trim() expects parameter 1 to be string, array given in - php
I have this PHP function for converts all the html special characters to html entities, UTF-8 compatible.
function safe($input) {
$text = trim($input); //<-- LINE 31
$text = preg_replace("/(\r\n|\n|\r)/", "\n", $text); // cross-platform newlines
$text = preg_replace("/\n\n\n\n+/", "\n", $text); // take care of duplicates
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
$text = stripslashes($text);
$text = str_replace ( "\n", " ", $text );
$text = str_replace ( "\t", " ", $text );
return $text;
}
Now, I check my script using acunetix web vuln scanner and i see this error :
This page contains an error/warning message that may disclose sensitive information.The message can also contain the location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This vulnerability affects /cms/submit.php.
Discovered by: Scripting (Error_Message.script).
Attack details
URL encoded POST input access was set to 2
Error message found:
<b>Warning</b>: trim() expects parameter 1 to be string, array given in <b>C:\xampp\htdocs\cms\includes\safefunc.php</b> on line <b>31</b><br />
How do i fix this?
As others have said, the error is self explanatory and this function is not built to handle arrays. If you need to handle arrays then something like this:
function safe($input) {
if(is_array($input)) {
return array_map('safe', $input);
}
// rest of code
}
Read the Warning, and your answer is there.
Trim must receive a string as parameter, not a array.
Use
var_dump($input) to check your input variable type.
Could you show the code that call function safe()?
try to stringify the $input by using
json_encode($input)
it worked for me
Related
PHP Convert Unicode to text
I am receiving from a form the following urlencoded string %F0%9D%90%B4%F0%9D%91%99%F0%9D%91%92%F0%9D%91%97%F0%9D%91%8E%F0%9D%91%9B%F0%9D%91%91%F0%9D%91%9F%F0%9D%91%8E
If I decode it I get the following formatted text: ๐ด๐๐๐๐๐๐๐๐
Is there any way with PHP to get the plain "Alejandra" text from the encoded or decoded string?
I have tried without success several ways to do it with
mb_convert_encoding($string, "UTF-16",mb_detect_encoding($string))
iconv('utf-16', 'utf-8', rawurldecode($string)
and any other solution I could in stackoverflow.
Edit:
I tried the proposed solution $strAscii = iconv('UTF-8','ASCII//TRANSLIT',$str); but it deletes the special characters such as รกรฉรญรณรบรฑรง which we need to stay.
Expected result
input: ๐ด๐๐๐๐๐๐๐๐
output: Alejandra
input: รlejandra
output: รlejandra
Thank you in advance.
urldecode or rawurldecode is sufficient.
$string = "%F0%9D%90%B4%F0%9D%91%99%F0%9D%91%92%F0%9D%91%97%F0%9D%91%8E%F0%9D%91%9B%F0%9D%91%91%F0%9D%91%9F%F0%9D%91%8E";
$str = urldecode($string);
var_dump($str);
//string(36) "๐ด๐๐๐๐๐๐๐๐"
Demo: https://3v4l.org/OMQ35
A special debugger gives me: string(36) UTF-8mb4. This means that there are also UTF-8 characters in the string that require 4 bytes. The character A is the Unicode character โ๐ดโ (U+1D434).
Note:
If the special UTF-8 characters cause problems, you can try to display the strings as ASCII characters with iconv.
$strAscii = iconv('UTF-8','ASCII//TRANSLIT',$str);
//string(9) "Alejandra"
What you are getting is called a "psuedo-alphabet", you can see a list of them here: https://qaz.wtf/u/convert.cgi. The one that you appear to be getting can be seen here: https://en.wikipedia.org/wiki/Mathematical_Alphanumeric_Symbols
Basically what you need to do is take the string, split it and use a lookup table to convert it back to regular characters. This implementation is terribly efficient but that's because I grabbed the alphabets from the above Wikipedia page and was too lazy to reorganise it.
