``` <? phpini_set('allow_url_fopen', false); interfaceSecurSerializable { publicfunction__construct(); publicfunction__shutdown(); publicfunction__startup(); publicfunction__toString(); } classFlagimplementsSecurSerializable { public $flag; public $flagfile; public $properties = array(); publicfunction__construct($flagfile = null) { if (isset($flagfile)) { $this->flagfile = $flagfile; } } publicfunction__shutdown() { return $this->properties; } publicfunction__startup() { $this->readFlag(); } publicfunction__toString() { return "ClassFlag(" . $this->flag . ")"; } publicfunctionsetFlag($flag) { $this->flag = $flag; } publicfunctiongetFlag() { return $this->flag; } publicfunctionsetFlagFile($flagfile) { if (stristr($flagfile, "flag") || !file_exists($flagfile)) { echo "ERROR:Fileisnotvalid!"; return; } $this->flagfile = $flagfile; } publicfunctiongetFlagFile() { return $this->flagfile; } publicfunctionreadFlag() { if (!isset($this->flag) && file_exists($this->flagfile)) { $this->flag = join("", file($this->flagfile)); } } publicfunctionshowFlag() { if ($this->isAllowedToSeeFlag) { echo "Theflagis:" . $this->flag; } else { echo "Theflagis:[You'renotallowedtoseeit!]"; } } } functionsecure_jsonify($obj) { $data = array(); $data['class'] = get_class($obj); $data['properties'] = array(); foreach ($obj->__shutdown() as & $key) { $data['properties'][$key] = serialize($obj->$key); } returnjson_encode($data); } functionsecure_unjsonify($json, $allowed_classes) { $data = json_decode($json, true); if (!in_array($data['class'], $allowed_classes)) { thrownewException("ErrorProcessingRequest", 1); } $obj = new $data['class'](); foreach ($data['properties'] as $key => $value) { $obj->$key = unserialize($value, ['allowed_classes' => false]); } $obj->__startup(); return $obj; } if (isset($_GET['show']) && isset($_GET['obj']) && isset($_GET['flagfile'])) { $f = secure_unjsonify($_GET['obj'], array( 'Flag' )); $f->setFlagFile($_GET['flagfile']); $f->readFlag(); $f->showFlag(); } elseif (isset($_GET['show'])) { $f = newFlag(); $f->flagfile = "./flag.php"; $f->readFlag(); $f->showFlag(); } else { header("Content-Type:text/plain"); echopreg_replace('/\s+/', '', str_replace("\n", '', file_get_contents("./index.php"))); } //With<3by@gehaxelt ?> ```