Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
0 user currently in Programming. | 3 guests |
Acmlm's Board - I2 Archive - Programming - Any way to do this in PHP? | | | |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 5079/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
I've set up my website with a PHP-base automated news system which is quite nice. The code basically just opens up a text file and does this:while (!feof($file)) I'm looking for a way that I could embed PHP code in the file. That is if I stuck something like in the text file it would execute the code and just output 'test' rather than outputting the PHP code itself. [edit] Forgot to escape a < I'm gonna murder that < (edited by HyperHacker on 06-19-05 03:44 PM) (edited by HyperHacker on 06-20-05 12:15 AM) |
|||
Ramsus Octoballoon Level: 19 Posts: 107/162 EXP: 34651 For next: 1126 Since: 01-24-05 From: United States Since last post: 39 days Last activity: 71 days |
| ||
If your $file variable is tainted (i.e. comes from outside the script, like a $_GET variable), then check it first. For example, suppose we only want names with letters, numbers , and dashes (which should be very secure): preg_match('/^[\\w\\d_\\-]+$/', $page)) or die "Error: invalid page name."; Add a folder prefix (since we don't want to messy up our toplevel) and a .php extension (so users can't stumble across the PHP code): $page = "some_folder_for_pages/" . $page . ".php"; Make sure it exists.: file_exists($page) or die "Error: page does not exist."; Then run include as follows, which evaluates any PHP code in the file: include($page); Even if you just use regular file functions, remember to taint check. (edited by Ramsus on 06-19-05 07:05 AM) (edited by Ramsus on 06-19-05 07:06 AM) |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 5087/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Yes, I check that... The file comes from a directory listing which the user has no control over though, so it's not especially important. The main issue is leaving the system intact - if I just include the file, it won't work the way I have it now. My code reads one line and assigns it to one variable, another line to another variable, and then prints all the rest of the lines. Plus as an unxepected but nice side-effect of printing a < |
|||
King_Killa Koopa Level: 15 Posts: 43/117 EXP: 15096 For next: 1288 Since: 06-13-05 From: Shangri-La Since last post: 37 days Last activity: 18 days |
| ||
you'll probably need to use EVAL(); Use the regex to seperate PHP from text, and eval the php code. (edited by King_Killa on 06-19-05 04:07 PM) |
|||
Ramsus Octoballoon Level: 19 Posts: 108/162 EXP: 34651 For next: 1126 Since: 01-24-05 From: United States Since last post: 39 days Last activity: 71 days |
| ||
Just buffer the output. Next time list any extra requirements or show the related code if you want better suggestions. <?php $lines = array(); function breaklines($buffer) { global $lines; // Save the first few lines in a global array. $lines[] = strtok($buffer, "\n"); $lines[] = strtok("\n"); $lines[] = strtok("\n"); // Replace newlines with HTML linebreaks return str_replace("\n", "<br />", $buffer); } // Set some variables for the included script to use $title = "Some title."; $name = "Some name."; ob_start(breaklines); // Start buffering output and send it to breaklines() include("content.php"); // Include the content PHP file. It gets parsed normally, but the output is buffered and sent to breaklines() ob_end_flush(); // Get the result from breaklines() and send it to the browser // Note that breaklines saved the first few lines in a global array echo " And the first three lines we saved are:" |
|||
King_Killa Koopa Level: 15 Posts: 44/117 EXP: 15096 For next: 1288 Since: 06-13-05 From: Shangri-La Since last post: 37 days Last activity: 18 days |
| ||
Oh yea, that'll work better than eval. I was thinking of when I stored PHP code in an SQL table, and got it running. | |||
Ramsus Octoballoon Level: 19 Posts: 109/162 EXP: 34651 For next: 1126 Since: 01-24-05 From: United States Since last post: 39 days Last activity: 71 days |
| ||
I thought about eval too, but then I saw how PHP implemented it and immediately looked up buffering instead (I saw a few examples of using ob_ functions a year or so ago from an article that PHP Savant pretty much grew out of). eval sounds useful for small bits of PHP code, but for a large file, include is about as fast and efficient as readfile, while still evaluating the PHP code. That's part of the reason I try to use it in place of other methods whenever possible (along with functions like str_replace and explode). (edited by Ramsus on 06-19-05 04:57 PM) |
Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - Programming - Any way to do this in PHP? | | | |