Created
July 5, 2013 07:49
-
-
Save index0h/5932760 to your computer and use it in GitHub Desktop.
Скрипт, демострирующий как можно обойти eval для нахождения результата конкатенации строк.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Скрипт, демострирующий как можно обойти eval для нахождения результата конкатенации строк. | |
| * | |
| * @category INDEX0H | |
| * @package MAIN | |
| * @subpackage SCRIPTS | |
| * @author Roman Levishchenko <index.0h@gmail.com> | |
| * @copyright 2013 Roman Levishchenko | |
| * @license BSD | |
| * @version {VERSION} | |
| * @link https://gist.github.com/index0h/5932760 | |
| */ | |
| $input = <<<EOD | |
| "A" | |
| . "\"" | |
| . | |
| '\'' | |
| . | |
| 9 | |
| .' | |
| ' | |
| . 'C' . " ' " | |
| . '"' | |
| EOD; | |
| $evalString = eval("return {$input};"); | |
| // Разбор через токены. НАЧАЛО. | |
| $tokenString = ''; | |
| $tokens = token_get_all('<? ' . $input); | |
| foreach ($tokens as $token) { | |
| switch ($token[0]) { | |
| case T_LNUMBER: | |
| $tokenString .= $token[1]; | |
| break; | |
| case T_CONSTANT_ENCAPSED_STRING: | |
| $tokenString .= stripcslashes(substr($token[1], 1, -1)); | |
| break; | |
| } | |
| } | |
| // Разбор через токены. КОНЕЦ. | |
| $equals = ($evalString === $tokenString) ? 'YES' : 'NO'; | |
| echo " | |
| EVAL | |
| ----------------------- | |
| $evalString | |
| ----------------------- | |
| TOKEN | |
| ----------------------- | |
| $tokenString | |
| ----------------------- | |
| ARE EQUALS: $equals | |
| "; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment