3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php $_GET['page'] = '\',\'asd\')&& phpinfo() && strpos(\'asd\', \''; if (isset($_GET['page'])) { $page = $_GET['page']; } else { $page = "home"; } $file = "templates/" . $page . ".php"; echo "strpos('$file', '..') === false"; // I heard '..' is dangerous! assert("strpos('$file', '..') === false") or die("Detected hacking attempt!"); // TODO: Make this look nice assert("file_exists('$file')") or die("That file doesn't exist!");
Output for 7.2.6 - 7.2.11
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Deprecated: assert(): Calling assert() with a string argument is deprecated in /in/tpdi9 on line 15 Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!
Output for 7.0.0 - 7.1.20
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!
Output for hhvm-3.22.0
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Warning: assert(): Assertion "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line -1 Detected hacking attempt!
Output for 5.6.0 - 5.6.30, hhvm-3.12.14 - 3.21.3
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Warning: assert(): Assertion "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!