I have a website that has been infected with malware code, heres an example:
<?php if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strto...algiyujsz-1; ?>
It's a rather large code, however I'm guessing due to some characters str_replace is not working, how would I go about replacing a string like the above via preg_replace(the ... being a wildcard)? I'm rather bad at regex and can't get it working. Or is there some way to get this working via str_replace so I have a point of reference for furure?
Full code here: http://pastie.org/10084259
Thank you!
Solved my issue with '/<\?php if\(!isset\(\$GL(.+?)z-1; \?>/is' and preg_replace
Related
I'm creating an email template and try to solve an unknown problem that add a random number of at the beginning of my tables.
So my preg_replace is:
preg_replace('/<br>(.*?)<table/s', "<br><table", $message)
I tried it on these websites and it worked:
preg_replace.onlinephpfunctions.com/
fr.functions-online.com/preg_replace.html
But on my server, it doesn't work, I also tried a preg_match_all but it doesn't work too.
Here's the source code where I use it:
https://codeshare.io/GbrArM
This problem is driving me nuts. Let's say I have a string:
This is a &start;pretty bad&end; string that I want to &start;somehow&end; display differently
I want to be able to remove the &start; and &end; parts as well as everything in between so it says:
This is a string that I want to display differently
I tried using preg_replace with a regular expression but it took off too much, ie:
This is a display differently
The question is: how do I remove the stuff just between sets of &start; and &end; pairs and make sure that it doesn't remove anything between any &end; and &start; segments?
Keep in mind, I'm working with hundreds of strings that are very different to each other so I'm looking for a flexible solution that'll work with all of them.
Thanks in advance for any help with this.
Edit: Replaced dollar signs with ampersands. Oops!
Try this regex /\&start;(.+?)\$end;/g
It looks like it works as desired: https://regex101.com/r/MW5nom/2
I quickly tried it on chrome console using JS, tried converting it into PHP:
"This is a &start;pretty bad$end; string that I want to &start;somehow$end; display differently".replace(/\&start;(.+?)\$end;/g, "")
I have a blog page on my website where a user edit's a post by going to a URL like this... http://www.example.com/blog?edit=blog post here. The script used to replace the spaces with %20 like it should but now it is replacing the spaces with %2520 and now the script can't search the database because there is no post called blog20post20here. I was going to go down the path of preg_replace, so I tried this...
preg_replace("/%2520/"," ",$_GET['edit']);
but that didn't seem to work.
I have never used preg_replace() and I just now read up on it in the manual. If someone could either point me down the right path and or show me how to correctly use preg_replace that would be awesome.
Sounds like you're double-escaping somewhere when generating the urls. %25 is the coding for the % character, so it sounds like it's going from %20 to %2520.
As an aside, there's better ways to decode that url (urldecode() for example), so perhaps preg_replace isn't really necessary...
EDIT: oh, and you should just use urlencode to generate the url in the first place.
For %2520
<?php echo urldecode(urldecode($_GET['edit'])); ?>
For %20
<?php echo urldecode($_GET['edit']); ?>
I need to remove the comment lines from my code.
preg_replace('!//(.*)!', '', $test);
It works fine. But it removes the website url also and left the url like http:
So to avoid this I put the same like preg_replace('![^:]//(.*)!', '', $test);
It's work fine. But the problem is if my code has the line like below
$code = 'something';// comment here
It will replace the comment line with the semicolon. that is after replace my above code would be
$code = 'something'
So it generates error.
I just need to delete the single line comments and the url should remain same.
Please help. Thanks in advance
try this
preg_replace('#(?<!http:)//.*#','',$test);
also read more about PCRE assertions http://cz.php.net/manual/en/regexp.reference.assertions.php
If you want to parse a PHP file, and manipulate the PHP code it contains, the best solution (even if a bit difficult) is to use the Tokenizer : it exists to allow manipulation of PHP code.
Working with regular expressions for such a thing is a bad idea...
For instance, you thought about http:// ; but what about strings that contain // ?
Like this one, for example :
$str = "this is // a test";
This can get complicated fast. There are more uses for // in strings. If you are parsing PHP code, I highly suggest you take a look at the PHP tokenizer. It's specifically designed to parse PHP code.
Question: Why are you trying to strip comments in the first place?
Edit: I see now you are trying to parse JavaScript, not PHP. So, why not use a javascript minifier instead? It will strip comments, whitespace and do a lot more to make your file as small as possible.
I'm trying to scrape a price from a web page using PHP and Regexes. The price will be in the format £123.12 or $123.12 (i.e., pounds or dollars).
I'm loading up the contents using libcurl. The output of which is then going into preg_match_all. So it looks a bit like this:
$contents = curl_exec($curl);
preg_match_all('/(?:\$|£)[0-9]+(?:\.[0-9]{2})?/', $contents, $matches);
So far so simple. The problem is, PHP isn't matching anything at all - even when there are prices on the page. I've narrowed it down to there being a problem with the '£' character - PHP doesn't seem to like it.
I think this might be a charset issue. But whatever I do, I can't seem to get PHP to match it! Anyone have any ideas?
(Edit: I should note if I try using the Regex Test Tool using the same regex and page content, it works fine)
Have you try to use \ in front of £
preg_match_all('/(\$|\£)[0-9]+(\.[0-9]{2})/', $contents, $matches);
I have try this expression with .Net with \£ and it works. I just edited it and removed some ":".
(source: clip2net.com)
Read my comment about the possibility of Curl giving you bad encoding (comment of this post).
maybe pound has it's html entity replacement? i think you should try your regexp with some sort of couching program (i.e. match it against fixed text locally).
i'd change my regexp like this: '/(?:\$|£)\d+(?:\.\d{2})?/'
This should work for simple values.
'#(?:\$|\£|\€)(\d+(?:\.\d+)?)#'
This will not work with thousand separator like 234,343 and 34,454.45.