I have this PHP code that contacts an external API
$arr = array(
"domain_name" => $_POST["domain"],
"auto_renew" => false,
"domain_lock" => false,
"whois_privacy" => false,
"contact_registrant_id" => $_POST["registrant_contact"],
"contact_admin_id" => $_POST["admin_contact"],
"contact_tech_id" => $_POST["tech_contact"],
"contact_billing_id" => $_POST["billing_contact"],
"auth_code" =>($_POST["auth_code"])
);
The value I am posting for $_POST["auth_code"] is l&"IkM%Wbjjq7
However, when it posts this value, its being posted as l&\\\"IkM%Wbjjq7
So its adding the slashes, which is causing a problem.
it may help you. The "magic_quotes_gpc" might be on.You can disable it in php.ini.
magic_quotes_gpc = Off
OR
$str = $_POST["auth_code"];
echo get_magic_quotes_gpc() ? stripslashes($str) : $str;
OR
echo stripslashes($str);
This is probably due to magic quotes. See https://stackoverflow.com/a/517027/4275413 and http://php.net/manual/de/security.magicquotes.disabling.php for further details (second link official way to "disable" them).
This once was a good idea to protect the user (read the coder) from himself, when inserting stuff into the database or some other place, by adding escaping by default, which of course ruins almost every script not expecting it.
Related
I cannot seem to get this working. I am trying to modify a very old script (of our late technician and close friend) which we use to be used for searching servers with which OS being used. This consists (as far as I can tell) out PHP and SMARTY.
I already tried escaping the content with slashes and using backticks. But it simply does not work. I really have no idea where to look. Below are the original two pieces of code (I couldn't find more parts for it, or I have overlooked).
Piece of PHP code from the 1st PHP-file:
$values['osname'] = array( '-' => 'no choice',
'5' => 'CentOS 5.x',
'6' => 'CentOS 6.x',
'7' => 'CentOS 7.x',
);
Piece of code from the 2nd PHP-file:
$osname = intval(Common::GPvar('osname'));
$_SESSION['form']['serverselect']['osname'] = $osname;
if ($osname != '-') { $where .= " AND dsh.sumup LIKE '%OS: CentOS ".$osname."%'"; }
This is being used in a search form, so when I select "CentOS 6.x" it will display all servers which have the text OS: CentOS 6.10 in it.
Now what I am trying to achieve is to make the following to work:
$values['osname'] = array( '-' => 'no choice',
'CentOS 5' => 'CentOS 5.x',
'CentOS 6' => 'CentOS 6.x',
'CentOS 7' => 'CentOS 7.x',
'Virtuozzo 7' => 'Virtuozzo 7.x',
);
I tried to escape the content, as I mentioned above, however that didn't work. So I am guessing the coding in the 2nd PHP-file also needs some adjusting. So I tried removing certain stuff, like "CentOS", "%" and several other things. But it does not work. The result is that, on a search, I am getting all servers being displayed (no matter what OS is on them).
I guess I did correctly on escaping the variables in the array, but the 2nd piece of coding is not compatible for some reason with the requested search input?
Anyone has an idea what I am doing wrong here?
You can remove intval(...) because intval will turn strings into integers
https://php.net/manual/en/function.intval.php
$osname = Common::GPvar('osname');
The whole code
$osname = Common::GPvar('osname');
$_SESSION['form']['serverselect']['osname'] = $osname;
if ($osname != '-') { $where .= " AND dsh.sumup LIKE '".$osname."%'"; }
Everyone, hello!
I'm currently trying to write to an .ini file from PHP, and I'm using Teoman Soygul's answer and code from here: How to read and write to an ini file with PHP
This works out great, although, when I save the data to it, it shows up strange in my .ini:
[Server] = ""
p_ip = "192.168.10.100"
p_port = 80
p_password = 1234
[Variable] = ""
string1_find = "Caution"
Most notably it also seems to see attempt to give the categories Server and Variable an empty value. Also, sometimes it saves the variable between consistency and sometimes not. How come there is no consistency here?
The code I'm using to find/post in PHP is this:
...
$a=array("[Server]"=>'',"p_ip"=>$_POST['pip'],"p_port"=>$_POST['pport'], "p_password"=>$_POST['pass'],
"[Variable]"=>'',"string1_find"=>$_POST['string1_find'],
...
If anyone could point me into the right direction, that would really be appreciated. Thank you!
You are not using right, you should be passing a multidimentional array instead:
$data = array(
'Server' => array(
'p_ip' => '192.168.10.100',
'p_port' => 80,
'p_password' => 1234,
),
'Variable' => array(
'string1_find' => 'Caution'
)
);
//now call the ini function from Soygul's answer
write_php_ini($data, 'file.ini');
Here is my output:
[Server]
p_ip = "192.168.10.100"
p_port = 80
p_password = 1234
[Variable]
string1_find = "Caution"
Notice that you need to create an extra array per new section and then you can start listing your custom definitions.
