The Easter Egg I’ve added to the corporate site has been discovered by our QA team. That’s good for the QA team. And bad for the site. Now it’s just one of those boring corporate web places again.
Tag: easter egg
PHP exposure via easter egg
Here is an interesting easter egg in PHP. Check if your php.ini file has expose_php setting turned on like so:
; Decides whether PHP may expose the fact that it is installed ; on the server (e.g. by adding its signature to the Web ; server header). It is no security threat in any way, but it ; makes it possible to determine whether you use PHP on your ; server or not. ; http://www.php.net/manual/en/ini.core.php#ini.expose-php expose_php = On
If it’s on, then you can see PHP Credits page, which includes PHP authors and contributors, as well as authors and contributors to the PHP modules that you have installed. To see the page add the secret parameter to any of the PHP pages on your server, like so: http://localhost/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000. You’ll see a long page that starts like so:
Kudos to Chris for pointing it out to me. I’ve since disabled the setting on my server.