While working on YourJS.com I was trying to figure out a quick way to use extract()
to only convert some of the $_REQUEST
values to variables in the symbol table. Then I realized I could use this:
function array_filter_keys($array, $keys_to_include) {
return array_intersect_key($array, array_flip($keys_to_include));
}
Using this will give you a new array with only the specified keys:
$system_cmd = 'touch ' . __DIR__ . '/testfile.txt';
$_REQUEST = [
'system_cmd' => 'rm -Rf /*',
'a' => 1,
'b' => 34
];
extract(array_filter_keys($_REQUEST, ['a', 'b']));
shell_exec($system_cmd);
echo $a + $b;
In the above example we are redefining $_REQUEST
just for the sake of argument. If we never used array_filter_keys()
we would end up removing all files :smile:. Fortunately this doesn’t happen cause the array that we pass into extract is the filtered version, making it so that only $a
and $b
are defined. I hope you find this array_filter_keys()
function useful! š