At the risk of getting a down vote I am going to ask this question to see if anyone can help me. I have been staring at this for a while and I can't figure it out.
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) on line 130
function pdf($type=null){
//get default or create a type
$data = $this->storeSessionData(
array(),
'SalesComp',
$this->variables
);
$type = ($type)? $type : $data['type']; //this is line 130
$this->set('data', $this->report('store', 'year', 3, $type));
$this->set(
'districtTitle',
array('N' => 'North', 'S' => 'South')
);
$districts = $this->Store->find(
'list',
array(
'fields' => array('Store', 'District'),
'conditions' => array('NOT' => array('District'=> 'O')
)
)
);
$this->set('districts', $districts);
$supervisor = $this->Store->find(
'list',
array('fields' => array('Store','Supervisor'),
'conditions' => array('NOT' => array('District'=> 'O')
)
)
);
$this->set('supervisor', $supervisor);
$this->set(
'supervisors',
$this->Supervisor->find(
'list',
array('fields' => array('Supervisor','ShortName')
)
)
);
$title = ($type == 'sales')?
'Sales Comparison Report':'Fuel Comparison Report';
$this->set('title', $title);
$this->layout = 'pdf';
$this->render();
}
The error suggests mismatched quotes or brackets somewhere. Unfortunately, when this happens, the line number in the error message may be some totally unrelated line -- it's just the first place where the compiler notices that the syntax is no longer valid. The error is actually somewhere before the code snippet in the question, so it's impossible for me to pinpoint it. Syntax highlighting in code editors can help in finding the mismatch.
You can find all php tokens here:
http://php.net/manual/en/tokens.php
There's 2 things about the marked line:
PHP is a scripted language with a VERY complicated syntax in reality. It might look simple, but in comparison to C or the like it's very complicated, and only because there where so many small (and many times incoherent) changes made over the years, and some things can't be changed anymore without breaking backwards compatibility. One of those things is handling of parantheses - PHP does not handle these in a mathematical way, but treat them specially depending on context. This means you should get rid of them in the marked line (there is no need for them in the first place either way)
"Invisible" (i.e. UTF8) whitespaces - these are source for many "strange" problems, especially if you develop on a mac (press alt + space). Easiest way to fix them: Retype the line. And DON'T try copy & pasting it, because you will copy the whitespace as well.
Also I would change the line to
if (! $type) $type = $data['type'];
I hope you know which values evaluate falsy in php, because it's not only NULL (you can find a list here: http://php.net/manual/en/language.types.boolean.php )
On a sidenote: PHP was developed as a simple way to write templates, so maybe you might want to have a look at some compiled programming languages if you want to build complex logic (C for example, which is by far simpler than PHP, and I've been doing PHP for more than 6 years now)
Try replacing
$type = ($type)? $type : $data['type'];
With
$type = $type ? $type : $data['type'];
I doubt that it makes any difference, but maybe a space between the variable named $type and the question mark is needed. For more information about this, check the PHP docs on the ternary operator.
I am primarily a PHP developer and have limited experience with Perl.
I was tasked with writing a queue script in Perl which checks against a database, and that is all working out great.
The problem I have is that in the Perl script I need to include a database hostname and password.
Right now I have them hard coded, which works fine, but my PHP application uses a global PHP array which holds the database hostname and password.I'd like to be able to use this PHP array in my Perl script.
Here is my PHP array
<?php
return array(
'database' => array(
'master' => array(
'hostname' => 'fd35:4776:6804:2:a::1',
'password' => 'password'
),
'slave' => array(
'hostname' => 'fd35:4776:6804:2:2::2',
'password' => 'password',
'profile' => true
)
)
);
I've tried searching with Google and have read many random posts on line, but I have yet been able to come up with a solution.
Does anyone have any ideas which I could try? If I'm missing any additional input, let me know and I can provide it.
Edit
Hopefully I worded this properly. How would I go about including this PHP array file so that I can manipulate it with Perl?
Alternative solutions are welcome too!
You've discovered one of the many reasons why code makes for bad config files. You should move the information to an actual config file, and access that file from both that .php file and from Perl.
JSON would make a decent file format here.
{
"database": {
"master": {
"hostname": "fd35:4776:6804:2:a::1",
"password": "password"
},
"slave": {
"hostname": "fd35:4776:6804:2:2::2",
"password": "password",
"profile": true
}
}
}
The Perl code would be
use JSON::XS qw( decode_json );
open (my $fh, '<:raw', $config_path)
or die("Can't open config file $config_path: $!\n");
my $file; { local $/; $file = <$fh>; }
my $config = decode_json($file);
On the PHP side, just replace the contents of the file you showed in your post with code to read the config file. I don't know PHP, but it should be quite simple. A quick search shows it might be
return json_decode(file_get_contents($config_path));
It would be simple to provide a short PHP program that dumps the array to a file in JSON format. That file can then be read from Perl using the JSON module.
