Forbid more commands. Reorganize code

One of the participants solved is using the 'm4' command, which is similar to 'cat' Signed-off-by: Carina Deaconu <[email protected]>
open-education-hub · Sep 13, 2023 · 32a2e3b · 32a2e3b
1 parent 8f75a68
commit 32a2e3b
Showing 1 changed file with 28 additions and 3 deletions.
diff --git a/exotic-attacks/activities/handy-tool/src/index.php b/exotic-attacks/activities/handy-tool/src/index.php
@@ -8,11 +8,36 @@ function __construct() {
     }
 
     function __wakeup() {
-        if (isset($this->prop) && isset($this->condition) && $this->condition == true) {
-            if (strpos($this->prop, "cat") === false && strpos($this->prop, "head") === false && strpos($this->prop, "grep") === false && strpos($this->prop, "tail") === false && strpos($this->prop, "tac") === false && strpos($this->prop, "rev") === false && strpos($this->prop, "awk") === false && strpos($this->prop, "sed") === false && strpos($this->prop, "more") === false && strpos($this->prop, "cut") === false && strpos($this->prop, "nl") === false && strpos($this->prop, "less") === false && strpos($this->prop, "sort") === false && strpos($this->prop, "python") === false && strpos($this->prop, "perl") === false) {
-                eval($this->prop);
+        $forbbiden_commands = [
+            "cat",
+            "head",
+            "grep",
+            "tail",
+            "tac",
+            "rev",
+            "awk",
+            "sed",
+            "more",
+            "cut",
+            "nl",
+            "less",
+            "sort",
+            "python",
+            "perl",
+            "m4", // similar to `cat`
+        ];
+
+        if (!isset($this->prop) or !isset($this->condition) or !$this->condition == true) {
+            return;
+        }
+
+        foreach ($forbbiden_commands as $cmd) {
+            if (strpos($this->prop, $cmd) !== false) {
+                return;
             }
         }
+
+        eval($this->prop);
     }
 }
 ?>