I wanted to send a function using some sort of transmission to another script.
For this I needed to pack this function in an PHP evaluable payload (evalueate it as a string in another PHP file may be on another server).
$abc = "testABC";
$xyz = new TestClass();
$test = true;
$x = function () use ($test, $xyz, $abc) {
echo $abc;
var_dump($test, $xyz);
};
This function will be packed into a string like this:
$payload = function () {
$test = unserialize('b:1;');
$xyz = unserialize('O:9:"TestClass":0:{}');
$abc = unserialize('s:7:"testABC";');
echo $abc;
var_dump($test, $xyz);
};
To get this done, I wrote following function which pulls out the functions code, matches any use(...) clauses and renames the variable it is called. In the end, it'll assign the use(...) variables as a unserializeable string.
function packAnonFunction($payload, ...$args) {
$func = new ReflectionFunction($payload);
$filename = $func->getFileName();
$start_line = $func->getStartLine() - 1;
$end_line = $func->getEndLine();
$length = $end_line - $start_line;
$source = file($filename);
$body = implode("", array_slice($source, $start_line, $length));
$body = preg_replace('/(\$[a-z]+)\ \=\ function/', '\\$payload = function', $body);
if(preg_match('/use\s\((\$[a-zA-Z0-9]+(?:,\s\$[a-zA-Z0-9]+)*)\)/', $body, $matches)) {
$vars = $matches[1];
if(strpos($vars, ', ') !== false) {
$parts = explode(', ', $vars);
} else {
$parts = [$vars];
}
$return = [];
foreach($parts as $key => $variable) {
$return[$variable] = $args[$key];
}
$variableString = "";
foreach($return as $var => $value) {
$value = serialize($value);
$variableString .= "\t{$var} = unserialize('{$value}');\n";
}
$body = str_replace(" use (" . $vars . ")", "", $body);
$body = str_replace("{\n", "{\n" . $variableString, $body);
}
return $body;
}
You could just use it like this:
$abc = "testABC";
$xyz = new TestClass();
$test = true;
$x = function () use ($test, $xyz, $abc) {
echo $abc;
var_dump($test, $xyz);
};
echo packAnonFunction($x, $test, $xyz, $abc);
The only lag I wasn't to get around is, that you'll have to put the args ($test, $xyz, $abc) in the same order as you assigned the use(...) statement.
See it in operation: https://3v4l.org/89pXm
So what do you think about it?
Related
I have a URL, e.g:
https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/.
From the above URL, I want to extract my-product-name-display if this URL contains it, if not, I want the string after /ex/{BYADE3323} as below URL does not contain my-product-name-display.
https://www.example.com/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/
I have tried below code:
`$url_param = "https://www.example.com/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/";`
or
`$url_param = "https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/";`
$e_product_title = explode('.com/', $url_param);
if(isset($e_product_title)){
$product_title = $e_product_title[1];
//now explode the ex
$get_asin = explode('/ex/',$product_title);
$final_product_title = str_replace('-',' ',$get_asin[0]);
$get_asin_final = explode('/', $get_asin[1]);
$asin_v2 = $get_asin_final[0];
}
else{
$get_asin = explode('/ex/',$url_param);
print_r($get_asin);
}
echo $final_product_title." ".$asin_v2;
Thanks in advance.
You can explode() the string,
Check if my-product-name-display and BYADE3323 is in the array.
If present, find out BYADE3323's index.
Add 1 to it and check if the next element is present.
<?php
$str = 'https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/';
$str = str_replace('://', '__', $str);
$arr = explode('/', $str);
$return = '';
if (in_array('my-product-name-display', $arr) && in_array('BYADE3323', $arr)) {
$idx = array_search('BYADE3323', $arr);
$idx2 = $idx + 1;
if (! empty($idx) && ! empty($arr[$idx2])) {
$idx += 1;
$return = $arr[$idx2];
}
}
echo $return;
EDIT:
As per comments from OP, following is the program for array of urls and array of search strings.
