I don't know exactly how to explain this but when I POST on my page or when I change a SESSION variable, sometime, not always, I will get half the html in plain text starting with a hexa code. I don't know what to do. Its always random, the hexa code is almost always different.
Exemple :
bc86
<div>something...</body></html>
If there was a problem of encoding which is mostly possible then you can try the following before producing some HTML/text to client:
header('Content-Type: text/html; charset=utf-8');
Related
Reading through the vulnhub walkthrough for wakanda here
https://medium.com/egghunter/wakanda-1-vulnhub-walkthrough-3d524ed8a372
And it uses a php filter i haven't seen before (base64 encoder) which is then decoded . Using this line of code
curl http://192.168.56.102/?lang=php://filter/convert.base64-encode/resource=index | head -n 1 | base64 -d
In comparison I tried to simply curl the page via
curl http://192.168.56.102/?lang=php
Both output the html , but the filtered code also produces several lines above the DOCTYPE header that is enclosed inside of a php tag. My question is why does this happen?
the significant output (first few lines) is below
<?php
$password ="Niamey4Ever227!!!" ;//I have to remember it
if (isset($_GET['lang']))
{
include($_GET['lang'].".php");
}
?>
<!DOCTYPE html>
<html lang="en"><head>
Obviously this is wrong, but it seems like the filtered code is: encoding , then decoding and somehow in that process getting more information than if we just curled everything
I came across this article
https://www.idontplaydarts.com/2011/02/using-php-filter-for-local-file-inclusion/
which explained this very well.
This forces PHP to base64 encode the file before it is used in the require statement. From this point its a matter of then decoding the base64 string to obtain the source code for the PHP files.
So as to why the filtered code gets all the html and the php, is because its making the php be encoded before grabbing the html and wrapping it all into one output string, which can then be decoded and read . Meaning as output you get both the page html and the php code from other supporting files
I suddenly have this strange behavior in PHP. I looked around here but cannot find a reasonable explanation
I have an extremely simple example:
<?php
$test = 'hello123';
print $test;
?>
This shows: hello123null in the webbrowser.
When I echo instead of print the result, its the same.
When I put the string in double quotes also the same.
No matter what I do, it always appends the string 'null' to it.
What is happening here?
When serving web pages and mixing HTML and PHP there are scenarios where you can flush hidden characters.
How to troubleshoot:
Turn on show all characters in the IDE so you can see spaces, line breaks, etc.
Verify no other pages are executed after that script. Sometimes when flipping between HTML and PHP extra characters are injected in the view if you are not following best practices.
Put another print line after your print hello123, is it still after hello123 or your last command?
("hello123");
print("test");
Try obflush () to pin point issue:
see https://www.php.net/manual/en/function.ob-flush.php
print("hello123");
ob_flush();
flush();
print("test");
Lastly, try setting your header.
header( 'Content-type: text/html; charset=utf-8' );
I'm using https://github.com/farjadtahir/pdf-invoicr.
Problem is when I add diacritics to $invoice->setFrom() (or anywhere else) diacritics not showing up.
I tried $invoice->setFrom(array(iconv("UTF-8", "ISO-8859-1","ÆØÅ")from this comments
but still diacritics not working.
Next I tried https://stackoverflow.com/a/21555497/2893691 again not working.
So, how to finally convert ľščťžýáíé to UTF-8 in invoicr?
EDIT - NEW INFO
I'm used mb_detect_encoding() and return is UTF-8 already. But when I try show for example string ičo123 the result is empty. Not showing.
I tried add header('Content-Type: text/html; charset=utf-8'); and still diacritics not working.
EDIT 2 - NEW INFO
I tried this script http://www.fpdf.org/en/script/script92.php and still not working. Here is screenshot of downloaded example from link above:
Problem solved - Used script from EDIT 2 and removed all iconv() functions from phpinvoice.php file.
folks, I need you help please.
I have a form with some inputs that expect some special chars. Thats why I want to use utf-8 encoding. It set it in HTML as a meta-tag, in PHP as a header and directly in the form with "accept-charset". Yet, I get the following:
var_dump($_POST['name']) => "dagã¶bert" (original input: "dägobert")
var_dump(mb_detect_encoding($_POST['vorname'])); => "ascii"
I have absolutely no idea left on what more to do to get this working. I appreciate any hint.
To make sure, that your web server output (from php) is interpreted as utf-8, you can set the encoding explicitly by calling:
header('Content-type: text/html; charset=utf-8');
at the beginning of your php script. It is important that this is called before any other output is done by the script, else an error occurs, that headers could not be set any more.
The <meta charset="utf-8"> tag is not sufficient. You should use the meta tag as well to provide the encoding even in the case that a user decides to store the page locally and view it later again (when noch Content-Type is provided any more, because the page doesn't come from the web server any more).
When navigating to a URL like this:
http://example.com/user?u=ヴィックサ
I notice that Chrome encodes the characters as:
http://example.com/user?u=%E3%83%B4%E3%82%A3%E3%83%83%E3%82%AF%E3%82%B5
And everything works serer-side.
However, in IE I get this error from my code:
The user you are trying to find (?????) does not exist.
Note the five question marks. For some reason the PHP never gets to see the parameter.
What could be causing this, and is there any way to fix it?
Sadly it seems what you want to do is not going to work for the current generation of IE
The accepted answer for this question UTF-8 Encoding issue in IE query parameters says that you need to encode the characters yourself rather than relying on the browser as support varies from browser to browser, and maybe even device to device
<a href='/path/to/page/?u=<?=urlencode('ヴィックサ')?>'>View User</a>
Also I presume you are setting utf8 headers from the webserver? you didn't say, if not, in php
header('Content-Type: text/html; charset=utf-8');