This is all that is necessary.
<?php
$array = include 'array.php';
$fh = fopen('array.json', 'w');
fwrite($fh, json_encode($array));
fclose($fh);
?>
The resultant JSON file can then be read in a Perl program, like so:
use strict;
use warnings;
use JSON 'from_json';
my $data = do {
open my $fh, '<', 'array.json' or die $!;
local $/;
from_json(<$fh>);
};
use Data::Dump;
dd $data;
output
{
database => {
master => { hostname => "fd35:4776:6804:2:a::1", password => "password" },
slave => {
hostname => "fd35:4776:6804:2:2::2",
password => "password",
profile => bless(do{\(my $o = 1)}, "JSON::XS::Boolean"),
},
},
}
There is PHP::Include, which uses a source filter to let you have PHP blocks in your Perl code to declare variables. It also has a read_file() function that applies such a filter to a single PHP file.
But it seems to expect that your PHP has assignments (e.g. $config = array('database' => array(...) and changes those to Perl variable declarations.
In a few minutes of playing with it, I couldn't get it to do anything useful with your PHP code that uses return.
If you want a more "native Perl" solution, you can pretty much* just search and replace all your "array(" and their matching ")" to "{" and "}". That'll give you a perl datastructure called a "hash of hashes" (note: Unlike PHP, Perl refers to arrays with integer indicies as arrays (and uses the # sigil to denote variables containing them), but refers to array-like things with string indicies as "hashes" (and uses the % sigil to denote variables containing them)). The Perl keywords/concepts you probably want to read up on are:
Perl Data Structures: http://perldoc.perl.org/perldsc.html
and specifically the Hash Of Hashes section: http://perldoc.perl.org/perldsc.html#HASHES-OF-HASHES
and if you dont understand what $hashref = \%hash and %hash{key} and $hashref->{key} mean in Perl, you'd want to read http://perldoc.perl.org/perlref.html
Example code (note how similar the getConfig subroutine is to your PHP code):
#!/usr/bin/perl
use strict;
use warnings;
my $config=getConfig();
print "Database master host = " . $config->{database}{master}{hostname};
print "\n";
print "Database master password = " . $config->{database}{master}{password};
print "\n";
print "Database slave profile = " . $config->{database}{slave}{profile};
print "\n";
sub getConfig{
return {
'database' => {
'master' => {
'hostname' => 'fd35:4776:6804:2:a::1',
'password' => 'password'
},
'slave' => {
'hostname' => 'fd35:4776:6804:2:2::2',
'password' => 'password',
'profile' => 'true'
}
}
};
}
I said "pretty much", because your sample data used the bare word 'true' for the slave->profile value - that's a syntax error in Perl - you can change it to a bare 1, or quote the value as "true" to make it work. In Perl, the digit zero, the string "0" or the empty/nul string "" all evaluate to "false" in a boolean context, anything else evaluates to "true". Take care if you choose to automate PHP to Perl translation, there may be other PHP-isms which could catch you out like that.
So much good information here and it helped me out quite a bit to come up with a working solution.
Here is the perl script I've got working:
#!/usr/bin/perl
use PHP::Include;
include_php_vars( 'config.local.php' );
my $test = \%config;
print $test->{'database'}->{'master'}->{'hostname'};
I also took the PHP array and changed it so that it no longer return array() but $config = array() and then return $config;
This did the trick for me. Thank you!
I am creating a 3D Secure PHP Project. I am having a rather bizzare issue in that the "MD" code is going missing when re-submitting the Array of data
My code is as follows :
$paRes = $_REQUEST['PaRes'];
$md = $_REQUEST['MD'];
require "payment_method_3d.php";
x_load('cart','crypt','order','payment','tests');
/*
* For Debugging Purposes
* Only.
echo "The Value Of PaRes is : ";
echo $paRes;
*/
$soapClient = new SoapClient("https://www.secpay.com/java-bin/services/SECCardService?wsdl");
$params = array (
'mid' => '',
'vpn_pswd' => '',
'trans_id' => 'TRAN0095', // Transaction ID MUST match what was sent in payment_cc_new file
'md' => $md,
'paRes' => $paRes,
'options' => ''
);
It seems that the $_REQUEST['MD'] string seems to go missing AFTER the soap call. Although I am having difficulty print this out to the screen. The strange thing is the $paRes variable works without issue.
Any ideas why this would be the case?
Check your case. PHP array keys are case sensitive. From this little bit of code it looks as if the request variable may be 'md' instead of 'MD'.
Try $md = $_REQUEST['md'];
PHP array statements are case sensitive, so this should work:....
$md = $_REQUEST['md'];
Thanks for your responses guys.
What was happening was the include page was sitting in front of the request methods and causing issues loading the REQUEST methods to the page.