<?php
$searchStrings = [];
$searchStrings[] = ['my-product-name-display', 'BYADE3323'];
$searchStrings[] = ['your-product-name-display', 'BYADE4434'];
$urls = [];
$urls[] = 'https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/';
$urls[] = 'https://www.example.com/your-product-name-display/ex/BYADE4434/wgsi?nfh3420000ooo2323nfnf/';
$urls[] = 'https://www.example.com/their-product-name-display/ex/TEST343/wgsi?nfh3420000ooo2323nfnf/';
$urls[] = 'https://www.example.com/my-product-name-display/ex/ANASDF33/wgsi?nfh3420000ooo2323nfnf/';
$urls[] = 'https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/';
$return = [];
if (! empty($urls)) {
foreach ($urls as $url) {
if (! empty($searchStrings)) {
foreach ($searchStrings as $searchString) {
$str = implode('/ex/', $searchString);
if (strpos($url, $str) !== false) {
$arr = explode('/', $url);
$idx = array_search('BYADE3323', $arr);
$idx2 = $idx + 1;
if (! empty($idx) && ! empty($arr[$idx2])) {
$idx += 1;
$return[] = $arr[$idx2];
}
}
}
}
}
}
echo '<pre>';
print_r($return);
echo '</pre>';
Output:
Array
(
[0] => wgsi?nfh3420000ooo2323nfnf
[1] => wgsi?nfh3420000ooo2323nfnf
)
Try this to fetch from URL values.
pass url to the function. You can extract it.
Here is the URL :
https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/
So when u want only BYADE3323 this value.
When you print $parts array, you can find every values after your Host name.
Where your host name is https://www.example.com.
function GetStringAfterSecondSlashInURL($the_url)
{
$parts = explode("/",$the_url,3);
if(isset($parts[2]))
return $parts[2];
}
Use parse_url() function this will help you definitely.
You can refer it from official PHP site: parse-url.
You can use strpos to identify weather 'my-product-name-display' is exist s in url or not and execute code accordingly.
strpos($url_param, 'my-product-name-display') !== false
Modified code:
function get_product_title($url_param) {
$get_asin = explode('/ex/', $url_param);
$get_asin_final = explode('/', $get_asin[1]);
$asin_v2 = $get_asin_final[0];
return $asin_v2;
}
$url_param = "https://www.example.com/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/";
$url_param = "https://www.example.com/my-product-name-display/ex/BYADE3323/wgsi?nfh3420000ooo2323nfnf/";
$product_name = '';
if (strpos($url_param, 'my-product-name-display') !== false) {
$e_product_title = explode('.com/', $url_param);
if (isset($e_product_title)) {
$product_title = $e_product_title[1];
//now explode the ex
$product_name = get_product_title($product_title);
}
echo "my product name display" . $product_name;
}
else {
$product_name = get_product_title($url_param);
echo $product_name;
}
I am designing an application and in my modal came across a strange error where i am unable to edit the entry
Below is the modal where its showing the error lies :
<?php
include_once dirname(dirname(dirname(__FILE__))) . "/const.php";
include_once PHP_PATH . "/config1.php";
include_once CONFIG_PATH.'/modal/routemgmt/route_mgmt.php';
function sanitize($input) {
if (is_array($input))
return array_map('sanitize', $input);
else
return htmlspecialchars(trim($input));
}
// Sanitize all the incoming data
$sanitized = array_map('sanitize', $_POST);
$reason = $sanitized['reason'];
if($reason == "insert"){
$staffs = [];
$stops = [];
$name = $sanitized['rname'];
$code = $sanitized['rcode'];
$desc = $sanitized['rdesc'];
$vnum = $sanitized['vnum'];
$stf = $_POST['staff'];
$st = isset($_POST['stops'])? $_POST['stops']: [];
$st = [];
// foreach($staffs as $staff){
// $stf[] = array_map('sanitize', $staff);
// }
// if(isset($stops)){
// foreach($stops as $stop){
// $st[] = array_map('sanitize', $stop);
// }
// }
$val = insertRoute($conn,$name, $code, $desc, $vnum, $stf, $stops);
echo $val;
}
if($reason == "view"){
$id = $sanitized['id'];
$val = [];
$val = viewRoute($conn,$id);
echo json_encode($val);
}
if($reason == "edit"){
$stf = [];
$stp = [];
$id = $sanitized['pkid'];
$name = $sanitized['rname'];
