I have a codeigniter helper called xssclean for input validating form data
If i give array it show each deprecated error.
Here is my function in my xssclean_helper.php
function xssclean($str) {
if (is_array($str)) {
while (list($key) = each($str)) {
$str[$key] = $xssclean($str[$key]);
}
return $str;
}
$str = _remove_invisible_characters($str);
$str = preg_replace('|\&([a-z\_0-9]+)\=([a-z\_0-9]+)|i', _xss_hash() . "\\1=\\2", $str);
$str = preg_replace('#(&\#?[0-9a-z]{2,})([\x00-\x20])*;?#i', "\\1;\\2", $str);
$str = preg_replace('#(&\#x?)([0-9A-F]+);?#i', "\\1\\2;", $str);
$str = str_replace(_xss_hash(), '&', $str);
$str = rawurldecode($str);
$str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", '_convert_attribute', $str);
$str = preg_replace_callback("/<\w+.*?(?=>|<|$)/si", '_html_entity_decode_callback', $str);
$str = _remove_invisible_characters($str);
$str = _remove_tabs($str);
$str = _never_allowed_str($str);
$str = _never_allowed_regx($str);
$str = str_replace(array('<?', '?' . '>'), array('<?', '?>'), $str);
$str = _never_allowed_words($str);
do {
$original = $str;
if (preg_match("/<a/i", $str)) {
$str = preg_replace_callback("#<a\s+([^>]*?)(>|$)#si", '_js_link_removal', $str);
}
if (preg_match("/<img/i", $str)) {
$str = preg_replace_callback("#<img\s+([^>]*?)(\s?/?>|$)#si", '_js_img_removal', $str);
}
if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) {
$str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '', $str);
}
} while ($original != $str);
unset($original);
$event_handlers = array('[^a-z_\-]on\w*', 'xmlns');
$str = preg_replace("#<([^><]+?)(" . implode('|', $event_handlers) . ")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
$naughty = 'alert|applet|audio|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|isindex|layer|link|meta|object|plaintext|style|script|textarea|title|video|xml|xss';
$str = preg_replace_callback('#<(/*\s*)(' . $naughty . ')([^><]*)([><]*)#is', '_sanitize_naughty_html', $str);
$str = preg_replace('#(alert|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $str);
$str = _never_allowed_str($str);
$str = _never_allowed_regx($str);
return $str;
}
At line no 3 i get error
The each() function is deprecated with PHP 7.2. But you can replace your while-loop with a foreach-loop:
function xssclean($str) {
if (is_array($str)) {
foreach($str as &$value){
$value = xssclean($value);
}
return $str;
}
// …
}
The $value variable is per default a copy of the array value. The & makes it a reference, this way you can update the value.
Manipulating the array while iterating over it, is not a good idea and can lead to errors.
Related
How can I process text with some codes.
So suppose I have text as below
Hello {::first_name::} {::last_name::},
How are you?
Your organisation is {::organisation::}
For any text between {:: and ::} should be evaluated to get its value.
I tried exploding text to array using space as delimiter and then parsing array items to look for "{::" and if found get string between "{::" and "::}" and calling database to get this field value.
So basically these will be db fields.
Below is the code I have tried
$msg = "Hello {::first_name::} {::last_name::},
How are you?
