The Daily WTF
Ben‘s web firm took on a new client, and they’re using a rather questionable shopping cart system. Like a lot of PHP web plugins, someone decided that they needed to “protect” their code by obfuscating it. Either that, they were obfuscating it out of shame, one or the other.
if(!function_exists(“cache_exists”)) { eval(“fu” . “nction cach” . “e_exi” . “sts($Data) { echo base” . “64” . “_d” . “eco” . “de($” . “Data); }”); }
It seems like they specifically chose an “obfuscation” method which makes it hard to CTRL+F through the code- a search for “cache_exists” won’t find the function definition. It’ll find the line right before the function definition, where the code is checking to see if the function already exists, but it won’t find the function.
But let’s talk about what the function does. It echoes into the page body the base-64 decoded version of whatever was
To read the full article click on the 'post' link at the top.