3v4l.org

run code in 500+ PHP versions simultaneously
<?php // What OpenCart expects people to try: $route = 'apple/../../../../dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts); // How to bypass their protection: $route = 'apple/..././..././..././..././dog'; $parts = explode('/', str_replace('../', '', (string)$route)); var_dump($parts);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/tMmNK
function name:  (null)
number of ops:  25
compiled vars:  !0 = $route, !1 = $parts
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
    4     0  E >   ASSIGN                                                       !0, 'apple%2F..%2F..%2F..%2F..%2Fdog'
    5     1        INIT_FCALL                                                   'explode'
          2        SEND_VAL                                                     '%2F'
          3        CAST                                              6  ~3      !0
          4        FRAMELESS_ICALL_3                str_replace         ~4      '..%2F', ''
          5        OP_DATA                                                      ~3
          6        SEND_VAL                                                     ~4
          7        DO_ICALL                                             $5      
          8        ASSIGN                                                       !1, $5
    6     9        INIT_FCALL                                                   'var_dump'
         10        SEND_VAR                                                     !1
         11        DO_ICALL                                                     
    9    12        ASSIGN                                                       !0, 'apple%2F...%2F.%2F...%2F.%2F...%2F.%2F...%2F.%2Fdog'
   10    13        INIT_FCALL                                                   'explode'
         14        SEND_VAL                                                     '%2F'
         15        CAST                                              6  ~9      !0
         16        FRAMELESS_ICALL_3                str_replace         ~10     '..%2F', ''
         17        OP_DATA                                                      ~9
         18        SEND_VAL                                                     ~10
         19        DO_ICALL                                             $11     
         20        ASSIGN                                                       !1, $11
   11    21        INIT_FCALL                                                   'var_dump'
         22        SEND_VAR                                                     !1
         23        DO_ICALL                                                     
         24      > RETURN                                                       1

Generated using Vulcan Logic Dumper, using php 8.5.0

preferences:
173.74 ms | 3055 KiB | 15 Q