 24, Position 2 = 29
Branch analysis from position: 24
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 29
2 jumps found. (Code = 43) Position 1 = 39, Position 2 = 49
Branch analysis from position: 39
1 jumps found. (Code = 42) Position 1 = 50
Branch analysis from position: 50
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 49
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 23
Branch analysis from position: 15
filename:       /in/ekr23
function name:  (null)
number of ops:  64
compiled vars:  !0 = $allowed, !1 = $zzfile, !2 = $filename, !3 = $matches, !4 = $ext, !5 = $newfile
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   ASSIGN                                                   !0, <array>
    3     1        ASSIGN                                                   !1, 'flag.%0A%E2x08php'
    4     2        ASSIGN                                                   !2, !1
    5     3        ECHO                                                     '%0Afilename%3A%0A'
    6     4        INIT_FCALL                                               'var_dump'
          5        SEND_VAR                                                 !2
          6        DO_ICALL                                                 
    7     7        INIT_FCALL                                               'preg_match'
          8        SEND_VAL                                                 '%23%5C.%28.%2B%29%24%23'
          9        SEND_VAR                                                 !2
         10        SEND_REF                                                 !3
         11        DO_ICALL                                         $10     
         12      > JMPZ_EX                                          ~11     $10, ->15
         13    >   ISSET_ISEMPTY_DIM_OBJ                         0  ~12     !3, 1
         14        BOOL                                             ~11     ~12
         15    > > JMPZ_EX                                          ~11     ~11, ->23
         16    >   INIT_FCALL                                               'in_array'
         17        FETCH_DIM_R                                      ~13     !3, 1
         18        SEND_VAL                                                 ~13
         19        SEND_VAR                                                 !0
         20        DO_ICALL                                         $14     
         21        BOOL_NOT                                         ~15     $14
         22        BOOL                                             ~11     ~15
         23    > > JMPZ                                                     ~11, ->29
    8    24    >   ROPE_INIT                                     3  ~18     'Extension+'
         25        FETCH_DIM_R                                      ~16     !3, 1
         26        ROPE_ADD                                      1  ~18     ~18, ~16
         27        ROPE_END                                      2  ~17     ~18, '+is+not+allowed%21'
         28      > EXIT                                                     ~17
    9    29    >   ECHO                                                     '%0Amatches%3A'
         30        INIT_FCALL                                               'var_dump'
         31        SEND_VAR                                                 !3
         32        DO_ICALL                                                 
   10    33        INIT_FCALL                                               'strrpos'
         34        SEND_VAR                                                 !2
         35        SEND_VAL                                                 '.'
         36        DO_ICALL                                         $21     
         37        TYPE_CHECK                                  1018          $21
         38      > JMPZ                                                     ~22, ->49
   11    39    >   INIT_FCALL                                               'substr'
         40        SEND_VAR                                                 !2
         41        INIT_FCALL                                               'strrpos'
         42        SEND_VAR                                                 !2
         43        SEND_VAL                                                 '.'
         44        DO_ICALL                                         $23     
         45        SEND_VAR                                                 $23
         46        DO_ICALL                                         $24     
         47        ASSIGN                                                   !4, $24
         48      > JMP                                                      ->50
   13    49    >   ASSIGN                                                   !4, ''
   14    50    >   NOP                                                      
         51        FAST_CONCAT                                      ~27     'flag', !4
         52        ASSIGN                                                   !5, ~27
   15    53        ECHO                                                     !5
   16    54        ROPE_INIT                                     3  ~30     'Reading+%3Cstrong%3E'
         55        ROPE_ADD                                      1  ~30     ~30, !5
         56        ROPE_END                                      2  ~29     ~30, '%3C%2Fstrong%3E...'
         57        ECHO                                                     ~29
   18    58        ECHO                                                     '%3Cpre%3E'
   19    59        INIT_FCALL                                               'readfile'
         60        SEND_VAR                                                 !5
         61        DO_ICALL                                                 
   20    62        ECHO                                                     '%3C%2Fpre%3E'
   22    63      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
153.59 ms | 1392 KiB | 25 Q