I have a search form in SPIP which does a GET to /recherche
Now when I am typing something like cinéma the é is automatically being encoded to something like cin%25C3%25A9ma
In SPIP, if I do
<?php echo urldecode($_GET['recherche']; ?>
It is being converted back to cinéma.
However, In SPIP, I would retrieve the value of recherche with something like this:
#ENV{recherche}
Is there someway to decode this variable. Any in-built function in SPIP?
You can create your own filter, adding this function in your mes_fonctions.php file:
function filtre_urldecode($v) {
return urldecode($v);
}
You then can use [(#ENV{recherche}|urldecode)] in your squelette.
There is no built-in function to decode an URL in SPIP. You have to use PHP's urldecode().
[(#ENV{recherche}|urldecode)] will do the job.
For reference, please see SPIP's filters: Adding your own filters
You don't have to create a new dedicated SPIP filter, since you can use PHP's urldecode as an SPIP filter. For example:
[(#ENV{recherche}|urldecode)]
Related
I would like to encode a php page which contains some php functions.
For example, I have a page named: code.php with this functions:
<?php
function data(){
echo "foo";
...
}
function storage(){
echo "storage files..";
...
}
?>
I use these functions in my other php pages and I would like to protect them by other users. How can I encode their code?
I read about base64_encode() but the examples only show how to encode a string: how can I use this solution to encode and decode my php functions?
Thank you!
If you want to stop others from seeing your PHP code you can either make it as hard as possible (via minifying, obfuscating, whatever you wish to call it) or encrypt it.
There's an answer right here on SO with a few suggestions and another I'd add is ion cube.
With encrypted code you're likely to need further changes to your web server such as an apache module. With obfuscation it will just make it harder for the other developers to read, for instance changing variables and functions names to something meaningless and hard to read.
You will inevitably need to keep a copy of your unobfuscated PHP so you can work on it in a sane manner, which may be hard if you're only developing on your server.
To use Base64 you're probably thinking of doing something like this:
eval(base64_decode('ZnVuY3Rpb24gZGF0YSgpew0KZWNobyAiZm9vIjsNCn0NCmZ1bmN0aW9uIHN0b3JhZ2UoKXsNCmVjaG8gInN0b3JhZ2UgZmlsZXMuLiI7DQp9DQokZGF0YSA9ICdkYXRhJzsNCiRzdG9yYWdlID0gJ3N0b3JhZ2UnOw=='));
What's happening here is the Base 64 string is actually valid PHP, and you first decrypt it the eval it. An example of what the decoded string might look like:
function data(){
echo "foo";
}
function storage(){
echo "storage files..";
}
$data = 'data';
$storage = 'storage';
After the above eval call you would then do something like:
// call the data function
$data();
// call the storage function
$storage();
As stated from the documentation:
PHP supports the concept of variable functions. This means that if a
variable name has parentheses appended to it, PHP will look for a
function with the same name as whatever the variable evaluates to, and
will attempt to execute it.
So, calling $someVariable() will try to run a function named whatever $someVariable contains. If you set $someVariable to foo, it would try to run foo(), if you set $someVariable to sausage, it would try to run sausage() and so on.
Obviously bear in mind that you need to make sure these function variables' names aren't going to be used elsewhere.
I have a function that creates an array that contains the return value from the HTML DOM method : window.document.getElementById()
function makearray1(){
var array1=[1,window.document.getElementById('divID'),['a','b'],[1,2]];
}
then I pass the array into another function
use(array1)
function use(xxx){
xxx[1].innerHTML=xxx[2][0];
}
and 'a' is written in the appropriate div
later I decided to put the array in a form and post it to a txt file on the server using php and:
JSON.stringify(array)
So now I use AJAX to call the data from the txt file after the rest of the page has loaded etc... and the original function used to make the array is not included at all.
so my php is basically this:
$a1='use(';
$data1 =file_get_contents("text_file.txt") ;
$a2=')';
echo $a1.$data1.$a2;
and the response text:
var n= XMLHttpRequestObject.responseText;
eval(n);
which pretty much means this:
use(text_file)
function use(xxx){
xxx[1].innerHTML=xxx[2][0];
}
the problem is that the array in the text file looks like this:
[1,null,['a','b'],[1,2]]
instead of:
[1,window.document.getElementById('divID'),['a','b'],[1,2]]
My question: Is there any way that I can do the equivalent of what I'm trying to do here, which is immediately replicate the return value of the HTML/DOM method in an array using AJAX/php?
To clarify: this is a simple example. I actually have a huge, multidimensional array that already has established pointers, or prefetched DOM nodes in it. Now I'm trying to replicate the array when a text version is loaded using ajax. I'm looking for a recursive approach to changing all of the null assignments with something that will immediately fetch the appropriate DOM node. Most likely I will need to do it with the response text, but was hoping I could do it with the php portion.
You're trying to stringify a reference to a javascript object in the memory of whatever computer is evaluating getElementById first, and that has no chance to represent something on the end client's computer.
