Escaping forward slashes in an strpos() declaration

Escaping forward slashes in an strpos() declaration - php

I have the following code to set a variable, $lang, depending on what directory we are currently in:
$find_lang = $_SERVER['REQUEST_URI'];
if (strpos('$find_lang', '/fr/') !== false) {
$lang = "fr";
}
else if (strpos('$find_lang', '/de/') !== false) {
$lang = "de";
}
else {
$lang = "en";
}
echo $lang;
parse_ini_file($lang . ".ini");
However, echoing $lang always gives me "en", even if I'm in http://example.com/fr/. I believe it's because of the forward slashes around the directory, but I've tried escaping as follows: //fr// and \/fr\/ but neither gives me a different answer.
Any ideas?

$find_lang = $_SERVER['REQUEST_URI'];
if (strpos($find_lang, '/fr/') !== false) {
$lang = "fr";
}
else if (strpos($find_lang, '/de/') !== false) {
$lang = "de";
}
else {
$lang = "en";
}
echo $lang;
parse_ini_file($lang . ".ini");

Related

Why is strpos working the first time, but not the second?

I´m using strpos two timer. In the first if/else it works well but in the second it doesn´t work. This is my code:
if (strpos($word, "mono") == true) {
$type = "Monobloc";
} else {
$type = "Articulated";
}
if ($word, "galva") == true) {
$coating = "Galvanized Rod";
} elseif (strpos($word, "epoxi") == true) {
$coating = "EPOXI 100%";
} elseif ($word, "electro") == true) {
$coating = "Electrozinced";
}
Example:
If the variable word has the value "galva-mono" $type should be "Monobloc" and $coating should be "Galvanized Rod". The problem is that it is assigning well the $type but in the coating it doen´t enter in the if clause.

As stated in the official documentation:
Warning
This function may return Boolean FALSE, but may also return a
non-Boolean value which evaluates to FALSE. Please read the section on
Booleans for more information. Use the === operator for testing the
return value of this function.
You are checking the result with == true instead of !== false.
So, try this code:
if (strpos($word, "mono") !== false) {
$type = "Monobloc";
} else {
$type = "Articulated";
}
if (strpos($word, "galva") !== false) {
$coating = "Galvanized Rod";
} elseif (strpos($word, "epoxi") !== false) {
$coating = "EPOXI 100%";
} elseif (strpos($word, "electro") !== false) {
$coating = "Electrozinced";
}

PHP safe for path traversal?

Is this php script safe for path traversal, null byte injection etc? I have tested by myself but I
don`t know sure...
<?php
if(isset($_GET['p'])) {
$allowedPages = array();
$openDir = opendir('./pages/');
while(false !== ($entry = readdir($openDir))) {
$allowedPages[] = $entry;
}
closedir($openDir);
$_GET['p'] = preg_replace('/([^.]+)(?:\.[^.]+)?$/', "$1.php", $_GET['p']);
$_GET['p'] = preg_replace('/\.[^.]+$/', '.php', $_GET['p']);
if(in_array($_GET['p'], $allowedPages)) {
include './pages/'.$_GET['p'];
} else {
header("HTTP/1.0 404 Not Found");
header("Location: ./404");
exit();
}
}
?>

PHP condition is being output randomly?

I'm having an issue with one of my conditional statements. The code below is a single text search where the user can enter a string and check a set of files within a directory. The code is working great, although I'm just having a small output glitch.
The 2nd conditional below (just before find_files function) is displaying one echo statement in the middle of my search results. In other words, my results are displaying perfectly, although that 2nd conditional statement appears once within the search results.
Even more weird is that the conditional does works when it's supposed to (i.e. when I enter a string and the string "is not found" within the files), so I'm confused. And I know the conditional is not included in a loop, so why would it display at all during the search?
This is the one last glitch I need to work out and this will work great. Any help would be appreciated.
<?php
$query = $_POST['query'];
if ((isset($query)) && (empty($query))) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
elseif ((isset($query)) && (!find_files('.'))) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
find_files('.');
function find_files($seed) {
if(! is_dir($seed)) return false;
$files = array();
$dirs = array($seed);
while(NULL !== ($dir = array_pop($dirs)))
{
if($dh = opendir($dir))
{
while( false !== ($file = readdir($dh)))
{
if($file == '.' || $file == '..') continue;
$path = $dir . '/' . $file;
if(is_dir($path)) { $dirs[] = $path; }
else { if(preg_match('/^.*\.(php[\d]?|js|txt)$/i', $path)) { check_files($path); }}
}
closedir($dh);
}
}
}
function check_files($this_file)
{
$query = $_POST['query'];
$str_to_find = $query;
if(!($content = file_get_contents($this_file))) { echo("<p style=\"color:darkgray; font-
family:arial\">Could not check $this_file</p>\n"); }
else { if(stristr($content, $str_to_find)) { echo("<p style=\"color:darkgray; font-
family:arial\">$this_file -> contains $str_to_find</p>\n"); }}
unset($content);
}
?>