$code = $sanitized['rcode'];
$desc = $sanitized['rdesc'];
$vnum = $sanitized['vnum'];
$estaffs = $_POST['estaff'];
$estops = $_POST['estops'];
$edel = $_POST['del'];
foreach($estaffs as $val){
$stf[] = array_map('sanitize', $val);
}
foreach($estops as $val){
$stp[] = array_map('sanitize', $val);
}
$cnt = 0;$n_stp = [];
for($i = 0; $i<sizeof($stp); $i++){
if($stp[$i]['stat'] != "Exist"){
$n_stp[$cnt] = $stp[$i];
$cnt++;
}
}
$val = editValues($conn,$id, $name, $code, $desc, $vnum, $stf, $n_stp, $edel);
echo $val;
}
if($reason == "delRoute"){
$id = $sanitized['id'];
$val = delRoute($conn,$id);
echo $val;
}
I tried changing the function to :
function sanitize($input) {
return htmlspecialchars(trim($input));
}
But then it started giving me the below error
<b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>C:\xampp\htdocs\gurukul\demo2\controller\routemgmt\route_mgmt.php</b> on line <b>7</b><br />
As far as I can understand its passing an array instead of string in trim.
Can someone please guide me how can I resolve this ? Tried few debugging steps but didnt get succeded
In this function you are returning array in your if statement when it should just be a string all the time.
Replace:
function sanitize($input) {
if (is_array($input))
return array_map('sanitize', $input);
else
return htmlspecialchars(trim($input));
}
With:
function sanitize($input) {
if (is_array($input))
return sanitize($input);
else
return htmlspecialchars(trim($input));
}
You need to return value as string not array. Don't mess with the $_POST one.
Replace all:
array_map('sanitize', $val);
With:
sanitize($val);
I am designing an application and in my modal came across a strange error
<b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>C:\xampp\htdocs\gurukul\demo2\controller\routemgmt\route_mgmt.php</b> on line <b>7</b><br />
61
As far as I can understand its passing an array instead of string in trim. Below is the modal where its showing the error lies :
<?php
include_once dirname(dirname(dirname(__FILE__))) . "/const.php";
include_once PHP_PATH . "/config1.php";
include_once CONFIG_PATH.'/modal/routemgmt/route_mgmt.php';
function sanitize($input) {
return htmlspecialchars(trim($input));
}
// Sanitize all the incoming data
$sanitized = array_map('sanitize', $_POST);
$reason = $sanitized['reason'];
if($reason == "insert"){
$staffs = [];
$stops = [];
$name = $sanitized['rname'];
$code = $sanitized['rcode'];
$desc = $sanitized['rdesc'];
$vnum = $sanitized['vnum'];
$stf = $_POST['staff'];
$st = isset($_POST['stops'])? $_POST['stops']: [];
$st = [];
// foreach($staffs as $staff){
// $stf[] = array_map('sanitize', $staff);
// }
// if(isset($stops)){
// foreach($stops as $stop){
// $st[] = array_map('sanitize', $stop);
// }
// }
$val = insertRoute($conn,$name, $code, $desc, $vnum, $stf, $stops);
echo $val;
}
if($reason == "view"){
$id = $sanitized['id'];
$val = [];
$val = viewRoute($conn,$id);
echo json_encode($val);
}
if($reason == "edit"){
$stf = [];
$stp = [];
$id = $sanitized['pkid'];
$name = $sanitized['rname'];
$code = $sanitized['rcode'];
$desc = $sanitized['rdesc'];
$vnum = $sanitized['vnum'];
$estaffs = $_POST['estaff'];
$estops = $_POST['estops'];
$edel = $_POST['del'];
foreach($estaffs as $val){
$stf[] = array_map('sanitize', $val);
}
foreach($estops as $val){
$stp[] = array_map('sanitize', $val);
}
$cnt = 0;$n_stp = [];
for($i = 0; $i<sizeof($stp); $i++){
if($stp[$i]['stat'] != "Exist"){
$n_stp[$cnt] = $stp[$i];
$cnt++;
}
}
$val = editValues($conn,$id, $name, $code, $desc, $vnum, $stf, $n_stp, $edel);
echo $val;
}
if($reason == "delRoute"){
$id = $sanitized['id'];
$val = delRoute($conn,$id);
echo $val;
}
Can someone please guide me how can I resolve this ? Tried few debugging steps but didnt get succeded
You could rewrite your sanitize function as:
function sanitize($input) {
if (is_array($input))
return array_map('sanitize', $input);
else
return htmlspecialchars(trim($input));
}
That way it will handle a value passed to it which is an array.
