Unclear assert behavior
When writing code, any programmer makes checks. This is normal :) There are three mechanisms for generating errors in PHP:
While writing the code and its subsequent testing, the completely non-obvious behavior of the assert function was discovered. And now some code:
What is wrong with all this? And the fact that when a string is passed to assert, the interpreter will try to execute it similarly to eval, which gives tremendous scope for various vulnerabilities, since an attacker in some cases may be able to execute arbitrary code.
')
Documentation of the assert function .
- error (proper errors);
- exception (exceptions);
- assertion (approval).
While writing the code and its subsequent testing, the completely non-obvious behavior of the assert function was discovered. And now some code:
<?php // $x $test = 'TEST'; // if ($test) echo " - \n"; // " - " // assert assert($test); // , PHP // PHP Notice: Use of undefined constant TEST - assumed 'TEST' in php shell code(1) : assert code on line 1 What is wrong with all this? And the fact that when a string is passed to assert, the interpreter will try to execute it similarly to eval, which gives tremendous scope for various vulnerabilities, since an attacker in some cases may be able to execute arbitrary code.
')
<?php $x = 'TEST'; assert('$x .= $x;'); echo $x; // TESTTEST Documentation of the assert function .
Source: https://habr.com/ru/post/138443/
All Articles