3v4l.org

run code in 300+ PHP versions simultaneously
<?php ini_set('dsiplay_errors', 'On'); error_reporting(-1); $i = array( 'save' => '1.png', // valide input 'dt' => '../../1.png', // directory traversal (dt) 'dt_url_e' => urlencode('../../1.png'), // dt url-encoded 'dt_durl_e' => urlencode(urlencode('../../1.png')), // dt double url-encoded 'dt_utf8' => '..%c0%af..%c0%af1.png', // dt utf-8 encoded 'dt_url_d' => urldecode('../../1.png'), // dt url decoded 'dt_nb_d' => '../../1.png%00', // dt with null byte 'dt_nb' => '../../1.png ', // dt with space char ); foreach($i as $k=>$s) { echo '----------------------------------'."\n"; echo '** case: '.$k."\n\n"; fi($s); echo '----------------------------------'."\n\n"; } function fi($s) { $s_d = urldecode($s); $p = pathinfo($s); echo 'input: '.$s."\n"; echo 'input urldecoded: '.$s_d."\n"; echo 'realpath: '.realpath($s)."\n"; echo 'basename: '.basename($s)."\n"; echo 'realpath url-d: '.realpath($s_d)."\n"; echo 'basename url-d: '.basename($s_d)."\n"; var_dump($p); }
Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
---------------------------------- ** case: save input: 1.png input urldecoded: 1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_url_e input: ..%2F..%2F1.png input urldecoded: ../../1.png realpath: basename: ..%2F..%2F1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(15) "..%2F..%2F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(11) "..%2F..%2F1" } ---------------------------------- ---------------------------------- ** case: dt_durl_e input: ..%252F..%252F1.png input urldecoded: ..%2F..%2F1.png realpath: basename: ..%252F..%252F1.png realpath url-d: basename url-d: ..%2F..%2F1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(19) "..%252F..%252F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(15) "..%252F..%252F1" } ---------------------------------- ---------------------------------- ** case: dt_utf8 input: ..%c0%af..%c0%af1.png input urldecoded: ..��..��1.png realpath: basename: ..%c0%af..%c0%af1.png realpath url-d: basename url-d: ..��..��1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(21) "..%c0%af..%c0%af1.png" ["extension"]=> string(3) "png" ["filename"]=> string(17) "..%c0%af..%c0%af1" } ---------------------------------- ---------------------------------- ** case: dt_url_d input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_nb_d input: ../../1.png%00 input urldecoded: ../../1.png realpath: basename: 1.png%00 Fatal error: Uncaught ValueError: realpath(): Argument #1 ($path) must not contain any null bytes in /in/pD8R0:36 Stack trace: #0 /in/pD8R0(36): realpath('../../1.png\x00') #1 /in/pD8R0(21): fi('../../1.png%00') #2 {main} thrown in /in/pD8R0 on line 36
Process exited with code 255.
Output for 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.25, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33
---------------------------------- ** case: save input: 1.png input urldecoded: 1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_url_e input: ..%2F..%2F1.png input urldecoded: ../../1.png realpath: basename: ..%2F..%2F1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(15) "..%2F..%2F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(11) "..%2F..%2F1" } ---------------------------------- ---------------------------------- ** case: dt_durl_e input: ..%252F..%252F1.png input urldecoded: ..%2F..%2F1.png realpath: basename: ..%252F..%252F1.png realpath url-d: basename url-d: ..%2F..%2F1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(19) "..%252F..%252F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(15) "..%252F..%252F1" } ---------------------------------- ---------------------------------- ** case: dt_utf8 input: ..%c0%af..%c0%af1.png input urldecoded: ..��..��1.png realpath: basename: ..%c0%af..%c0%af1.png realpath url-d: basename url-d: ..��..��1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(21) "..%c0%af..%c0%af1.png" ["extension"]=> string(3) "png" ["filename"]=> string(17) "..%c0%af..%c0%af1" } ---------------------------------- ---------------------------------- ** case: dt_url_d input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_nb_d input: ../../1.png%00 input urldecoded: ../../1.png realpath: basename: 1.png%00 Warning: realpath() expects parameter 1 to be a valid path, string given in /in/pD8R0 on line 36 realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(8) "1.png%00" ["extension"]=> string(6) "png%00" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_nb input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(6) "1.png " ["extension"]=> string(4) "png " ["filename"]=> string(1) "1" } ----------------------------------
Output for 5.2.0 - 5.2.17, 5.3.0 - 5.3.29
