Representative Line: Assignment
-
$options['thing'] = $options['thing'];
Critical line, in fact. Explanations forthcoming later.
-
$options['thing'] = $options['thing'];
huh.... what the....
Critical line, in fact.
okay.... now it's seriously...... what the fuck?
-
Critical line, in fact
Well that's one way to ensure that
'thing'
exists in$options
I guess...
I'm assuming undefined index is sufficiently silenced?
-
Oh that's easy.
indexer property on a class, you can stick all kinds of evil code in there.
// Indexer to get and set words of the containing document: private int your_mom; public string this[int index] { get { return (new Random()).Next(); } set { your_mom = (new Random()).Next(index); } }
C#... of course.
I wonder if you can make Javascript that evil?
-
-
Discourse, fuck you and your 500, then your "body is too similar" without actually adding anything.
Yes, essentially it guarantees that the array key exists and the receiver won't shit itself where it isn't defined.
Same person wrote both the receiver code and this gem.
-
Disappointing, I had hoped that had fun with ArrayAccess and implemented something truly evil.
-
No, that's my plan for later in the year to neutralise direct access to
$_GET
and friends.
-
okay.... now it's seriously...... what the fuck?
You know how DRAM has to be continuously refreshed?
-
You can assign to $_GET itself?
:do_not_want.sh:
-
You can assign to $_GET itself?
Why not? It's a good way to be sure the expected parameter was there, despite not being given by the request. ;)
-
@PleegWat said:
You can assign to $_GET itself?
Why not? It's a
goodway to be sure the expected parameter was there, despite not being given by the request. ;)FTFY
-
Dunno, I figured because of the autoglobal magic going on there might be protection.
I might have assigned to its members. I know I've done stuff like
foreach( $_GET as $key => $data) { unset $$key; }
but that's the other way around. I never even contemplated replacing the array.
-
-
This wasn't actually touching
$_GET
- it really was called$options
! But sure, there isn't a reason why you can't nuke GET, POST, REQUEST etc.They're still just regular arrays, even if they magically get thrown into every scope. Replacing them with a class that extends ArrayAccess is not difficult, just have it throw E_USER_DEPRECATED on every call to
__get
;)
-
Why not just
unset($GLOBALS);
, then?
-
$GLOBALS is actually a separate and different construct to the superglobals of GET, POST, REQUEST, SERVER, COOKIES and ENV.
I have no idea what would happen if you tried to unset that, I suspect it would either silently fail or nuke every global variable, not just the superglobals. Or it'd crash PHP since GLOBALS contains a reference to itself as it is itself global.
-
you are a brave man.
be careful there. that abyss is going to stare right back at you.
-
C#... of course.
I wonder if you can make Javascript that evil?
It's PHP, so the amount of evil that is possible is a matter of some debate. Also several exorcisms and at least one summoning of the great tentacled being of the outer abyss…
-