Simply adding return, won't help. this modified code works and displays no error me
if (!isset($_REQUEST['query']))
{
//Ask for query here :)
//echo "<p style=\"color:darkgray; font-family:arial\">No query specified.</p>";
exit;
}
$query = isset($_REQUEST['query']) ? $_REQUEST['query'] : '';
if (empty($query))
{
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
exit;
}
$filesFound = find_files('.');
if (!$filesFound)
{
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
function find_files($seed)
{
if (!is_dir($seed)) return false;
$found = false;
$dirs = array($seed);
while (NULL !== ($dir = array_pop($dirs)))
{
if ($dh = opendir($dir))
{
while (false !== ($file = readdir($dh)))
{
if ($file == '.' || $file == '..') continue;
$path = $dir . '/' . $file;
if (is_dir($path))
{
$dirs[] = $path;
}
else
{
if (preg_match('/^.*\.(php[\d]?|js|txt)$/i', $path))
{
if (!$found)
{
$found = check_files($path);
}
}
}
}
closedir($dh);
}
}
return $found;
}
function check_files($this_file)
{
$query = $_REQUEST['query'];
$str_to_find = $query;
if (($content = file_get_contents($this_file)) === false)
{
echo("<p style=\"color:darkgray; font-family:arial\">Could not check $this_file</p>\n");
return false;
}
else
{
if (stristr($content, $str_to_find))
{
echo("<p style=\"color:darkgray; font-family:arial\">$this_file -> contains $str_to_find</p>\n");
return true;
}
}
}

In your second condition, you are checking to see if the condition: !find_files('.') matches. In order to check that condition, PHP is actually running the function at that time to get its return value, which it then checks for the condition.
On top of that, the find_files() function returns false when it is provided with incorrect input, but does not send a return value when it is successful. That means it does not provide the conditional statement with a value that evaluates to positive, so !find_files('.') evaluates to true, and the echo statement runs.
To fix this, you should just add a return true; as the very last line of your find_files() function.
But I'd also recommend fixing the fact that you're running the function twice. Use something like:
if ((isset($query)) && (empty($query))) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
else {
$success = find_files('.');
if ((isset($query)) && (!$success)) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
}
Instead of:
if ((isset($query)) && (empty($query))) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
elseif ((isset($query)) && (!find_files('.'))) {
echo "<p style=\"color:darkgray; font-family:arial\">Your search produced no results</p>";
}
find_files('.');

PHP Repeating Print Statement

I'm having an issue with a PHP print statement that repeats the output continuously for about 40 or 50 times, then stops. I thought it was supposed to print only one line. I'm still somewhat new to PHP, so I don't understand what I'm doing wrong. The code in question is located at the bottom of the snippet.
Thanks in advance.....
<?php
$query = $_POST['query'];
find_files('.');
function find_files($seed) {
if(! is_dir($seed)) return false;
$files = array();
$dirs = array($seed);
while(NULL !== ($dir = array_pop($dirs))) {
if($dh = opendir($dir)) {
while( false !== ($file = readdir($dh))) {
if($file == '.' || $file == '..') continue;
$path = $dir . '/' . $file;
if(is_dir($path)) {
$dirs[] = $path;
} else {
if(preg_match('/^.*\.(php[\d]?|js|txt)$/i', $path)) {
check_files($path);
}
}
}
closedir($dh);
}
}
}
function check_files($this_file) {
$query = $_POST['query'];
$str_to_find = $query;
if ((isset($str_to_find)) && (empty($str_to_find))) {
print '<p>Your search produced no results</p>';
} else {
if(!($content = file_get_contents($this_file))) {
echo("<p>Could not check $this_file</p>\n");
} else {
if(stristr($content, $str_to_find)) {
echo("<p>$this_file -> contains $str_to_find</p>\n");
}
}
unset($content);
}
}
?>

'Your search produced no results' will be printed out once for every file that your loop sees. You should do the check before you call find_files():
if (!isset($str_to_find) || empty($str_to_find)) {
print '<p>Your search produced no results</p>';
} else {
find_files('.');
}
You can then remove that bit of code from check_files().

You have the print statement inside of the check_files() function, which is being called from inside your while... loop. So, yes, it's going to be executed each time that loop executes and the conditions match.

By !== you maybe meant !=?

PHP Recursive Directory Handle Problem

getSettings() seems to only read and output 1 settings.php file in the directory. How do I get it to read and output all the settings.php file contents?
<?php
$config = array("os"=>"windows","directory"=>"../Core-Stack/Themes/","ignore"=>array('_vti_cnf','cgi-bin','.','..'));
function getSettings($dir, $issubdir = false) {
global $config, $SETTINGS;
if ($config['os'] == "unix")
$delimiter = "/";
else if ($config['os'] == "windows")
$delimiter = "\\";
if (!file_exists($dir) || !is_dir($dir) || !is_readable($dir)) {
echo "Error: \"$dir\" is not a directory, or I cannot read it properly.";
return 0;
} else if ($od = opendir($dir)) {
while (($file = readdir($od)) !== false) {
if (!in_array($file, $config['ignore'])) {
$path = $dir . $delimiter . $file;
if (is_dir($path))
getSettings($path, true);
elseif (is_file($path) && $file == "settings.php")
include ($path);
}
}
closedir($od);
}
}
getSettings($config['directory'], true);
echo "Theme Name: ";
echo $SETTINGS['theme_name'];
echo "<br>";
echo "Theme Creator: ";
echo $SETTINGS['theme_creator'];
echo "<br>";
echo "Theme Version: ";
echo $SETTINGS['theme_version'];
echo "<br>";
echo "Theme Creation Date: ";
echo $SETTINGS['theme_creation_date'];
?>

You should store directory contents before recursion, your else-if block should be like this:
else if ($od = opendir($dir)) {
$subdirs = array();
while (($file = readdir($od)) !== false) {
if (!in_array($file, $config['ignore'])) {
$path = $dir . $delimiter . $file;
if (is_dir($path)) $subdirs[] = $path;
elseif (is_file($path) && $file == "settings.php") include ($path);
}
}
closedir($od);
foreach($subdirs as $subdir)
getSettings($subdir, true);
}

Most likely your "settings" files are defining settings somehow like $SETTINGS = array(...); and of course that way you will only see contents from the latest included file. What you could do here without remaking the whole thing would be either:
without changing settings.php:
//...
elseif (is_file($path) && $file == "settings.php") {
$OLD_SETTINGS = $SETTINGS;
include ($path);
$SETTINGS = array_merge($OLD_SETTINGS, $SETTINGS);
}
//...
or if you can change the settings.php files:
//...
elseif (is_file($path) && $file == "settings.php") {
$SETTINGS = array_merge($SETTINGS, include ($path));
}
//...
//----in settings.php
return array(
'option' => 'foobar',
//...
);
That's of course if I got your intensions right. If not - then please edit your question and add more details.
UPDATE
also you could use scandir to fit the function in less lines and prevent potential problems with heap if the tree is VERY deep, like this:
function getSettings($dir, $issubdir = false) {
global $config, $SETTINGS;
if (!file_exists($dir) || !is_dir($dir) || !is_readable($dir)) {
echo "Error: \"$dir\" is not a directory, or I cannot read it properly.";
return 0;
} else if ($files = scandir($dir)) {
foreach ($files as $file) {
if (in_array($file, $config['ignore'])) continue;
$path = $dir . DIRECTORY_SEPARATOR . $file;
if (is_dir($path))
getSettings($path, true);
elseif (is_file($path) && $file == "settings.php")
$SETTINGS = array_merge($SETTINGS, include ($path));
}
}
}

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Escaping forward slashes in an strpos() declaration - php

$find_lang = $_SERVER['REQUEST_URI']; if (strpos($find_lang, '/fr/') !== false) { $lang = "fr"; } else if (strpos($find_lang, '/de/') !== false) { $lang = "de"; } else { $lang = "en"; } echo $lang; parse_ini_file($lang . ".ini");

Related

Why is strpos working the first time, but not the second?

PHP safe for path traversal?

PHP condition is being output randomly?

PHP Repeating Print Statement

PHP Recursive Directory Handle Problem

Categories

Resources