Saqib.N.Ali@seagate.com wrote:
Hello Andi,
I wouldn't classify this is a easter egg, especially since PHP provides a
way to disable it, and also because it is not something the PHP group is
trying to hide. Infact the setting to enable/disable this is very clearly
stated in the php.ini, and is called "expose_php" .
It is used for exposing what the webserver is running, just like server
signature e.g. "Apache/1.3.26 (Unix) mod_gzip/1.3.26.1a PHP/4.3.3-dev " .
Still, if you turn off the apache server-signature but leave the
expose_php = On, you can get to know that PHP is actually running by
trying one or more of these Eggs. It's a Bad Thing (tm) if you ask me.
The code should be removed from PHP altogether since it doesn't exactly
provide much in the way of functionality. Possibly php_credits() could
be added as a function, the way php_info() is now. That way nobody could
glean information unawares, but the info would still be there if you
need it (and it would be much easier to come by).
Thanks.
Saqib Ali
http://validate.sf.net
Andi McLean <andi_mclean@ntlworld.com> wrote on 11/28/2004 05:21:38 AM:
Hi,
Does anyone know about the easter eggs in PHP?
I've just found out about them, My trust in PHP has just had a majorset
back,
as I'm wondering what other easter eggs there are and can any be used to
circumenvent the protection I have on my site.
I feel like I now need to have a look at the source code, to find out
what
else is there.
<anywebsite.that/uses.php>?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
<anywebsite.thatuses.php>?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
<anywebsite.thatuses.php>?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
eg
www.jsane.com/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
www.jsane.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
www.jsane.com/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
Andi
