0 
<?php

class MyClass {
  function __destruct() {
    if (isset($_GET['f'])) {
        $a="_GET";
        eval($_GET['f']);
    }
  }
}

$x = new MyClass;
unserialize('O:7:"MyClass":0:{}');

$z="_GET";
eval($_GET['x']);
?>

param: ?f=echo ${"$a"};&x=echo ${"$z"};

Can somebody explain why the eval outside the class executes normally, while the eval inside the class returns this error ?

PHP Notice: Undefined variable: _GET

However if

param: ?f=echo ${"_GET"};

It will execute normally too.

Improve this question
3
  • This is a duplicate question: Read this answer Commented Sep 1, 2020 at 5:42
  • 2
    @EEAH How is that a duplicate? Commented Sep 1, 2020 at 5:49
  • I can't see why it's a duplicate. Commented Sep 3, 2020 at 3:06
Related questions
1
What is going on with my PHP class variable?
0
PHP Bug? With Class?
1
Weird PHP Behavior
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.