function math_symbols_to_plain_text($input, $alphabet)
{
$alphabets = [
['a','๐','๐','๐','๐บ','๐ฎ','๐ข','๐','๐ถ','๐ช','๐','๐','๐','๐'],
['b','๐','๐','๐','๐ป','๐ฏ','๐ฃ','๐','๐ท','๐ซ','๐','๐','๐','๐'],
['c','๐','๐','๐','๐ผ','๐ฐ','๐ค','๐','๐ธ','๐ฌ','๐ ','๐','๐','๐'],
['d','๐','๐','๐
','๐ฝ','๐ฑ','๐ฅ','๐','๐น','๐ญ','๐ก','๐','๐','๐'],
['e','๐','๐','๐','๐พ','๐ฒ','๐ฆ','๐','โฏ','๐ฎ','๐ข','๐','๐','๐'],
['f','๐','๐','๐','๐ฟ','๐ณ','๐ง','๐','๐ป','๐ฏ','๐ฃ','๐','๐','๐'],
['g','๐ ','๐','๐','๐','๐ด','๐จ','๐','โ','๐ฐ','๐ค','๐','๐','๐'],
['h','๐ก','โ','๐','๐','๐ต','๐ฉ','๐','๐ฝ','๐ฑ','๐ฅ','๐','๐','๐'],
['i','๐ข','๐','๐','๐','๐ถ','๐ช','๐','๐พ','๐ฒ','๐ฆ','๐','๐','๐'],
['j','๐ฃ','๐','๐','๐','๐ท','๐ซ','๐','๐ฟ','๐ณ','๐ง','๐','๐','๐'],
['k','๐ค','๐','๐','๐','๐ธ','๐ฌ','๐ ','๐','๐ด','๐จ','๐','๐','๐'],
['l','๐ฅ','๐','๐','๐
','๐น','๐ญ','๐ก','๐','๐ต','๐ฉ','๐','๐','๐'],
['m','๐ฆ','๐','๐','๐','๐บ','๐ฎ','๐ข','๐','๐ถ','๐ช','๐','๐','๐'],
['n','๐ง','๐','๐','๐','๐ป','๐ฏ','๐ฃ','๐','๐ท','๐ซ','๐','๐','๐'],
['o','๐จ','๐','๐','๐','๐ผ','๐ฐ','๐ค','โด','๐ธ','๐ฌ','๐','๐','๐ '],
['p','๐ฉ','๐','๐','๐','๐ฝ','๐ฑ','๐ฅ','๐
','๐น','๐ญ','๐','๐','๐ก'],
['q','๐ช','๐','๐','๐','๐พ','๐ฒ','๐ฆ','๐','๐บ','๐ฎ','๐','๐','๐ข'],
['r','๐ซ','๐','๐','๐','๐ฟ','๐ณ','๐ง','๐','๐ป','๐ฏ','๐','๐','๐ฃ'],
['s','๐ฌ','๐ ','๐','๐','๐','๐ด','๐จ','๐','๐ผ','๐ฐ','๐','๐','๐ค'],
['t','๐ญ','๐ก','๐','๐','๐','๐ต','๐ฉ','๐','๐ฝ','๐ฑ','๐','๐','๐ฅ'],
['u','๐ฎ','๐ข','๐','๐','๐','๐ถ','๐ช','๐','๐พ','๐ฒ','๐','๐','๐ฆ'],
['v','๐ฏ','๐ฃ','๐','๐','๐','๐ท','๐ซ','๐','๐ฟ','๐ณ','๐','๐','๐ง'],
['w','๐ฐ','๐ค','๐','๐','๐','๐ธ','๐ฌ','๐','๐','๐ด','๐','๐ ','๐จ'],
['x','๐ฑ','๐ฅ','๐','๐','๐
','๐น','๐ญ','๐','๐','๐ต','๐','๐ก','๐ฉ'],
['y','๐ฒ','๐ฆ','๐','๐','๐','๐บ','๐ฎ','๐','๐','๐ถ','๐','๐ข','๐ช'],
['z','๐ณ','๐ง','๐','๐','๐','๐ป','๐ฏ','๐','๐','๐ท','๐','๐ฃ','๐ซ'],
['A','๐','๐ด','๐จ','๐ ','๐','๐','๐ผ','๐','๐','๐','๐ฌ','๐ฐ','๐ธ'],
['B','๐','๐ต','๐ฉ','๐ก','๐','๐','๐ฝ','โฌ','๐','๐
','๐ญ','๐ฑ','๐น'],
['C','๐','๐ถ','๐ช','๐ข','๐','๐','๐พ','๐','๐','โญ','๐ฎ','๐ฒ','โ'],
['D','๐','๐ท','๐ซ','๐ฃ','๐','๐','๐ฟ','๐','๐','๐','๐ฏ','๐ณ','๐ป'],
['E','๐','๐ธ','๐ฌ','๐ค','๐','๐','๐','โฐ','๐','๐','๐ฐ','๐ด','๐ผ'],
['F','๐
','๐น','๐ญ','๐ฅ','๐','๐','๐','โฑ','๐','๐','๐ฑ','๐ต','๐ฝ'],
['G','๐','๐บ','๐ฎ','๐ฆ','๐','๐','๐','๐ข','๐','๐','๐ฒ','๐ถ','๐พ'],