Send the id instead:
function makearray1(){
array1=[1,'divID',['a','b'],[1,2]];
}
then, in the client:
function use(xxx){
window.document.getElementById(xxx[1]).innerHTML=xxx[2][0];
}
If you really want to eval it at the end, you can use this, I guess
function makearray1(){
array1=[1,"window.document.getElementById(\"divID\")",['a','b'],[1,2]];
}
I've no idea why you would want to do that though
Assuming the dom element exists in the second page, it should look something like this.
JS:
function packDomData(){
return {
"MySpecificYetBriefProperty0":1,
"DomID":"divID",
"MySpecificYetBriefProperty1":['a','b'],
"MySpecificYetBriefProperty2":[1,2]
};
}
function useDomData(domData){
document.getElementByID(domData.DomID).innerHTML=domData.MySpecificYetBriefProperty1[0];
}
PHP:
//Make sure the contents of this file is the json from packDomData. use json_encode in php or JSON.stringify in js
echo file_get_contents("text_file.txt");
var myData = JSON.parse(XMLHttpRequestObject.responseText);
useDomData(myData);
I used to code like you. Here are some tips that have helped turn my coding horror into a fun job:
Use objects with descriptive properties instead of arrays whenever you aren't actually looping through the array - I promise it will save you and others headache! "DomID" is much more flexible than 1, and if you change the order in the array, javascript gods help you that array is everywhere - including however many random text files on your server!
Also use descriptive names for functions
Always return a value from a function instead of using globals whenever possible, even where the result is then used as a nasty global. Trust me.
Never put javascript function names in an ajax call. Use JSON instead and keep the functions and other script in the javascript file where it belongs.
Mysql will save your life!!
Disclaimer - I didn't run this code but it should basically work when you get everything hooked up right.
I have the following example of what a user might type into a field for a post name:
<h1><span>They're awesome people</span></h1>
Now because this is a post title I want to remove all that HTML completely before saving it to the database. This is because for a) security reasons and b) if I export this as JSON I don't want to be cleaning up HTML on output for 3rd party users.
I have tried the following in my model:
public function beforeSave() {
if (isset($this->data[$this->alias]['title']))
{
//$this->data[$this->alias]['title'] = Sanitize::clean($this->data[$this->alias]['title'], array('encode'=>true,'remove_html'=>true));
$this->data[$this->alias]['title'] = html_entity_decode(Sanitize::html($this->data[$this->alias]['title'], array('remove'=>true)));
}
return true;
}
As you can see I have tried both Clean and HTML from the Sanitize class to clean out the HTML but both cause a problem in that they escape the quote from they're making it like '. I have tried using the html_entity_decode around the sanitize to clean this up but it still happens. Any ideas on how to do this?
If I do this though:
echo html_entity_decode('They're awesome people');
it works fine so the function is fine, it's a problem with using it in conjunction with the sanitize class in CakePHP.
Thanks
Why not use
Sanitize::paranoid()
Manual
Or even strip_tags
To make Sanitize::html work
Sanitize::html($var, array('remove'=>true, 'quotes' => ENT_NOQUOTES));
it uses htmlentities internaly and default flag is set to ENT_QUOTES.
You should try htmlspecialchars_decode() function.
Edit:
Using only PHP function instead CakePHP library, you can try strip_tags().
When you GET or POST this:
"http://translate.google.com/translate_a/t","client=t&sl=auto&tl=".urlencode($lang)."&text=".urlencode($text)
the response looks like this:
[[["автомобил","car","avtomobil",""]],,"en",,[["автомобил",[5],1,0,1000,0,1,0]],[["car",5,[["автомобил",1000,1,0],["автомобилот",0,1,0],["автомобили",0,1,0],["кола",0,1,0],["возило",0,1,0]],[[0,3]],"car"]],,,[["en","fr"]],30]
How to decode that? (maybe in json_decode style)
To get the api to return JSON change the parameter
client=t
to
client=p
//this will translate from en to ar -- you can change it for your needs
function translate_word($en){
$file_content = file_get_contents('http://translate.google.com/translate_a/t?client=p&sl=auto&tl=ar&hl=en&sc=2&ie=UTF-8&oe=UTF-8&uptl=ar&oc=1&prev=conf&psl=auto&ptl=en&otf=1&it=sel.8936&ssel=0&tsel=3&q='.str_replace(" ","%20",$en));
$obj = json_decode($file_content);
if(!empty($obj->sentences[0]->trans)){
return $obj->sentences[0]->trans;
}else{
return $en;
}
}
//how to use
echo translate_word("test translation process");
//if you do not know short codes for your language you can just open
translate.google.com and do described on screenshot
//you should have firebug extension installed on your browser
//if the answer was usefull please do not forget to vote up! thanks.
Try using PHP's json_decode function to convert that data to native PHP data types.
How can I programmatically use the data of the bult-in Wordpress functions.
E.g. I'd like to use the data of
the_author_meta('login_name');
in a php function. Problem: The function echoes the value by default. In order to use the actual value in a function I can think of using an output buffer like ...
ob_start();
the_author_meta('login_name');
$contents = ob_get_contents();
ob_end_clean();
but I was hoping for a better (less bloated) solution.
Any idea how to get the echo values as simple return values instead?
use get_the_author_meta() for return the value.
Note: All of wordpress meta methods (the_post,the_author,the_page etc.) are supports the get_ prefix