<?php $safe_var = 'all your base they belong to us'; file_put_contents('/tmp/exploit.txt',$safe_var ); // imagine lots of stuff going on here... $safe_var = file_get_contents('/tmp/exploit.txt'); function make_literal(string $non_literal):string { $literal = ''; for( $i = 0; $i< strlen($non_literal); $i++ ){ $literal .= chr(ord($non_literal[$i])); } return $literal; } if ( !is_noble($safe_var)) { printf( "Darn! I can't use the data I need to use.\n"); } printf( "But wait...\n"); $safe_var = make_literal($safe_var); if ( is_noble($safe_var)) { printf( "Well, since you did not provide any way to handle *legitimate* exceptions\n"); printf( "then I will just work around you, you annoying little is_literal() function!\n\n"); echo strtoupper($safe_var); echo "!!!"; }
You have javascript disabled. You will not be able to edit any code.