@cywm528 date:2014-03-02
I found a new feature of double-quoted string's complex-curly syntax in PHP >= 5.5 zend_language_scanner.l in PHP <= 5.4:
<ST_LOOKING_FOR_VARNAME>{LABEL} {
zend_copy_value(zendlval, yytext, yyleng);
zendlval->type = IS_STRING;
yy_pop_state(TSRMLS_C);
yy_push_state(ST_IN_SCRIPTING TSRMLS_CC);
return T_STRING_VARNAME;
}zend_language_scanner.l in PHP >= 5.5:
<ST_LOOKING_FOR_VARNAME>{LABEL}[[}] {
yyless(yyleng - 1);
zend_copy_value(zendlval, yytext, yyleng);
zendlval->type = IS_STRING;
yy_pop_state(TSRMLS_C);
yy_push_state(ST_IN_SCRIPTING TSRMLS_CC);
return T_STRING_VARNAME;
}Well, php code can be evaluated in double-quoted string, like this:
// PHP >= 4.3, and maybe older varsion?
"{${phpinfo()}}";
"{$phpinfo[phpinfo()]}";
"${${phpinfo()}}";
"${@phpinfo()}";
"${ phpinfo()}";
"${( string )phpinfo()}";
"${phpinfo[phpinfo()]}";
// this is new feature in PHP >= 5.5
"${phpinfo()}";