[xdebug-general] Re: excluding code or variables possible?

From: Jerry Stuckle <jerry[@]smartechhomes.com>
Date: Tue, 26 Jun 2012 08:21:14 -0400

Heck, it's even easier:

<?php
   readfile ($_SERVER['DOCUMENT_ROOT'] . '/index.php');
?>

Displays the contents of index.php on the user's screen.

There is no security if they have access to the server.

On 6/26/2012 4:17 AM, Werner Flamme wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Derick Rethans [25.06.2012 19:36]:
>> On Mon, 25 Jun 2012, Werner Flamme wrote:
>>
>>> Is there a chance that I can read the source code of a function
>>> just by invoking PHP methods, right out of memory, because I do
>>> not know the file name and directory of the code? Or do I have to
>>> include a file manager in the code, tap through every directory,
>>> open every PHP source file?
>>
>> Quite easily:
>>
>> <?php $r = new ReflectionFunction('secret'); $f =
>> file($r->getFileName()); var_dump(array_slice($f,
>> $r->getStartLine(), $r->getEndLine() - $r->getStartLine() ) ); ?>
>
> Derick,
>
> thanks a lot! I quoted the code to the Chief Developer[tm] :-)
>
> I'll have a closer look at the variables now. The superglobals are
> transformed into standard variables and emptied then. Maybe $GLOBALS
> will help me.
>
> Regards,
> Werner
>
> - --
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk/pcCkACgkQk33Krq8b42NjtACdG42H85NkD/ZIgAMMji3koHo0
> WFMAoIDguw/KSRU6LKK6m/MsY8CJ2ItX
> =SwsS
> -----END PGP SIGNATURE-----
>
>
>
Received on Tue Jun 26 2012 - 13:21:29 BST

This archive was generated by hypermail 2.2.0 : Mon Jun 25 2018 - 06:00:04 BST