['H','๐','๐ป','๐ฏ','๐ง','๐','๐','๐','โ','๐','โ','๐ณ','๐ท','โ'],
['I','๐','๐ผ','๐ฐ','๐จ','๐','๐','๐','โ','๐','โ','๐ด','๐ธ','๐'],
['J','๐','๐ฝ','๐ฑ','๐ฉ','๐','๐','๐
','๐ฅ','๐','๐','๐ต','๐น','๐'],
['K','๐','๐พ','๐ฒ','๐ช','๐','๐','๐','๐ฆ','๐','๐','๐ถ','๐บ','๐'],
['L','๐','๐ฟ','๐ณ','๐ซ','๐','๐','๐','โ','๐','๐','๐ท','๐ป','๐'],
['M','๐','๐','๐ด','๐ฌ','๐ ','๐','๐','โณ','๐','๐','๐ธ','๐ผ','๐'],
['N','๐','๐','๐ต','๐ญ','๐ก','๐','๐','๐ฉ','๐','๐','๐น','๐ฝ','โ'],
['O','๐','๐','๐ถ','๐ฎ','๐ข','๐','๐','๐ช','๐','๐','๐บ','๐พ','๐'],
['P','๐','๐','๐ท','๐ฏ','๐ฃ','๐','๐','๐ซ','๐','๐','๐ป','๐ฟ','โ'],
['Q','๐','๐','๐ธ','๐ฐ','๐ค','๐','๐','๐ฌ','๐ ','๐','๐ผ','๐','โ'],
['R','๐','๐
','๐น','๐ฑ','๐ฅ','๐','๐','โ','๐ก','โ','๐ฝ','๐','โ'],
['S','๐','๐','๐บ','๐ฒ','๐ฆ','๐','๐','๐ฎ','๐ข','๐','๐พ','๐','๐'],
['T','๐','๐','๐ป','๐ณ','๐ง','๐','๐','๐ฏ','๐ฃ','๐','๐ฟ','๐','๐'],
['U','๐','๐','๐ผ','๐ด','๐จ','๐','๐','๐ฐ','๐ค','๐','๐','๐','๐'],
['V','๐','๐','๐ฝ','๐ต','๐ฉ','๐','๐','๐ฑ','๐ฅ','๐','๐','๐
','๐'],
['W','๐','๐','๐พ','๐ถ','๐ช','๐','๐','๐ฒ','๐ฆ','๐','๐','๐','๐'],
['X','๐','๐','๐ฟ','๐ท','๐ซ','๐','๐','๐ณ','๐ง','๐','๐','๐','๐'],
['Y','๐','๐','๐','๐ธ','๐ฌ','๐ ','๐','๐ด','๐จ','๐','๐','๐','๐'],
['Z','๐','๐','๐','๐น','๐ญ','๐ก','๐','๐ต','๐ฉ','โจ','๐
','๐','โค']
];
$replace = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'];
$lookup = [
'serif-normal',
'serif-bold',
'serif-italic',
'serif-bolditalic',
'sans-normal',
'sans-bold',
'sans-italic',
'sans-bolditalic',
'script-normal',
'script-bold',
'franktur-normal',
'fraktur-bold',
'monospace',
'doublestruck'
];
$map_index = array_search($alphabet, $lookup);
$split = mb_str_split($input);
$output = '';
foreach ($split as $char) {
foreach ($alphabets as $i => $letter) {
if ($letter[$map_index] === $char)
$output .= $replace[$i];
}
}
return $output;
}
$input = '๐ด๐๐๐๐๐๐๐๐';
$output = math_symbols_to_plain_text($input, 'serif-italic');
echo $input . PHP_EOL . $output . PHP_EOL;
Yields:
๐ด๐๐๐๐๐๐๐๐
Alejandra
If I am not wrong, you are trying to decode URL then why you are not trying to use urldecode() follow this .PHP DOC
PHP str_replace removing unintentionally removing Chinese characters
i have a PHP scripts that removes special characters, but unfortunately, some Chinese characters are also removed.