Your organisation is {::organisation::}";
$msg_array = explode(" ", $msg);
foreach ($msg_array as $str) {
if (strpos($str, "{::") !== false) {
$field_str = get_string_between($str, "{::", "::}");
$field_value = $bean->$field_str; //Logic that gets the value of the field
$msgStr .= $field_value . " ";
} else {
$msgStr .= $str . " ";
}
}
function get_string_between($string, $start, $end)
{
$string = ' ' . $string;
$ini = strpos($string, $start);
if ($ini == 0) return '';
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
Your script seems fine. Your script in fiddle
If you are looking for alternative way, you can try using preg_match_all() with str_replace(array, array, source)
<?php
$bean = new stdClass();
$bean->first_name = 'John';
$bean->last_name = 'Doe';
$bean->organisation = 'PHP Company';
$string = "Hello {::first_name::} {::last_name::}, How are you? Your organisation is {::organisation::}";
// find all placeholders
preg_match_all('/{::(.+?)::}/i', $string, $matches);
$placeholders = $matches[0];
//strings inside placeholders
$parts = $matches[1];
// return values from $bean by matching object property with strings inside placeholders
$replacements = array_map(function($value) use ($bean) {
// use trim() to remove unexpected space
return $bean->{trim($value)};
}, $parts);
echo $newstring = str_replace($placeholders, $replacements, $string);
Short format:
$string = "Hello {::first_name::} {::last_name::}, How are you? Your organisation is {::organisation::}";
preg_match_all('/{::(.+?)::}/i', $string, $matches);
$replacements = array_map(function($value) use ($bean) {
return $bean->{trim($value)};
}, $matches[1]);
echo str_replace($matches[0], $replacements, $string);
And if you prefer to use a function:
function holder_replace($string, $source = null) {
if (is_object($source)) {
preg_match_all('/{::(.+?)::}/i', $string, $matches);
$replacements = array_map(function($value) use ($source) {
return (property_exists(trim($value), 'source')) ? $source->{trim($value)} : $value;
}, $matches[1]);
return str_replace($matches[0], $replacements, $string);
}
return $string;
};
echo holder_replace($string, $bean);
OUTPUT:
Hello John Doe, How are you? Your organisation is PHP Company
fiddle
Or you can simply use str_replace function:
$data = "{:: string ::}";
echo str_replace("::}", "",str_replace("{::", "", $data));
Hello I have a problem with this function I want to show the result of the function to put in a variable and send it to the database but it does not show me anything you can see in the example in the Second Block when I added echo its show me but I don't know how to get that result out I did use return but it gave a different result
$fullname = "Ayoub Chafik" ;
function orderID($data){
$AKK = "AK". date('YmdHis');
$string = strtoupper($data);
$strs=explode(" ",$string);
foreach($strs as $str)
$str[0];
}
// I want to see resulte here of this function
echo orderID($fullname) ;
?>
This is the second Block
<?php
$fullname = "Ayoub Chafik" ;
function orderID($data){
echo $AKK = "AK". date('YmdHis');
$string = strtoupper($data);
$strs=explode(" ",$string);
foreach($strs as $str)
echo $str[0];
}
echo orderID($fullname) ;
?>
As I explained in comment you store it in a variable and return it. Check below example. Also it is a good practice to open the {} even its only one line for more readability.
$fullname = "Ayoub Chafik" ;
function orderID($data) {
$string = strtoupper($data);
$strs = explode(" ", $string);
$results = '';
foreach($strs as $str) {
$results .= $str[0];
}
return $results;
}
echo orderID($fullname) ;
Some examples varying output based on your code sample.
$fullname = "Ayoub Chafik";
function orderID($data){
$string = strtoupper($data);
$strs=explode(" ",$string);
foreach($strs as $str) {
return $str;
}
}
echo orderID($fullname) ;
// output "AYOUB"
function _orderID($data){
$return = false;
$string = strtoupper($data);
$strs=explode(" ",$string);
foreach($strs as $str) {
$return = $str;
}
return $return;
}
echo _orderID($fullname) ;
// output "CHAFIK"
function _orderID_($data){
$return = [];
$string = strtoupper($data);
