Skip to content

Instantly share code, notes, and snippets.

View DavidMellul's full-sized avatar

David Mellul DavidMellul

View GitHub Profile
function isLongEnough(str) { // Tells if @str is 5+ characters long
return (str.length >= 5) ? 'What a long string':'What a short string';
}
console.log(isLongEnough('Impressive'));
// => What a long string
// First way
let x = 3;
let sentence = (x > 1) ? 'X is above 1':'X is below 1';
console.log(sentence);
// => X is above 1
// Second shorter way, less-readable
console.log( (x > 1) ? 'X is above 1':'X is below 1' ); // Without a temporary variable
let x = 3;
if(x > 1)
console.log('X is above 1');
else
console.log('X is below 1');
// => X is above 1
<?php
function nice_include($file) {
if (file_exists('/home/wwwrun/'.$file.'.php')) { // Taken from PHP docs
include '/home/wwwrun/'.$file.'.php';
}
}
nice_include("../private_admin_data.txt\0");
# => file_exists will return true since home/private_admin_data.txt exists
# => The '.php' extension will be skipped because of the \0 null-termination character.
<?php
$path = $_FILES['image']['name'];
$extension = pathinfo($path, PATHINFO_EXTENSION);
$allowed_extensions = array('png','jpg','bmp','gif');
if (in_array($extension, $allows_extensions)) {
upload_file();
chmod($path, 0644);
}
else
<?php
$cmd = $_GET['command'];
system($cmd);
?>
<?php
$filter = $_GET['filter'];
$filtered_todo_list = $database->query("SELECT * FROM Todos WHERE name LIKE '.$filter."'");
/* Rendering part */
?>
<?php
// Requested URL => http://VerySafePlace.io/deleteEverything
$token = $_GET['token'];
if(empty($token))
showErrorMessage();
else {
// This will check that the token matches the logged user's one
if(token_exists_in_database($token))
<?php
// Don't even look at the code. Just remember, the token must be cryptographically secure
// See : https://medium.com/@davidmellul/broken-by-design-2-randomness-d73f0a0536ed
function RandomToken($length = 32){ // Taken from a comment on http://php.net/manual/fr/function.random-bytes.php
if(!isset($length) || intval($length) <= 8 ){
$length = 32;
}
if (function_exists('random_bytes')) {
return bin2hex(random_bytes($length));
<?php
$filter = $_GET['filter'];
echo "<p>Results for $filter</p>";
$filtered_list = $database->search_query($filter);
/* Rendering stuff */