I use codeigniter with smarty.
I have a variable stored in the db called $serverName. I want to expand it to its actual value "Pedrosite". But when the page is loaded, it displays exactly {$serverName} and not the value.
So I found this solution on stackoverflow, using smarty's fetch function:
$data['content'] contains the text from the database.
$data['content'] = $this->CI->smarty->fetch('string:'.$data['content']);
With that, I can display the smarty vars, like: {$smarty.const.FCPATH}
But none of my custom $vars while they can be shown in a regular template (.tpl).
So I found this workaround that looks very hacky to me:
$this->CI->smarty->assign('serverName', $this->CI->config->item('server_name'));
I can put this in one of my __construct function and then it will affect the whole site, and then it loads properly. But I'm not sure it's the right way to proceed at all.
I don't really understand your question, but, if you have your variable $serverName and it content "Pedrosite" you can display it like that :
$this->smarty->assign('serverName' , $serverName);
$this->smarty->view('/modules/xxxxxx');
And display it in your .html file for example :
<p>{$serverName}</p>
Related
I am using wordpress for a web site. I am using snippets (my own custom php code) to fetch data from a database and echo that data onto my web site.
if($_GET['commentID'] && is_numeric($_GET['commentID'])){
$comment_id=$_GET['commentID'];
$sql="SELECT comments FROM database WHERE commentID=$comment_id";
$result=$database->get_results($sql);
echo "<dl><dt>Comments:</dt>";
foreach($result as $item):
echo "<dd>".$item->comment."</dd>";
endforeach;
echo "</dl>";
}
This specific page reads an ID from the URL and shows all comments related to that ID. In most cases, these comments are texts. But some comments should be able to point to other pages on my web site.
For example, I would like to be able to input into the comment-field in the database:
This is a magnificent comment. You should also check out this other section for more information
where getURLtoSectionPage() is a function I have declared in my functions.php to provide the static URLs to each section of my home page in order to prevent broken links if I change my URL pattern in the future.
I do not want to do this by using eval(), and I have not been able to accomplish this by using output buffers either. I would be grateful for any hints as to how I can get this working as safely and cleanly as possible. I do not wish to execute any custom php code, only make function calls to my already existing functions which validates input parameters.
Update:
Thanks for your replies. I have been thinking of this problem a lot, and spent the evening experimenting, and I have come up with the following solution.
My SQL "shortcode":
This is a magnificent comment. You should also check out this other section for more information
My php snippet in wordpress:
ob_start();
// All my code that echo content to my page comes here
// Retrieve ID from url
// Echo all page contents
// Finished generating page contents
$entire_page=ob_get_clean();
replaceInternalLinks($entire_page);
PHP function in my functions.php in wordpress
if(!function_exists("replaceInternalLinks")){
function replaceInternalLinks($reference){
mb_ereg_search_init($reference,"\[custom_func:([^\]]*):([^\]]*)\]");
if(mb_ereg_search()){
$matches = mb_ereg_search_getregs(); //get first result
do{
if($matches[1]=="getURLtoSectionPage" && is_numeric($matches[2])){
$reference=str_replace($matches[0],getURLtoSectionPage($matches[2]),$reference);
}else{
echo "Help! An unvalid function has been inserted into my tables. Have I been hacked?";
}
$matches = mb_ereg_search_regs();//get next result
}while($matches);
}
echo $reference;
}
}
This way I can decide which functions it is possible to call via the shortcode format and can validate that only integer references can be used.
I am safe now?
Don't store the code in the database, store the ID, then process it when you need to. BTW, I'm assuming you really need it to be dynamic, and you can't just store the final URL.
So, I'd change your example comment-field text to something like:
This is a magnificent comment. You should also check out this other section for more information
Then, when you need to display that text, do something like a regular expression search-replace on 'href="#comment-([0-9]+)"', calling your getURLtoSectionPage() function at that point.
Does that make sense?
I do not want to do this by using eval(), and I have not been able to accomplish this by using output buffers either. I would be grateful for any hints as to how I can get this working as safely and cleanly as possible. I do not wish to execute any custom php code, only make function calls to my already existing functions which validates input parameters.
Eval is a terrible approach, as is allowing people to submit raw PHP at all. It's highly error-prone and the results of an error could be catastrophic (and that's without even considering the possibly that code designed by a malicious attacker gets submitted).
You need to use something custom. Possibly something inspired by BBCode.
To put my question into context, I'm working on an entirely static website where 'post' pages are created by myself manually - there's no CMS behind it. Each page will require a <pre> <code> block to display code as text in a styled block. This could be very few - several which is why I'm trying to do this for ease.
Here's what I've done -
function outputCode($code) {
return "<pre class='preBlock'><code class='codeBlock'>".htmlentities($code)."</code></pre>";
}
The code works as expected and produces an expected outcome when it's able to grab code. My idea is to somehow wrap the code for the code block with this function and echo it out for the effect, fewer lines and better readability.
