3v4l.org

run code in 300+ PHP versions simultaneously
<?php // What OpenCart expects people to try: $route = 'apple/../../../../dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts); // How to bypass their protection: $route = 'apple/..././..././..././..././dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/tMmNK
function name:  (null)
number of ops:  31
compiled vars:  !0 = $route, !1 = $parts
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    4     0  E >   ASSIGN                                                   !0, 'apple%2F..%2F..%2F..%2F..%2Fdog'
    5     1        INIT_FCALL                                               'explode'
          2        SEND_VAL                                                 '%2F'
          3        INIT_FCALL                                               'str_replace'
          4        SEND_VAL                                                 '..%2F'
          5        SEND_VAL                                                 ''
          6        CAST                                          6  ~3      !0
          7        SEND_VAL                                                 ~3
          8        DO_ICALL                                         $4      
          9        SEND_VAR                                                 $4
         10        DO_ICALL                                         $5      
         11        ASSIGN                                                   !1, $5
    6    12        INIT_FCALL                                               'var_dump'
         13        SEND_VAR                                                 !1
         14        DO_ICALL                                                 
    9    15        ASSIGN                                                   !0, 'apple%2F...%2F.%2F...%2F.%2F...%2F.%2F...%2F.%2Fdog'
   10    16        INIT_FCALL                                               'explode'
         17        SEND_VAL                                                 '%2F'
         18        INIT_FCALL                                               'str_replace'
         19        SEND_VAL                                                 '..%2F'
         20        SEND_VAL                                                 ''
         21        CAST                                          6  ~9      !0
         22        SEND_VAL                                                 ~9
         23        DO_ICALL                                         $10     
         24        SEND_VAR                                                 $10
         25        DO_ICALL                                         $11     
         26        ASSIGN                                                   !1, $11
   11    27        INIT_FCALL                                               'var_dump'
         28        SEND_VAR                                                 !1
         29        DO_ICALL                                                 
         30      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
142.96 ms | 1004 KiB | 16 Q