user2338096
Reputation: 41
Urldecode in PHP
I was wondering...my friend and I were having a debate over this. Is there anything I could pass in the url to get to the echo call (The one that says "Yay potatoes!!!" sorry was unclear)?
<?
if(eregi("potato",$_GET[id])) {
echo("<p>Awww no potatoes :c </3</p>");
exit();
}
$_GET[id] = urldecode($_GET[id]);
if($_GET[id] == "potato")
{
echo "<p>Yay potatoes!!!!!</p>";
}
?>
Upvotes: 2
Views: 470
Answers (1)
Brad
Reputation: 163752
Yes. You can double-encode a character (or more)
?id=%2570otato
PHP will decode the first one and give you:
$_GET['id'] = "%70otato"
This will pass eregi() without exiting. Then, you run urldecode() on it, which gives you potato.
Yay, potatoes. Codepad example: http://codepad.org/IYwizCXK
Upvotes: 5