As I'm literally just creating pages as they're needed, is there even a way to create the needed code blocks with such function to avoid having to manually repeat all the code for each code block? Cheers!
EDIT:
I was previously using this function and it was working great as I was pulling code from .txt documents in a directory and storing the code for code blocks in a variable with file_get_contents(). However, now, I'm trying to get the function to work by manually inputting the code into the function.
Well. Wrapping the function input in ' ' completely slipped my mind! It works just fine now!
If I understand correctly, you want to re-use your outputCode function in several different PHP files, corresponding to posts. If yes, you could put this 1 function in its own file, called outputcode.php for example, and then do
include "outputcode.php";
in every post/PHP file that needs to re-use this function. This will pull in the code, from the one common/shared file, for use in each post/PHP file that needs it. Or maybe I'm misreading your last paragraph :(
Started learning php this week and had many doubts, but this is one of them which i couldn't find solution(Maybe i didn't know the right keyword to search for).
Is it possible to read variables in URL as a function inside a php file,
for example :
http://mywebsite.com/demo_app/phone_api/login/harsha/harshapass
Here demo_app is the folder, phone_api is the php file, and i want to invoke the function login, where harsha and harshapass is the paramaters to that function.
You'll need 2 things for this.
The first is mod_rewrite, this is an apache module. With this module you can rewrite the URL like you want, so that /demo_app/phone_api/ will redirect to your php file.
I advice that you read a tutorial somewhere about this, for example here.
Second thing is that you need to parse the URL.
With $_SERVER['REQUEST_URI'] you get the URL. With explode and/or preg_match you can parse this string into the parts you want (function, parameters, whatever).
If you have a more specific question about this, you can ask this here (in a new topic).
Good luck!
Did you consider sending the values as $_GET variables and retrieving them in the page like so:
http://mywebsite.com/demo_app/phone_api?login=login&harsha=harsha&harshapass=harshapass
so you can get the values in the phone_api.php page like:
$login = $_GET['login'];
$harsha = $_GET['harsha'];
$harshapass = $_GET['harshapass'];
$login($harsha, $harshapass){
//your function code.
}
Maybe it'll be easier this way.
I have built a custom CMS. Recently, I added the ability to create pages dynamically. I used CKEditor for the content of these pages.
I would also like to run some php functions that may be included in the content of the page stored in mysql.
I DO NOT want to store actual PHP code in the database, but rather function names perhaps. For example, in a page stored in the database I may have.
<?php //begin output
hello world!
check out this latest news article.
news($type, $id);
//end output
?>
What is the best way to find and execute this existing function without using EVAL if its found in the output? I was thinking along the lines of wordpress style short codes. Maybe [[news(latest, 71]] ? Then have a function to find and execute these functions if they exist in my functions.php file. Not really sure the best way to go about this.
I'm not searching for any code answers, but more of a best practice for this type of scenario, especially one that is safest against possible injections.
I found a solution from digging around and finding this thread
How to create a Wordpress shortcode-style function in PHP
I am able to pass short codes like this in CKEditor
[[utube 1 video_id]]
Then, in my page that renders the code:
print shortcodify($page_content);
using this function:
function shortcodify($string){
return preg_replace_callback('#\[\[(.*?)\]\]#', function ($matches) {
$whitespace_explode = explode(" ", $matches[1]);
$fnName = array_shift($whitespace_explode);
return function_exists($fnName) ? call_user_func_array($fnName,$whitespace_explode) : $matches[0];
}, $string);
}
If the function name exist (utube) it will fire the function.
Only problem Im having at the moment is not matter where I place the [[shortcode]] in my editor, it always executes first.
For example, in CKEditor I put:
Hello world! Check out my latest video
[[utube 1 video_id]]
It will always put the text under the video instead of where it is in the document. I need to figure a way to have the short code execute in the order it is placed.
I need to see all the variables that are available in a view. I am a front end developer so I mostly work in the views directory. I don't always know which variables are being passed to the templates by the back end dev. Instead of asking him every time an easy solution would be some type of snippet that I can temporarily paste into the view that I'm working on so I can see all the available variables and even better if I can also see their types and values.
I tried this:
<pre><?php var_dump(get_defined_vars()); ?></pre>
But since I am using Codeigniter it also shows all the other tons and tons of variables that are passed in by the framework.
I only want to display the variables that were passed specifically from the controller that loaded the view. Is there any way to do this?
var_dump($this->_ci_cached_vars);
One possibility could be to do something like this:
$data['user'] = $user;
$data['cart'] = $cart;
$data['data'] = $data;
$this->load->view('view', $data);
If you did something like this, then you could always access a data array that looked the same as before it was parsed for the view.
Then you could use something like print_r or whatever you wanted to take a look at the array.