Skip to content

Instantly share code, notes, and snippets.

@ziadoz ziadoz/include-me-func.php
Last active Aug 24, 2019

Embed
What would you like to do?
Prevent Variable Leakage In PHP Includes
<?php
// Use a closure so nothing leaks out when included.
return (function () {
$array = ['foo', 'bar'];
foreach ($array as $string) {
// Some exciting logic.
}
return 'FOOBAR';
})();
<?php
// The standard leaky include.
$array = ['foo', 'bar'];
foreach ($array as $string) {
// Some exciting logic.
}
return 'FOOBAR';
<?php
$array = ['foo', 'bar'];
foreach ($array as $string) {
// Some exciting logic.
}
unset($array, $string); // Unset variables so nothing leaks out when included.
return 'FOOBAR';
<?php
$returned = include __DIR__ . '/include-me-unset.php';
echo (isset($array) ? '$array variable is set' : '$array variable is not set') . PHP_EOL;
echo (isset($string) ? '$string variable is set' : '$string variable is not set') . PHP_EOL;
echo '$returned is ' . $returned . PHP_EOL;
$returned = include __DIR__ . '/include-me-func.php';
echo (isset($array) ? '$array variable is set' : '$array variable is not set') . PHP_EOL;
echo (isset($string) ? '$string variable is set' : '$string variable is not set') . PHP_EOL;
echo '$returned is ' . $returned . PHP_EOL;
$returned = (function () { return include __DIR__ . '/include-me-leaky.php'; })();
echo (isset($array) ? '$array variable is set' : '$array variable is not set') . PHP_EOL;
echo (isset($string) ? '$string variable is set' : '$string variable is not set') . PHP_EOL;
echo '$returned is ' . $returned . PHP_EOL;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.