An easter egg is a “hidden message or feature in an object such as a movie, book, CD, DVD, or computer program.” (Wikipedia) Easter eggs are the ultimate inside joke—developers like to have fun, and sometimes insert these geeky in-jokes as part of a larger project. For example, Microsoft software engineers hid a flight simulator in Microsoft Excel 97, a clone of Spy Hunter in Excel 2000, and a version of pinball in Microsoft Word 97. An integrated chip design even includes the outline of a popular video game character, Sonic the Hedgehog. The software used to run the web is no different; it too was created by fun-loving developers, and there are occasional easter eggs.
PHP is a server-side technology used to provide a rich web experience. If you provide a special URL to a web site that runs PHP, you can make it display an image instead of the usual web page. These “magic images” were included into PHP by its developers; they are present in every standard PHP install. Most any site that uses PHP will display these magic images if you ask properly. For example, PHP’s own web site can be made to show a dog photo inside its normal logo.
Try it yourself
If you add ?= and a special code to any web address, you can test if the site is using PHP. Try out some example links (check ’em out while they work):
- PHP Logo (on php.net): http://www.php.net/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42
- Dog Logo (on php.net): http://www.php.net/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
- Dog Logo (on hardened-php.net): http://www.hardened-php.net/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
- Dog Logo (on truste.org): https://www.truste.org/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
- Zend logo (on php.net): http://www.php.net/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42
- PHP Credits (on php.net): http://www.php.net/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Update: It appears that digg has disabled this easter egg. I’ve changed the links above to point at php.net.
Read on for the technical details, including the location of these images within the PHP source tree.
Examining the Source Code
A quick search through PHP’s own source code reveals several of these images embedded within the code. The GUIDs are defined in the
ext/standard/info.h header file:
53 #define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42"
54 #define PHP_EGG_LOGO_GUID "PHPE9568F36-D428-11d2-A769-00AA001ACF42"
55 #define ZEND_LOGO_GUID "PHPE9568F35-D428-11d2-A769-00AA001ACF42"
56 #define PHP_CREDITS_GUID "PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000"
The images themselves are stored as binary data in the
main/logos.h header file. Most of the images included within PHP are perfectly reasonable; the PHP logo, Zend logo, and credits are all used by PHP to generate the output of the
phpinfo( ) function. The
PHP_EGG_LOGO_GUID is included (as the name indicates) as an easter egg. Interestingly, the main PHP logo switches to the easter egg logo (with the dog) on April 1st—clearly, an inside joke.
Easter eggs are fun, but there’s a down side: sometimes these hidden features introduce exploitable defects into software or leak vital system information. In this particular case, it appears that the dog in the easter egg is related to the PHP version number. One could easily write a web scanner to check if a site is running PHP and discover its version through a single HTTP request.
Fortunately, this easter egg is quite easy to disable. You can alter your
php.ini file to include the following line:
expose_php = 0
For More Information