Evil m prank

Tags
Evil, Prank, Forms

Don't to this! It's evil! I'm showing you how, so you'll know what not to do.

You can try this program. It let's you send a message to your boss. Type the message, and hit the button:

Send a message

The program sends the message (it doesn't, but let's pretend), and confirms what it has done.

Normal output

Sometimes, the program will change every n in the message, to an m:

Argh!

Oh, so you mever make mistakes? Hmmmm...

Show all

Here's the code:

  1. <?php
  2. // Don't do this! It's evil!
  3. $message = '';
  4. if (isset($_POST['message'])) {
  5.     $message = $_POST['message'];
  6. }
  7. // Do something evil?
  8. if ($message != '') {
  9.     if (rand(1, 3) == 3) {
  10.         // Yes! Evil it is.
  11.         // Replace ns with ms.
  12.         $message = str_replace('n', 'm', $message);
  13.     }
  14. }
  15. ?><!doctype html>
  16. ...
  17. <p>Send a message to your boss.</p>
  18. <?php
  19. if ($message != '') {
  20.     print "<p>Message sent: $message</p>\n";
  21. }
  22. ?>
  23. <form method="post">
  24.     <p>
  25.         <label>Message<br>
  26.             <textarea name="message" cols="40" rows="8"></textarea>
  27.         </label>
  28.         <br><span class="help-text">Please type your message.</span>
  29.     </p>
  30.     <p>
  31.         <button type="submit">Send</button>
  32.     </p>
  33. </form>

This is one of those pages that sends data to itself. There's no action on the form (line 23):

  • <form method="post">

When the program starts, it grabs the POST param message, if there is one:

  • $message = '';
  • if (isset($_POST['message'])) {
  •     $message = $_POST['message'];
  • }

OK. Now, if there is a message, we might do something evil with it.

  1. // Do something evil?
  2. if ($message != '') {
  3.     if (rand(1, 3) == 3) {
  4.         // Yes! Evil it is.
  5.         // Replace ns with ms.
  6.         $message = str_replace('n', 'm', $message);
  7.     }
  8. }

rand(1, 3) chooses a random whole number, between 1 and 3. If the random number chosen is 3 (which it will be one-third of the time), the program does something evil:

  1. // Replace ns with ms.
  2. $message = str_replace('n', 'm', $message);

Here's what the official str_replace() docs say:

- - CUT SCREEN HERE - -

str_replace

str_replace — Replace all occurrences of the search string with the replacement string

Description

str_replace ( array|string $search , array|string $replace , string|array $subject , int &$count = null ) : string|array

This function returns a string or an array with all occurrences of search in subject replaced with the given replace value.

- - CUT SCREEN HERE - -

So, one-third of the time, all ns are replaced by ms.

Often, the user won't notice. They know what they typed, and expect to see that. Sometimes, the boss won't notice it either. But sometimes...

There are lot of variants of this prank. For example:

$message = str_replace('boss', 'idiot', $message);

Imagine this applied to the message "Hey, boss! Nice meeting today!"

Remember, this is evil! Don't do it!