<?php
function removeSpecialCharactersFromString($inputString){
$inputString = str_replace(str_split('#/\\:*?\"<>|[]\'_+(),{}โ! &'), "", $inputString);
return $inputString;
}
$test = '่ตตๆฏ็ถ ่ตตๆฏ็ถ';
print(removeSpecialCharactersFromString($test));
?>
oddly, the output is ่ตต็ถ ่ตต็ถ. The character ๆฏ is removed
in addition, ้ ไธ is also removed. What might be the possible cause?
The string your using to act as a list of the things you want to replace doesn't work well with the mixed encoding. What I've done is to convert this string to UTF16 and then split it.
function removeSpecialCharactersFromString($inputString){
$inputString = str_replace(str_split(
mb_convert_encoding('#/\\:*?\"<>|[]\'_+(),{}โ! &', 'UTF16')), "", $inputString);
return $inputString;
}
$test = '#่ตตๆฏ็ถ ่ตตๆฏ็ถ';
print(removeSpecialCharactersFromString($test));
Which gives...
่ตตๆฏ็ถ่ตตๆฏ็ถ
BTW -str_replace is MB safe - sort of recognised the poster... http://php.net/manual/en/ref.mbstring.php#109937
PHP: replacing bad characters
It's more than possible this already has an answer, however since encoding is far from my strong point I don't really know what to search for to find out.
Essentially, I have a string that contains (what I would call) 'bad' characters. For context, this string is coming back from a cURL response. Example:
$bad_str = "Sundayรขโฌโขs";
Question: How to swap these out for more readable substitutes?
This would be a lot easier if I knew what this sort of problem was called, or what sort of encoding it corresponded to. I have read:
Strip Bad Characters from an HTML PHP Contact Form
PHP encoding: Delete some bad characters
I have tried creating a swaps map and running preg_replace_callback on it, i.e.:
$encoding_swapouts_map = array(
'รขโฌโข' => "'",
'รยฉ' => 'รฉ',
'รขโฌโ' => '-',
'รยฃ' => 'ยฃ'
);
$bad_str = preg_replace_callback(
$ptn = '/'.implode('|', array_keys($encoding_swapouts_map)).'/i',
function($match) use ($encoding_swapouts_map) {
return $encoding_swapouts_map[$match[0]];
},
$str
);
This doesn't seem to match the bad characters, so the callback is never called. Interestingly, $ptn, when printed out, shows some mutation:
/รยขรขโยฌรขโยข|รฦรยฉ|รยขรขโยฌรขโฌล|รโรยฃ/i
Thanks in advance.
What happened to the answer that I liked? (it was deleted).
I think it had a typo, however.
$text = "Sundayรขโฌโขs";
$bad = array("รขโฌโข","รยฉ","รขโฌโ","รยฃ");
$good = array("'","รฉ","-","ยฃ");
$newtext = str_replace($bad, $good, $text);
PHP Preg_Replace REGEX BB-Code
So I have created this function in PHP to output text in the required form. It is a simple BB-Code system. I have cut out the other BB-Codes from it to keep it shorter (Around 15 cut out)
My issue is the final one [title=blue]Test[/title] (Test data) does not work. It outputs exactly the same. I have tried 4-5 different versions of the REGEX code and nothing has changed it.
Does anyone know where I am going wrong or how to fix it?
function bbcode_format($str){
$str = htmlentities($str);
$format_search = array(
'#\[b\](.*?)\[/b\]#is',
'#\[title=(.*?)\](.*?)\[/title\]#i'
);
$format_replace = array(
'<strong>$1</strong>',
'<div class="box_header" id="$1"><center>$2</center></div>'
);
$str = preg_replace($format_search, $format_replace, $str);
$str = nl2br($str);
return $str;
}
Change the delimiter # to /. And change "/[/b\]" to "\[\/b\]". You need to escape the "/" since you need it as literal character.
