All the Easter Eggs in PHP
PHP used to pack quite a few Easter Eggs back in the day. Until PHP 5.5, calling a URL with a special string returned various bits of PHP information and images such as the PHP logo, credits, Zend Engine logo, and a quirky PHP Easter Egg logo.
https://example.com/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
: PHP Logohttps://example.com/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
: PHP Creditshttps://example.com/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
: Zend Engine logohttps://example.com/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
: PHP Logo Easter Egg
In addition to the special URLs, Colin Viebrock made a change back in 2000 so that the standard PHP logo shown in the phpinfo()
output changes to the Easter Egg logo only on April 1st.
Calling PHP web site URLs with query parameters above revealed a lot of information about the PHP version the sites were running, opening information disclosure vulnerabilities unless the sites were configured with expose_php=off
PHP INI directive. There were hundreds of questions on StackOverflow and hundreds of blog posts and articles on turning off these URLs. The unexpected outcome of this was that attackers could target PHP web sites en-masse by snooping on the exact PHP version web sites use.
These magic URLs were removed in PHP 5.5 and those special URLs no longer have any special functionality. However, even to this date, PHP continues its last Easter Egg in its phpinfo()
page.
In
phpinfo()
output, there is a special PHP logo visible only on April 1st.
phpinfo()
pages reveal a lot of information about the PHP setup, and should not be visible outside visitors of a web site. The last of PHP Easter Eggs are placed in the Top right logo section of the phpinfo()
HTML output.
The April 1st PHP logo shown above has not always been the same. Occasionally, PHP developers change the logo with a new fun and quirky logo.
Here are all the Easter Egg logos PHP had from the beginning:
Logo | PHP Version | Description |
---|---|---|
PHP 4.0 | Thies C. Arntzen | |
PHP 4.3 | Stig Bakken's dog named "Nadia" | |
PHP 4.4 | Zeev Surask's dog named "Scotch" | |
PHP 5.1 | ||
PHP 5.3 | ||
PHP 5.6 | ||
PHP 7.0 to 7.4 | Featuring a PHP 7 ElePHPant, by Andrea Faulds | |
PHP 8.0 to current | Featuring InPHPinity, by Noriko Yamamoto |
Expires: Thu, 19 Nov 1981 08:52:00 GMT
PHP's session extension sends an Expires
HTTP header with value Thu, 19 Nov 1981 08:52:00 GMT
when the session cookie expiration date needs to be in the past (which essentially invalidates the cookie).
This seemingly random number is actually the birthday of Sascha Schumann, who worked on that part of the code at the time.