run code in 200+ php & hhvm versions
Bugs & Features
<?php $allowed = array('txt', 'docx'); print "\n\$_REQUEST:"; var_dump($_REQUEST); //o$a="txt.$php"; //echo "test${a}test\n"; $zzfile="lol.php" //$zzfile = $_REQUEST['zzfile']; $filename = basename($zzfile); //$filename = $zzfile; print "\nfilename:\n"; var_dump($filename); if (preg_match('#\.(.+)$#', $filename, $matches) && isset($matches[1]) && !in_array($matches[1], $allowed)) die("Extension ${matches[1]} is not allowed!"); echo "\nmatches:"; var_dump($matches); preg_match('#.#', $filename, $met); print("\nmet:\n"); var_dump($met); if (strrpos($filename, '.') !== false) //zwraca od pierwszej kropki od prawej do konca + end $ext = substr($filename, strrpos($filename, '.')); else $ext = ''; $newfile = "flag$ext"; echo "Reading <strong>$newfile</strong>..."; // Hint: the flag is in flag.php echo '<pre>'; readfile($newfile); echo '</pre>'; ?>
based on OFXdL
Output for 5.6.0 - 5.6.30, 7.0.0 - 7.1.6
Parse error: syntax error, unexpected '$filename' (T_VARIABLE) in /in/hp1CX on line 8
Process exited with code 255.
Output for hhvm-3.15.4
Fatal error: Uncaught Error: syntax error, unexpected T_VARIABLE in /in/hp1CX:8 Stack trace: #0 {main}
Process exited with code 255.