$strs=explode(" ",$string);
foreach($strs as $str) {
array_push($return,$str);
}
return json_encode($return);
}
echo _orderID_($fullname) ;
// output ["AYOUB","CHAFIK"]
check the above examples on PHP SandBox
So there's my problem :
$var = "93 Avenue d'Aubière";
I used this $var with this function:
function stripAccents($str) {
$str = preg_replace('/[\x{00C0}\x{00C1}\x{00C2}\x{00C3}\x{00C4}\x{00C5}]/u','A', $str);
$str = preg_replace('/[\x{0105}\x{0104}\x{00E0}\x{00E1}\x{00E2}\x{00E3}\x{00E4}\x{00E5}]/u','a', $str);
$str = preg_replace('/[\x{00C7}\x{0106}\x{0108}\x{010A}\x{010C}]/u','C', $str);
$str = preg_replace('/[\x{00E7}\x{0107}\x{0109}\x{010B}\x{010D}}]/u','c', $str);
$str = preg_replace('/[\x{010E}\x{0110}]/u','D', $str);
$str = preg_replace('/[\x{010F}\x{0111}]/u','d', $str);
$str = preg_replace('/[\x{00C8}\x{00C9}\x{00CA}\x{00CB}\x{0112}\x{0114}\x{0116}\x{0118}\x{011A}]/u','E', $str);
$str = preg_replace('/[\x{00E8}\x{00E9}\x{00EA}\x{00EB}\x{0113}\x{0115}\x{0117}\x{0119}\x{011B}]/u','e', $str);
$str = preg_replace('/[\x{00CC}\x{00CD}\x{00CE}\x{00CF}\x{0128}\x{012A}\x{012C}\x{012E}\x{0130}]/u','I', $str);
$str = preg_replace('/[\x{00EC}\x{00ED}\x{00EE}\x{00EF}\x{0129}\x{012B}\x{012D}\x{012F}\x{0131}]/u','i', $str);
$str = preg_replace('/[\x{0142}\x{0141}\x{013E}\x{013A}]/u','l', $str);
$str = preg_replace('/[\x{00F1}\x{0148}]/u','n', $str);
$str = preg_replace('/[\x{00D2}\x{00D3}\x{00D4}\x{00D5}\x{00D6}\x{00D8}]/u','O', $str);
$str = preg_replace('/[\x{00F2}\x{00F3}\x{00F4}\x{00F5}\x{00F6}\x{00F8}]/u','o', $str);
$str = preg_replace('/[\x{0159}\x{0155}]/u','r', $str);
$str = preg_replace('/[\x{015B}\x{015A}\x{0161}]/u','s', $str);
$str = preg_replace('/[\x{00DF}]/u','ss', $str);
$str = preg_replace('/[\x{0165}]/u','t', $str);
$str = preg_replace('/[\x{00D9}\x{00DA}\x{00DB}\x{00DC}\x{016E}\x{0170}\x{0172}]/u','U', $str);
$str = preg_replace('/[\x{00F9}\x{00FA}\x{00FB}\x{00FC}\x{016F}\x{0171}\x{0173}]/u','u', $str);
$str = preg_replace('/[\x{00FD}\x{00FF}]/u','y', $str);
$str = preg_replace('/[\x{017C}\x{017A}\x{017B}\x{0179}\x{017E}]/u','z', $str);
$str = preg_replace('/[\x{00C6}]/u','AE', $str);
$str = preg_replace('/[\x{00E6}]/u','ae', $str);
$str = preg_replace('/[\x{0152}]/u','OE', $str);
$str = preg_replace('/[\x{0153}]/u','oe', $str);
$str = preg_replace('/[\x{0022}\x{0025}\x{0026}\x{0027}\x{00A1}\x{00A2}\x{00A3}\x{00A4}\x{00A5}\x{00A6}\x{00A7}\x{00A8}\x{00AA}\x{00AB}\x{00AC}\x{00AD}\x{00AE}\x{00AF}\x{00B0}\x{00B1}\x{00B2}\x{00B3}\x{00B4}\x{00B5}\x{00B6}\x{00B7}\x{00B8}\x{00BA}\x{00BB}\x{00BC}\x{00BD}\x{00BE}\x{00BF}]/u',' ', $str);
return $str;
}
This return an empty string if I use $var but it return the correct string if I use "93 Avenue d'Aubière" as a parameter.
I tried to use preg_last_error to check if there was any error but it return 0 that means no error.
I'm connectin my DB like this:
$db = new PDO('mysql:host=localhost;dbname=somedb;charset=utf8', 'username', 'password');
Getting data like this :
$sqlSelectCommandeExapaq = "SELECT * FROM commande_exapaq WHERE statut = 'en cours'";
$res = $db->query($sqlSelectCommande);
$arrayResCmd = $res->fetchAll();
Then I passed $arrayResCmd into this function :
public static function generateInterfaceFile($orders_array)
{
// Init file
$record = new DPDStation();
// Loop through each order
foreach ($orders_array as $order_data)
{
// Add data to file
$record->add($order_data['customer_adress'], 0, 35);
}
return $record;
}
And there is the DPDStation Constructor :
function __construct() {
$this->line = str_pad("", 1634);
$this->contenu_fichier = '';
}
And the add function :
function add($txt, $position, $length) {
$txt = $this->stripAccents($txt);
$this->line = substr_replace($this->line, str_pad($txt, $length), $position, $length);
}
And adding content into the file with :
$dpd = new DPDStation();
$record = $dpd->generateInterfaceFile($arrayResCmd);
file_put_contents($filename, '$VERSION=110'."\r\n", FILE_APPEND);
file_put_contents($filename, $record->contenu_fichier."\r\n", FILE_APPEND);
Because nothing was add to the file, I look into the stripAccents and the problem seems to come from it.
