3v4l.org

run code in 300+ PHP versions simultaneously
<?php $_GET['page'] = '\',\'asd\')&& phpinfo() && strpos(\'asd\', \''; if (isset($_GET['page'])) { $page = $_GET['page']; } else { $page = "home"; } $file = "templates/" . $page . ".php"; echo "strpos('$file', '..') === false"; // I heard '..' is dangerous! assert("strpos('$file', '..') === false") or die("Detected hacking attempt!"); // TODO: Make this look nice assert("file_exists('$file')") or die("That file doesn't exist!");
Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.19, 8.3.0 - 8.3.7
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false
Output for 7.2.0 - 7.2.33, 7.3.0 - 7.3.31, 7.4.0 - 7.4.33
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Deprecated: assert(): Calling assert() with a string argument is deprecated in /in/tpdi9 on line 15 Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!
Output for 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.3.32 - 7.3.33
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Warning: assert(): assert("strpos('$file', '..') === false"): "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!
Output for 5.6.0 - 5.6.40
strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false Warning: assert(): Assertion "strpos('templates/','asd')&& phpinfo() && strpos('asd', '.php', '..') === false" failed in /in/tpdi9 on line 15 Detected hacking attempt!

preferences:
156.41 ms | 402 KiB | 293 Q