Your $_POST variable probably contains some kind of array. Either figure out what you're posting by checking the output of var_dump($input) inside your sanitize function or change it to this:
function sanitize($input) {
return htmlspecialchars(trim((string) $input));
}
if you just want it to work.
$variable = "test_company_insurance_llc_chennai_limited_w-8tyu.pdf";
I need to display above the $variable like
Test Company Insurance LLC Chennai Limited W-8TYU.pdf
For that I've done:
$variable = str_replace("_"," ","test_company_insurance_llc_chennai_limited_w-8tyu.pdf");
$test = explode(" ", $variable);
$countof = count($test);
for ($x=0; $x<$countof; $x++) {
if($test[$x] == 'w-8tyu' || $test[$x] == 'llc') {
$test[$x] = strtoupper($test[$x]);
//todo
}
}
I've got stuck in the to-do part.
I will change the specific words to uppercase using strtoupper.
Later, how should I need to merge the array?
Any help will be thankful...
$str_in = "test_company_insurance_llc_chennai_limited_w-8tyu.pdf";
$lst_in = explode("_", $str_in);
$lst_out = array();
foreach ($lst_in as $val) {
switch($val) {
case "llc" : $lst_out[] = strtoupper($val);
break;
case "w-8tyu.pdf" : $lst_temp = explode('.', $val);
$lst_out[] = strtoupper($lst_temp[0]) . "." . $lst_temp[1];
break;
default : $lst_out[] = ucfirst($val);
}
}
$str_out = implode(' ', $lst_out);
echo $str_out;
Not terribly elegant, but perhaps slightly more flexible.
$v = str_replace("_"," ","test_company_insurance_llc_chennai_limited_w-8tyu.pdf");
$acronyms = array('llc', 'w-8tyu');
$ignores = array('pdf');
$v = preg_replace_callback('/(?:[^\._\s]+)/', function ($match) use ($acronyms, $ignores) {
if (in_array($match[0], $ignores)) {
return $match[0];
}
return in_array($match[0], $acronyms) ? strtoupper($match[0]) : ucfirst($match[0]);
}, $v);
echo $v;
The ignores can be removed provided you separate the extension from the initial value.
See the code below. I have printed the output of the code as your expected one. So Run it and reply me...
$variable = str_replace("_"," ","test_company_insurance_llc_chennai_limited_w-8tyu.pdf");
$test = explode(" ", $variable);
$countof = count($test);
for ($x=0; $x<$countof; $x++) {
if($test[$x] == 'llc') {
$test[$x] = strtoupper($test[$x]);
//todo
}elseif($test[$x] == 'w-8tyu.pdf'){
$file=basename($test[$x],'pdf');
$info = new SplFileInfo($test[$x]);
$test[$x] = strtoupper($file).$info->getExtension();
}
else{
$test[$x]=ucfirst($test[$x]);
}
}
echo '<pre>';
print_r($test);
echo '</pre>';
echo $output = implode(" ", $test);
I'm writing code to recursively replace predefined variables from inside a given string. The variables are prefixed with the character '%'. Input strings that start with '^' are to be evaluated.
