PHP Sadness

(<5.5) PHPE9568F34-D428-11d2-A769-00AA001ACF42

Update 2013-01-07: As of PHP 5.5, access to these via URLs has been removed.

Update 2012-08-06: A patch has been submitted to move all these images from URLs (which fixes the security holes) to data URIs (which probably makes the cruft worse). Net change: positive!

PHP is full of cruft.

For example, PHP <5.5 has a "feature" wherein if you add ?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 to the URL of a PHP script, it produces the PHP logo.

http://en.wikipedia.org/w/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42

You can get this ID with php php_logo_guid.

There is also php zend_logo_guid and an undocumented php_egg_logo_guid() function:

http://www.zend.com/en/index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42

http://php.net/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

You can also get the PHP developer credits with php phpcredits or ask any PHP script using another code URL:

http://www.canonical.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

All of this data is loaded into memory every time a PHP script runs. This takes approximately 21kb of memory (after all the images, credits, and HTML therein) per PHP process, even though these are never used for production applications. Disabling this requires a custom source modification (as of 20100712).

It should be noted that setting up some kind of filter, redirect, or rewrite for these URLs does not "solve" anything - this data is still present in the PHP binary and is loaded whenever it starts up.

It looks like this feature is now available in Perl as well!