---------------------------------- ** case: save input: 1.png input urldecoded: 1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_url_e input: ..%2F..%2F1.png input urldecoded: ../../1.png realpath: basename: ..%2F..%2F1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(15) "..%2F..%2F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(11) "..%2F..%2F1" } ---------------------------------- ---------------------------------- ** case: dt_durl_e input: ..%252F..%252F1.png input urldecoded: ..%2F..%2F1.png realpath: basename: ..%252F..%252F1.png realpath url-d: basename url-d: ..%2F..%2F1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(19) "..%252F..%252F1.png" ["extension"]=> string(3) "png" ["filename"]=> string(15) "..%252F..%252F1" } ---------------------------------- ---------------------------------- ** case: dt_utf8 input: ..%c0%af..%c0%af1.png input urldecoded: ..��..��1.png realpath: basename: ..%c0%af..%c0%af1.png realpath url-d: basename url-d: ..��..��1.png array(4) { ["dirname"]=> string(1) "." ["basename"]=> string(21) "..%c0%af..%c0%af1.png" ["extension"]=> string(3) "png" ["filename"]=> string(17) "..%c0%af..%c0%af1" } ---------------------------------- ---------------------------------- ** case: dt_url_d input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_nb_d input: ../../1.png%00 input urldecoded: ../../1.png realpath: basename: 1.png%00 realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(8) "1.png%00" ["extension"]=> string(6) "png%00" ["filename"]=> string(1) "1" } ---------------------------------- ---------------------------------- ** case: dt_nb input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(4) { ["dirname"]=> string(5) "../.." ["basename"]=> string(6) "1.png " ["extension"]=> string(4) "png " ["filename"]=> string(1) "1" } ----------------------------------
Output for 5.0.0 - 5.0.5, 5.1.0 - 5.1.6
---------------------------------- ** case: save input: 1.png input urldecoded: 1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_url_e input: ..%2F..%2F1.png input urldecoded: ../../1.png realpath: basename: ..%2F..%2F1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(15) "..%2F..%2F1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_durl_e input: ..%252F..%252F1.png input urldecoded: ..%2F..%2F1.png realpath: basename: ..%252F..%252F1.png realpath url-d: basename url-d: ..%2F..%2F1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(19) "..%252F..%252F1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_utf8 input: ..%c0%af..%c0%af1.png input urldecoded: ..��..��1.png realpath: basename: ..%c0%af..%c0%af1.png realpath url-d: basename url-d: ..��..��1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(21) "..%c0%af..%c0%af1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_url_d input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_nb_d input: ../../1.png%00 input urldecoded: ../../1.png realpath: basename: 1.png%00 realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(8) "1.png%00" ["extension"]=> string(6) "png%00" } ---------------------------------- ---------------------------------- ** case: dt_nb input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(6) "1.png " ["extension"]=> string(4) "png " } ----------------------------------
Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9
---------------------------------- ** case: save input: 1.png input urldecoded: 1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_url_e input: ..%2F..%2F1.png input urldecoded: ../../1.png realpath: basename: ..%2F..%2F1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(15) "..%2F..%2F1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_durl_e input: ..%252F..%252F1.png input urldecoded: ..%2F..%2F1.png realpath: basename: ..%252F..%252F1.png realpath url-d: basename url-d: ..%2F..%2F1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(19) "..%252F..%252F1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_utf8 input: ..%c0%af..%c0%af1.png input urldecoded: ..��..��1.png realpath: basename: ..%c0%af..%c0%af1.png realpath url-d: basename url-d: ..��..��1.png array(3) { ["dirname"]=> string(1) "." ["basename"]=> string(21) "..%c0%af..%c0%af1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_url_d input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(5) "1.png" ["extension"]=> string(3) "png" } ---------------------------------- ---------------------------------- ** case: dt_nb_d input: ../../1.png%00 input urldecoded: ../../1.png realpath: basename: 1.png%00 realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(8) "1.png%00" ["extension"]=> string(6) "png%00" } ---------------------------------- ---------------------------------- ** case: dt_nb input: ../../1.png input urldecoded: ../../1.png realpath: basename: 1.png realpath url-d: basename url-d: 1.png array(3) { ["dirname"]=> string(5) "../.." ["basename"]=> string(6) "1.png " ["extension"]=> string(4) "png " } ----------------------------------
preferences:
335.37 ms | 410 KiB | 373 Q