For instance, assuming an array of variables such as:
$vars['a'] = 'This is a string';
$vars['b'] = '123';
$vars['d'] = '%c'; // Note that $vars['c'] has not been defined
$vars['e'] = '^5 + %d';
$vars['f'] = '^11 + %e + %b*2';
$vars['g'] = '^date(\'l\')';
$vars['h'] = 'Today is %g.';
$vars['input_digits'] = '*****';
$vars['code'] = '%input_digits';
The following code would result in:
a) $str = '^1 + %c';
$rc = _expand_variables($str, $vars);
// Result: $rc == 1
b) $str = '^%a != NULL';
$rc = _expand_variables($str, $vars);
// Result: $rc == 1
c) $str = '^3+%f + 3';
$rc = _expand_variables($str, $vars);
// Result: $rc == 262
d) $str = '%h';
$rc = _expand_variables($str, $vars);
// Result: $rc == 'Today is Monday'
e) $str = 'Your code is: %code';
$rc = _expand_variables($str, $vars);
// Result: $rc == 'Your code is: *****'
Any suggestions on how to do that? I've spent many days trying to do this, but only achieved partial success. Unfortunately, my last attempt managed to generate a 'segmentation fault'!!
Help would be much appreciated!
Note that there is no check against circular inclusion, which would simply lead to an infinite loop. (Example: $vars['s'] = '%s'; ..) So make sure your data is free of such constructs.
The commented code
// if(!is_numeric($expanded) || (substr($expanded.'',0,1)==='0'
// && strpos($expanded.'', '.')===false)) {
..
// }
can be used or skipped. If it is skipped, any replacement is quoted, if the string $str will be evaluated later on! But since PHP automatically converts strings to numbers (or should I say it tries to do so??) skipping the code should not lead to any problems.
Note that boolean values are not supported! (Also there is no automatic conversion done by PHP, that converts strings like 'true' or 'false' to the appropriate boolean values!)
<?
$vars['a'] = 'This is a string';
$vars['b'] = '123';
$vars['d'] = '%c';
$vars['e'] = '^5 + %d';
$vars['f'] = '^11 + %e + %b*2';
$vars['g'] = '^date(\'l\')';
$vars['h'] = 'Today is %g.';
$vars['i'] = 'Zip: %j';
$vars['j'] = '01234';
$vars['input_digits'] = '*****';
$vars['code'] = '%input_digits';
function expand($str, $vars) {
$regex = '/\%(\w+)/';
$eval = substr($str, 0, 1) == '^';
$res = preg_replace_callback($regex, function($matches) use ($eval, $vars) {
if(isset($vars[$matches[1]])) {
$expanded = expand($vars[$matches[1]], $vars);
if($eval) {
// Special handling since $str is going to be evaluated ..
// if(!is_numeric($expanded) || (substr($expanded.'',0,1)==='0'
// && strpos($expanded.'', '.')===false)) {
$expanded = "'$expanded'";
// }
}
return $expanded;
} else {
// Variable does not exist in $vars array
if($eval) {
return 'null';
}
return $matches[0];
}
}, $str);
if($eval) {
ob_start();
$expr = substr($res, 1);
if(eval('$res = ' . $expr . ';')===false) {
ob_end_clean();
die('Not a correct PHP-Expression: '.$expr);
}
ob_end_clean();
}
return $res;
}
echo expand('^1 + %c',$vars);
echo '<br/>';
echo expand('^%a != NULL',$vars);
echo '<br/>';
echo expand('^3+%f + 3',$vars);
echo '<br/>';
echo expand('%h',$vars);
echo '<br/>';
echo expand('Your code is: %code',$vars);
echo '<br/>';
echo expand('Some Info: %i',$vars);
?>
The above code assumes PHP 5.3 since it uses a closure.
Output:
1
1
268
Today is Tuesday.
