PHP Magic methods and Security

Asked

Viewed 37 times

-2

I’m in the middle of a programming challenge and I just needed a path to follow the code I have to review :

<?php
  require_once( "settings.php" );
  class Database{
    function __construct(){
      $this->setDefaults();
    }
    function setDefaults(){
      if( !isset($this->host) ) $this->host = DB_HOST;
      if( !isset($this->user) ) $this->user = DB_USER;
      if( !isset($this->pass) ) $this->pass = DB_PASS;
      if( !isset($this->name) ) $this->name = DB_NAME;
      $this->description = $this->user."@".$this->host."/".$this->name;
    }
    function connect(){
      $this->connection =  new mysqli( $this->host, $this->user, $this->pass, $this->name );
      if( !$this->connection ) die( "Connection to ".$this->host." failed!" );
    }
    function query( $sql ){
      if( !isset( $this->connection ) ) $this->connect();
      $this->result = $this->connection->query( $sql );
      return $this->result;
    }
    function fetchRow(){
      return $this->result->fetch_assoc();
    }
  }

  class Flag{
    function getFlag(){
      return file_get_contents( FLAG_PATH );
    }
  }

  class Page{
    function __construct(){
      $this->elements = array();
      $this->html = "";
    }
    function __wakeup(){
      $this->compile();
    }
    function addElement($el){
      return $this->elements[] = $el;
    }
    function render(){
      if( empty( $this->html ) ) $this->compile();
      return $this->html;
    }
    function compile(){
      foreach( $this->elements as $el ){
        $this->html .= $el->render();
      }
    }
  }

  Interface Element{
    function render();
  }

  class SelectElement implements Element{
    function render(){
      if( empty( $this->aItems ) ) return "";
      $html = "<select>\n";
      foreach( $this->aItems as $k => $item ){
        $html .= "<option>".$item."</option>\n";
      }
      $html .= "</select>\n";
      return $html;
    }
  }

  class ObjectDescriber{
    function __construct( $obj, $prop, $type ){
      $this->obj = $obj;
      $this->prop = $prop;
      $this->t = $type;
    }
    function __toString(){
      if( $this->t == "m" ){
        return $this->obj->{$this->prop}();
      }else{
        return $this->obj->{$this->prop};
      }
    }
  }

  class DatabaseDescriber extends ObjectDescriber{
    function __construct( $db ){
      $this->obj = $db;
      $this->prop = "description";
      $this->t = "p";
    }
  }


?>

Defiance :

Receive the value of Flag->getFlag()

php
  • 2

    what this has to do with magical php methods and security?

  • Are you serious ... or ... have the troll mode on ?

1 answer

0

First you have to have a defined constant called FLAG_PATH with the probable path of something you want to read. Then instantiate the flag or go straight:

1 -

$flag = new Flag();
$flat->getFlag();

2 - 

(new Flag())->getFlag(); #Dependendo da versão do PHP não funciona assim

Honestly that’s all I understood from your question and I couldn’t even understand what has to do with safety and Magic methods. If you can explain better what you really want, because I’ve seen nothing but a bunch of classes stacked in one place only that don’t interact at all with each other.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.