i want php code to open a file and search in it for some dangerous words like
if(preg_match("/(echo|zend|print|print_r|phpinfo|
symlink|ini_set|telnet|cgi|
eval|base64_encode|base64_decode)/iU",$filesource)){
echo 'error';
}
how i can make it
If you want to parse PHP code, use token_get_all to get an array of language tokens.
pretty much like you outlined :)
But have you looked at tools like phpcs and phpcpd?
You can open up any php file like a regular text file and parse through it without including it in your script.
<?php
$filedata = file_get_contents('/path/to/file.php');
if (preg_match('/foo/', $filedata) {
echo "file contained 'foo'\n";
}
Related
im looking for a way to put a php string into a html file, which i pull into with file_get_contents and echo then.
PHP Snipped:
if($_GET['title'] == "main"){
$name = "Jan";
$page = file_get_contents('pages/main.html');
echo $page;
}
HTML Snipped:
<div id='personal_data'>
Persönliche Daten:</br>
Name: $name</br>
Alter: 18</br>
Wohnort: Keine Ahnung
</div>
I think there are similar questions on here: eg. PHP sending variables to file_get_contents()
But file_get_contents is just returning a string, so str_replace should work on it.
# https://www.php.net/manual/en/function.str-replace.php
$bodytag = str_replace("%body%", "black", "<body text='%body%'>");
# your example
if($_GET['title'] == "main"){
$name = "Jan";
$page = file_get_contents('pages/main.html');
echo str_replace('$name', $name, $page);
}
With file_get_contents() you're processing your HTML file like plain text file, PHP will not parse it or interpret anything from it. The echo will then print the raw content of this file.
If you're new to PHP & you're trying to load a page and interpret variables, I suggest you to take a look a some PHP introduction topics & tutorials on the web at first. Unless you're building a kind of page-caching, this will not be easy and practicle for you to maintain.
By the way, if you want to "include" HTML content from a file into your main PHP file, you have to use include() or require() functions.
Here is some example of file inclusion : https://www.tutorialspoint.com/php/php_file_inclusion.htm
So I have this site where I want to create a listing of best torrent Magnet URI alternatives.I'd rather list everything from some .html file:
torrent1:name_of_torrent
torrent2:name_of-torrent
...
and have PHP check for the $_POST['search_torrent'] and search that data inside the .html, if any of the specific data/name was found in any of those lines, then output that entire line as a item using foreach().
I did something like this, but the host I'm trying to accomplish this on doesn't allow exec() nor shell_exec().
<?php
if (isset($_POST['search_torrent'])) {
$search_torrent = $_POST['search_torrent'];
$torrent_file = "read.txt";
echo nl2br(shell_exec("type ".$torrent_file."| find /I \"".$search_torrent."\""));
?>
I know I know... I could use database but I'm just not into that at this moment.
Thanks!
Read the file lines into an array and grep that:
foreach(preg_grep('/'.preg_quote($_POST['search_torrent'], '/').'/i', file('read.txt')) as $line) {
echo "$line<br>";
}
I'm trying to use 1 include file for both perl and php
Is there a nice way to import a myphp.inc file within perl?
$ cat myphp.inc
<?php
$some_var="hello world";
?>
Using the above in my test.php works fine:
include "myphp.inc";
If I remove the < ? php then test.php will just print out the contents of the myphp.inc file... if I leave them in then my perl programs complains with:
Unterminated <> operator
I've seen the perl module: PHP::Include but I would like to stay away from external modules if possible.
Anyone have ideas on doing this??
Don't try to write code that is both PHP and Perl, they are different languages, even if they have some shared ancestry. If you want to share data between the two, then use a structured data format. JSON is a popular flavour. PHP has parse_json and Perl has the JSON module.
I would like to stay away from external modules if possible
Code reuse is a virtue … although there is nothing stopping you reimplementing the modules from scratch.
Ideally you would store the shared/configuration data in a format easily readable in both PHP and Perl. XML, JSON, or a simple text file with key-value pairs (as in the .ini file that simbabque suggests) would work great.
If you are determined to read the PHP file in Perl but you do not want to use a module such as PHP::Include then you are left with writing something like this:
use IO::File;
sub require_php {
my $source_filename = $_[0];
my $dest_filename = 'temp.inc.pl';
open my $source, $source_filename or die "Could not open $source_filename: $!";
open my $destination, '>>'.$dest_filename or die "Cound not open file for writing";
while(my $line = <$source>) {
if(index($line,'<?php')==-1 && index($line,'?>')==-1) {
print $destination $line
}
}
close $destination;
close $source;
require $dest_filename;
unlink $dest_filename;
}
our $some_var = '';
require_php('myphp.inc');
which will end with $some_var having the value of "hello world".
my browser is showing this as a result from the following code (code comes straight out of my course)
rule $lineNr: ". htmlspecialchars($line)."
"); } ?>
(this is not code in my editor this is the actual output of the browser)
<?
// read file in table
$table = file("test.txt");
while(list($lineNr, $line) = each($table))
{
print("<b>rule $lineNr: </b>". htmlspecialchars($line)."<br>");
}
?>
normally this is because I put my address in my browser the wrong way. But this time the path to the file is rooted in the actual xampp rootfolder just like other php files that do work. So I don't really know where to look for the solution to this.
Make sure you use the full php start tag ("<?php"). You are using the short tag ("<?").
<?php
// code
?>
I need to echo entire content of included file. I have tried the below:
echo "<?php include ('http://www.example.com/script.php'); ?>";
echo "include (\"http://www.example.com/script.php\");";
But neither works? Does PHP support this?
Just do:
include("http://www.mysite.com/script.php");
Or:
echo file_get_contents("http://www.mysite.com/script.php");
Notes:
This may slow down your page due to network latency or if the other server is slow.
This requires allow_url_fopen to be on for your PHP installation. Some hosts turn it off.
This will not give you the PHP code, it'll give you the HTML/text output.
Shortest way is:
readfile('http://www.mysite.com/script.php');
That will directly output the file.
Echo prints something to the output buffer - it's not parsed by PHP. If you want to include something, just do it
include ('http://www.mysite.com/script.php');
You don't need to print out PHP source code, when you're writing PHP source code.
Not really sure what you're asking, but you can't really include something via http and expect to see code, since the server will parse the file.
If "script.php" is a local file, you could try something like:
$file = file_get_contents('script.php');
echo $file;
This may not be the exact answer to your question, but why don't you just close the echo statement, insert your include statement, and then add a new echo statement?
<?php
echo 'The brown cow';
include './script.php';
echo 'jumped over the fence.';
?>
Matt is correct with readfile() but it also may be helpful for someone to look into the PHP file handling functions
manual entry for fpassthru
<?php
$f = fopen($filepath, 'r');
fpassthru($f);
fclose($f);
?>