Your code is: *****
Some Info: Zip: 01234
For PHP < 5.3 the following adapted code can be used:
function expand2($str, $vars) {
$regex = '/\%(\w+)/';
$eval = substr($str, 0, 1) == '^';
$res = preg_replace_callback($regex, array(new Helper($vars, $eval),'callback'), $str);
if($eval) {
ob_start();
$expr = substr($res, 1);
if(eval('$res = ' . $expr . ';')===false) {
ob_end_clean();
die('Not a correct PHP-Expression: '.$expr);
}
ob_end_clean();
}
return $res;
}
class Helper {
var $vars;
var $eval;
function Helper($vars,$eval) {
$this->vars = $vars;
$this->eval = $eval;
}
function callback($matches) {
if(isset($this->vars[$matches[1]])) {
$expanded = expand($this->vars[$matches[1]], $this->vars);
if($this->eval) {
// Special handling since $str is going to be evaluated ..
if(!is_numeric($expanded) || (substr($expanded . '', 0, 1)==='0'
&& strpos($expanded . '', '.')===false)) {
$expanded = "'$expanded'";
}
}
return $expanded;
} else {
// Variable does not exist in $vars array
if($this->eval) {
return 'null';
}
return $matches[0];
}
}
}
I now have written an evaluator for your code, which addresses the circular reference problem, too.
Use:
$expression = new Evaluator($vars);
$vars['a'] = 'This is a string';
// ...
$vars['circular'] = '%ralucric';
$vars['ralucric'] = '%circular';
echo $expression->evaluate('%circular');
I use a $this->stack to handle circular references. (No idea what a stack actually is, I simply named it so ^^)
class Evaluator {
private $vars;
private $stack = array();
private $inEval = false;
public function __construct(&$vars) {
$this->vars =& $vars;
}
public function evaluate($str) {
// empty string
if (!isset($str[0])) {
return '';
}
if ($str[0] == '^') {
$this->inEval = true;
ob_start();
eval('$str = ' . preg_replace_callback('#%(\w+)#', array($this, '_replace'), substr($str, 1)) . ';');
if ($error = ob_get_clean()) {
throw new LogicException('Eval code failed: '.$error);
}
$this->inEval = false;
}
else {
$str = preg_replace_callback('#%(\w+)#', array($this, '_replace'), $str);
}
return $str;
}
private function _replace(&$matches) {
if (!isset($this->vars[$matches[1]])) {
return $this->inEval ? 'null' : '';
}
if (isset($this->stack[$matches[1]])) {
throw new LogicException('Circular Reference detected!');
}
$this->stack[$matches[1]] = true;
$return = $this->evaluate($this->vars[$matches[1]]);
unset($this->stack[$matches[1]]);
return $this->inEval == false ? $return : '\'' . $return . '\'';
}
}
Edit 1: I tested the maximum recursion depth for this script using this:
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEF'; // GHIJKLMNOPQRSTUVWXYZ
$length = strlen($alphabet);
$vars['a'] = 'Hallo World!';
for ($i = 1; $i < $length; ++$i) {
$vars[$alphabet[$i]] = '%' . $alphabet[$i-1];
}
var_dump($vars);
$expression = new Evaluator($vars);
echo $expression->evaluate('%' . $alphabet[$length - 1]);
If another character is added to $alphabet maximum recursion depth of 100 is reached. (But probably you can modify this setting somewhere?)
I actually just did this while implementing a MVC framework.
What I did was create a "find-tags" function that uses a regular expression to find all things that should be replaced using preg_match_all and then iterated through the list and called the function recursively with the str_replaced code.
VERY Simplified Code
function findTags($body)
{
$tagPattern = '/{%(?P<tag>\w+) *(?P<inputs>.*?)%}/'
preg_match_all($tagPattern,$body,$results,PREG_SET_ORDER);
foreach($results as $command)
{
$toReturn[] = array(0=>$command[0],'tag'=>$command['tag'],'inputs'=>$command['inputs']);
}
if(!isset($toReturn))
$toReturn = array();
return $toReturn;
}
function renderToView($body)
{
$arr = findTags($body);
if(count($arr) == 0)
return $body;
else
{
foreach($arr as $tag)
{
$body = str_replace($tag[0],$LOOKUPARRY[$tag['tag']],$body);
}
}
return renderToView($body);
}