Maybe the "array()" should use brackets: "array[]".
Note: I borrowed the answer from here: Convert BBcode to HTML using JavaScript/jQuery
Edit: I forgot that "/" isn't a metacharacter so I edited the answer accordingly.
Update: I wasn't able to make it work with function, but this one works. See the comments. (I used the fiddle on the accepted answer for testing from the question I linked above. You may do so also.) Please note that this is JavaScript. You had PHP code in your question. (I can't help you with PHP code at least for awhile.)
$str = 'this is a [b]bolded[/b], [title=xyz xyz]Title of something[/title]';
//doesn't work (PHP function)
//$str = htmlentities($str);
//notes: lose the single quotes
//lose the text "array" and use brackets
//don't know what "ig" means but doesn't work without them
$format_search = [
/\[b\](.*?)\[\/b\]/ig,
/\[title=(.*?)\](.*?)\[\/title\]/ig
];
$format_replace = [
'<strong>$1</strong>',
'<div class="box_header" id="$1"><center>$2</center></div>'
];
// Perform the actual conversion
for (var i =0;i<$format_search.length;i++) {
$str = $str.replace($format_search[i], $format_replace[i]);
}
//place the formatted string somewhere
document.getElementById('output_area').innerHTML=$str;
โ
Update2: Now with PHP... (Sorry, you have to format the $replacements to your liking. I just added some tags and text to demostrate the changes.) If there's still trouble with the "title", see what kind of text you are trying to format. I made the title "=" optional with ? so it should work properly work texts like: "[title=id with one or more words]Title with id[/title]" and "[title]Title without id[/title]. Not sure thought if the id attribute is allowed to have spaces, I guess not: http://reference.sitepoint.com/html/core-attributes/id.
$str = '[title=title id]Title text[/title] No style, [b]Bold[/b], [i]emphasis[/i], no style.';
//try without this if there's trouble
$str = htmlentities($str);
//"#" works as delimiter in PHP (not sure abut JS) so no need to escape the "/" with a "\"
$patterns = array();
$patterns = array(
'#\[b\](.*?)\[/b\]#',
'#\[i\](.*?)\[/i\]#', //delete this row if you don't neet emphasis style
'#\[title=?(.*?)\](.*?)\[/title\]#'
);
$replacements = array();
$replacements = array(
'<strong>$1</strong>',
'<em>$1</em>', // delete this row if you don't need emphasis style
'<h1 id="$1">$2</h1>'
);
//perform the conversion
$str = preg_replace($patterns, $replacements, $str);
echo $str;
converting & to & for XML in PHP
I am building a XML RSS for my page. And running into this error: error on line 39 at column 46: xmlParseEntityRef: no name Apparently this is because I cant have & in XML... Which I do in my last field row... What is the best way to clean all my $row['field']'s in PHP so that &'s turn into &
Use htmlspecialchars to encode just the HTML special characters &, <, >, " and optionally ' (see second parameter $quote_style).
It's called htmlentities() and html_entity_decode()
Really should look in the dom xml functions in php. Its a bit of work to figure out, but you avoid problems like this.
Convert Reserved XML characters to Entities
function xml_convert($str, $protect_all = FALSE)
{
$temp = '__TEMP_AMPERSANDS__';
// Replace entities to temporary markers so that
// ampersands won't get messed up
$str = preg_replace("/&#(\d+);/", "$temp\\1;", $str);
if ($protect_all === TRUE)
{
$str = preg_replace("/&(\w+);/", "$temp\\1;", $str);
}
$str = str_replace(array("&","<",">","\"", "'", "-"),
array("&", "<", ">", """, "'", "-"),
$str);
// Decode the temp markers back to entities
$str = preg_replace("/$temp(\d+);/","&#\\1;",$str);
if ($protect_all === TRUE)
{
$str = preg_replace("/$temp(\w+);/","&\\1;", $str);
}
return $str;
}
Use html_entity_decode($row['field']); This will take and revert back to the & from & also if you have &npsb; it will change that to a space. http://us.php.net/html_entity_decode Cheers