kachkaev April 4, 2010 at 00:10

Easter eggs in PHP

Perhaps everyone knows that today, April 4, 2010, both Catholics and Orthodox celebrate Easter. Taking the opportunity, I decided to write an article about Easter eggs, not only those that paint, but about those whose origin is related to the theme of Habr. It's about PHP Easter eggs .

In short: It turns out that if you add a special line to the GET request processed by the PHP interpreter, you can force the server to return a "secret" picture, or information about PHP developers. Examples:
http://vkontakte.ru/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
http://en.wikipedia.org/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
http: //www.liveinternet. com /? = PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

What is the yolk salt?

Just want to emphasize that the PHP Easter eggs, which will be discussed, are absolutely harmless. Their existence can not adversely affect the operation of the site. As I said, there are several special lines (we will call them signatures ), adding them to the request SUDDENLY changes the server’s response. Syntactically, the signature must be the value of an unnamed and single GET variable (for example, mypage.php?=×××).

These are the signatures and the results of their insertion:

PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - a list of PHP developers (PHP Credits).
PHPE9568F3 4 -D428-11d2-A769-00AA001ACF42 - the PHP logo.
PHPE9568F3 5 -D428-11d2-A769-00AA001ACF42 - Zend logo.
PHPE9568F3 6 -D428-11d2-A769-00AA001ACF42 - a funny picture that differs in different versions of PHP:
- Thies C. Arntzen, one of the language developers (versions 4.0.1 - 4.2.2).
- A brown dachshund named Nadia by one of the team members named Stig Bakken (versions 4.3.2 - 4.3.10).
- Black Scottish Terrier named Scotch by Zeev Suraski (versions 4.3.11 - 4.4.4, 5.0.5 - 5.1.2).
- Rabbit (version 4.3.1, 5.0.0, 5.0.3).
- Distorted PHP logo (versions 5.1.4 - 5.2.?).
- PHP mascot "elePHPant" (some versions 5.2.?).

More information about the correspondence of PHP versions and these images can be found in one English-language article on this topic at 0php.com . It’s a pity that it was not possible to establish the dependency absolutely precisely, because the official site of PHP CVS-log file where images are stored does not work . I apologize if I made a mistake somewhere.

Whoever wants to can kill an additional few minutes of life by looking at the list of sites lit up on Google with the first signature in the URL .

How it works?

The culprit of all these "miracles" is quite easy to find in the source code of the interpreter.

The signatures themselves are described ext/standard/info.hin lines 53–56 in the file :

#define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42" #define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42" #define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42" #define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000"

For the return of unusual answers to unusual requests, the function is responsible in php_handle_special_queries()conjunction with the functions php_info_logos()and php_print_credits(). In turn, it php_handle_special_queries()is called inside the function php_execute_script().

All three images (Zend logo, PHP logo, funny picture) are in GIF format and are stored as byte arrays in a file main/logos.h.

Is there any way to disable this?

If you are administering a site written in PHP, you most likely have already tried to do this trick with your project. If the Easter egg “works,” then you probably already decided to get rid of it. This is extremely easy to do.

Just open the file on your server php.ini, find the parameter expose_phpand change its value to “off”:

expose_php = off

After the web server reboots, the pictures and the page with information about the developers will cease to appear - unusual requests will begin to be processed in normal mode. Also, the server will stop adding the string “ X-Powered-By: PHP/×.×.× ...” to the HTTP response headers, the mention of PHP will be removed from the string “ Server: ...” (if it is now there).

Getting rid of this "terrible hack", you will only be able to hide the fact that your site uses PHP. Of course, this applies only to projects with CNC (and even then not everyone). If the links on your site look like " my_cosy_guestbook.php?do=delete_all", this, of course, will not save you. Before searching and modifying a file php.ini, be sure to remember to answer the question: “Do I need it?”.

Farm application

Despite the seeming futility, the described Easter egg has practical applications. If you display information about the system using the function on your website phpinfo(), you will see the PHP and Zend logos, as well as the PHP Credits link. What URI the pictures will be requested for, and where the link to the list of developers will lead, is now quite easy to guess. Resources are made available even if the site is being tested on a local machine that does not have Internet access. This only works when the option is enabled expose_php(otherwise the pictures and the link are not displayed). Here is a working example:www.it.tsu.ge/info.php (not my site, I have just posted ~~to announce~~ a link). Another example: hosting.iptcom.net/phpinfo.php (it turns out that the picture with the Zend logo was completely different in PHP version 4.4.4). An example of a site with the option disabledexpose_phpon the server: help.secureserver.net/linux-phpinfo.html .

Bonus Egg

Studying the source of PHP, I accidentally stumbled upon the source of another funny secret, mentioned several times on the Internet. It turns out that on April 1, the logo generated by the function php_logo_guid()is replaced with a funny picture (as is the case with the signature PHPE9568F3 6 -D428-11d2-A769-00AA001ACF42). It turns out that on this day the logo will change on the page received with phpinfo().

In the sources of version 5.2.13, lines 1237-1238 of the fileext/standard/info.c are responsible for this “egg” . It is a pity that you can see it in action only after almost a year. Although, impatient comrades at any time can change the system date. ;)

Bonus Egg No. 2

By the end of this article, it turned out that there is another signature that works in PHP 5. For this Easter egg, the Suhosin extension must be enabled (it is used to enhance PHP security). The signature is: SUHO8567F54-D428-14d2-A769-00DA302A5F18 . The result of adding it to the request is a picture with three hieroglyphs, which are translated from Korean approximately as a protector or guardian angel. This example does not work on php.net , but it is perfectly demonstrated on the php.ru website and on the “beloved” VKontakte all of us (once, since Suhosin is not installed on all servers).

Suhosin

Conclusion

It’s good when people who develop serious things have a sense of humor and allow themselves to harmlessly joke. In addition, Easter eggs are a good viral advertisement for their product (in fact, I now advertise PHP for free). The main thing for developers here is not to overdo it.

PS: I understand that for some Khabrovsk citizens the described fact will seem bearded and uninteresting, but I’m sure that someone hears about Easter eggs in PHP for the first time. Personally, I learned about all this recently, although my first php file was created about 5 years ago.

If today there are people who want to write about Easter eggs in other environments or programming languages, you can arrange a whole Easter day on Habré, The main thing is that then the UFO on the head taps for offtopic and does not put the phrase "Stop already writing about eggs!" On the main one . :)

_{Links to sources and resources:
en.wikipedia.org/wiki/PHP , blogoscoped.com/archive/2006-01-08-n31.html , www.0php.com/php_easter_egg.php , www.drupal.ru/node/ 19682 , php.net , commons.wikimedia.org/wiki/File:Vajicka1.jpg ; Pictures are on imageshack .}

Tags: