CodeSOD: The Flasher

Michael H sends us some code that probably deserves a NSFW warning for exhibitionism. This code is a confusing bit of metaprogramming that" well, shouldn't be allowed near schools or playgrounds.

function load_class_public($class) { static $classes; if (! $classes) $classes = array(); $classname = $class . '_Publicified'; if ($classes[$classname]) return $classname; $codez = file_get_contents(PATH . '/classes/class.' . $class . '.php'); $codez = preg_replace('/\bprivate\b/', 'public', $codez); $codez = preg_replace('/\bprotected\b/', 'public', $codez); $codez = preg_replace('/\bclass\s+' . $class . '\b/', 'class ' . $class . '_Publicified', $codez); $codez = preg_replace('/\<\?php/', '', $codez); eval($codez); $classes[$classname] = $classname; return $classname;}

So, let's start with the variable name $codez. Once we finish rolling our eyes, we can move onto the real horror: it loads a PHP file based on the class name, it uses regexes to convert every use of the keywords "private" or "protected" into "public", changes the classname "Foo" to "Foo_Publicified", and then evaluates the resulting code to create a new classname.

And then it returns that classname for instantiation elsewhere in the code. This is the work of someone dangerously clever, but not terribly bright. Michael isn't sure why it's there, or what purpose it serves, but it is being called.

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!