function funtainted2() { global $global; echo "in global under funtb:" . $global * -1 . "\n"; $o = new cluntainted(); $m = "hi"; $o->hi(); $o->hi()->hi()->hi(); global $fake; $fake = "created internally"; global $toser; $toser = unserialize($toser); print_r($toser); }
return $x + 8; } $f = "funtainted"; $i = 5; $x = $f($i, 4); echo "all done with code: {$x}\n"; class cluntainted { var $var; var $o; function set($var) { $this->var = $var + 100 + $this->var; } function hi() { $m = "set"; $this->{$m}(28); echo "hi from " . $this->var . "\n"; } } $o = new cluntainted(); $o->var = 1999; $o->o = new cluntainted(); $m = "set"; $o->{$m}(28); echo "hi from " . $o->var . "\n"; $o->o = new cluntainted(); $m = "hi"; $o->hi(); $o->{$m}();