<?php $path = "/var/www/foo"; var_dump($pаth."/user/supplied/path"); // prints /user/supplied/path, and emits a notice // let's write a random number generator function crypto_rnd() { $rnd = openssl_random_pseudo_bytes(100); // most likely secure $today = date('c'); // extra entropy can't hurt! return hash("sha512", $rn.$today); // oops, that's actually r\u2060nd, which is undefined, i.e. NULL, i.e. pwned } var_dump(crypto_rnd() === crypto_rnd()); // uh oh...
You have javascript disabled. You will not be able to edit any code.