Thanks for your help :)
I have a csv file that contains company names. I would want to match it against my database. In order to have a cleaner and nearer matches, I am thinking of eliminating some company suffixes like 'inc', ' inc', ', inc.' or ', inc'. Here's my sample code:
$string = 'Inc Incorporated inc.';
$wordlist = array("Inc","inc."," Inc.",", Inc.",", Inc"," Inc");
foreach ($wordlist as &$word) {
$word = '/\b' . preg_quote($word, '/') . '\b/';
}
$string = preg_replace($wordlist, '', $string);
$foo = preg_replace('/\s+/', ' ', $string);
echo $foo;
My problem here is that the 'inc.' doesn't get removed. I'm guessing it has something to do with the preq_quote. But I just can't figure out how to solve this.
Try this :
$string = 'Inc incorporated inc.';
$wordlist = array("Inc","inc.");
foreach ($wordlist as $word) {
$string =str_replace($word, '', $string);
}
echo $string;
OR
$string = 'Inc Incorporated inc.';
$wordlist = array("Inc","inc.");
$string = str_replace($wordlist, '', $string);
echo $string;
This will output as 'corporated'...
If you want "Incorporated" as result, make the "I" is small.. and than run my above code (first one)...
Try this. It may involve type juggling at some point, but will have your desired result
$string = 'Inc Incorporated inc.';
$wordlist = array('Inc', 'inc.');
$string_array = explode(' ', $string);
foreach($string_array as $k => $a) {
foreach($wordlist as $b) {
if($b == $a){
unset($string_array[$k]);
}
}
$string_array = implode('', $string_array);
You can use this
$string = 'Inc Incorporated inc.';
$wordlist = array("Inc "," inc.");
$foo = str_replace($wordlist, '', $string);
echo $foo;
Run this code here
This will work for any number of elements in array...
$string = 'Inc Incorporated inc.';
$wordlist = array("Inc");
foreach($wordlist as $stripped)
$string = preg_replace("/\b". preg_quote($stripped,'/') ."(\.|\b)/i", " ", $string) ;
$foo = preg_replace('/\s+/', ' ', $string);
echo $foo;
I have made a script to highlight a word in a string. The script is below.
function highlight_text($text, $words){
$split_words = explode( " " , $words );
foreach ($split_words as $word){
$color = '#FFFF00';
$text = preg_replace("|($word)|Ui", "<span style=\"background:".$color.";\">$1</span>", $text );
}
return $text;
}
$text = '*bc';
$words = '*';
echo highlight_text($text, $words);
When running the script, I got the following error:
Warning: preg_replace(): Compilation failed: nothing to repeat at offset 1
Can anyone help me?
This can help you:
<?php
function highlight_text($text, $words){
$split_words = explode( " " , $words );
foreach ($split_words as $key=>$word){
if (preg_match('/[\'^£$%&*()}{##~?><>,|=_+¬-]/', $word))// looking for special characters
{
$word = preg_quote($word, '/');// if found output \ before that
}
$color = '#FFFF00';
$text = preg_replace("|($word)|Ui", "<span style=\"background:".$color.";\">$1</span>", $text );
}
return $text;
}
$text = '*bc';
$words = '*';
echo highlight_text($text, $words);
change "*" to "\*" and profit.
You can check if special character in function highlight_text
like:
function highlight_text($text, $words){
$split_words = explode( " " , $words );
foreach ($split_words as $word){
$str = '';
$word = str_split($word);
foreach ($word as $c) {
if ($c == '*') {
$str .= '\*';
}
else {
$str .= $c;
}
}
$color = '#FFFF00';
$text = preg_replace("|($str)|Ui", "<span style=\"background:".$color.";\">$1</span>", $text );
}
return $text;
}
Change your code to
function highlight_text($text, $words){
$split_words = explode( " " , $words );
foreach ($split_words as $word){
$color = '#FFFF00';
$word = preg_quote($word, '/');
$text = preg_replace("|$word|Ui", "<span style=\"background:".$color.";\">$0</span>", $text );
}
return $text;
}
$text = '*bc';
$words = '*';
echo highlight_text($text, $words);
then will be ok.