Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Will this strip a specific code tag from the fwrite to host file?

    Hi All,

    In the code below which in it's normal state works fine to write a text file on host, I want to kill the addition of any script that maybe entered into the input field on the form this code writes to host. The code is chopped down to just give example.

    The line of code which is of interest is this one......
    Code:
    foreach ($data as $key=>$dataArray){foreach ($dataArray as $k => $v){ replace(/<s/i, "Cs");  replace(/()/i, "O");   fwrite($fp, "$v");}}
    Can the addition of
    Code:
    replace(/<s/i, "Cs");  replace(/()/i, "O");
    actually do the replace of an entered
    Code:
    <s
    which would be the start of the tag
    Code:
    <script
    with the characters Cs and the in the case of the brackets () as a set, those are replaced as an O.

    The form may include other code so I don't want to strip everything just kill any specific like the
    Code:
    <script
    tag.


    PHP Code:
    <?php
    # initialise variables
    $Something "";
    $data = array();
    $changed false;
    $myTextFile "somefilenamehere.txt";
    if (
    file_exists($myTextFile))
    $data parse_ini_file($myTextFiletrue);
    if (isset(
    $_POST['userdata']) && $_POST['password'] == "xxxxx")
    {
    $data[$_POST['']]['Something'] = $_POST['Something'];
    $changed true;
    }
    if (
    $changed) {
    $fp fopen($myTextFile'w');
    ksort($data);
    foreach (
    $data as $key=>$dataArray){foreach ($dataArray as $k => $v){ replace(/<s/i"Cs");  replace(/()/i"O");   fwrite($fp"$v");}}
    fclose($fp);
    header("Location: done.php");
    Exit();
    }
    ?>

    Martin.

  • #2
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    215
    Thanks
    52
    Thanked 1 Time in 1 Post

    several problems with your code

    1: 'replace()' should be eregi_replace and is missing an argument; the last which should be the string you
    are trying to apply the replacement to.
    2: I believe the regular expressions should be in quotes. With eregi_replace, the /i is not necessary.

    you can test your regular expressions in isolated situations.
    one way to do this is eregi_replace ('abc(*)', 'def\\1', $somestring)
    use capturing parenthesis and reference them in replacement with \1 (or multiple sets
    of capturing parenthesis in your regex, \1 up to \9.
    In the imaginary example above eregi_replace ("abc(*)", "def\\1", $somestring), \\1 is
    necessary. This would replace 'abc' and anything following it, wth 'def' + anything that followed 'abc'

  • #3
    New Coder
    Join Date
    Mar 2012
    Posts
    91
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Hi anotherJEK,

    Thank you for the reply but I understand that eregi_replace in now deprecated, as per this quote "This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged". So I am looking for some other replace method where it can be directly coded as a replace and not a $ var.

    Edit.....
    However, from what you suggested and just trying I have resolved what I wanted to do.

    Using the preg_replace and making the code read like this
    Code:
     $v = preg_replace('/\<s/i', 'Cx', $v);
    and including the argument you mentioned seems to work for what I want to do.

    PHP Code:
    <?php 
    # initialise variables 
    $Something ""
    $data = array(); 
    $changed false
    $myTextFile "somefilenamehere.txt"
    if (
    file_exists($myTextFile)) 
    $data parse_ini_file($myTextFiletrue); 
    if (isset(
    $_POST['userdata']) && $_POST['password'] == "xxxxx"

    $data[$_POST['']]['Something'] = $_POST['Something']; 
    $changed true

    if (
    $changed) { 
    $fp fopen($myTextFile'w'); 
    ksort($data); 
    foreach (
    $data as $key=>$dataArray){foreach ($dataArray as $k => $v){ $v preg_replace('/\<s/i''Cx'$v); $v preg_replace('/\(/i''O'$v);  fwrite($fp"$v");}} 
    fclose($fp); 
    header("Location: done.php"); 
    Exit(); 

    ?>

    Martin.
    Last edited by SpidersWebHelp; 04-11-2014 at 10:51 PM. Reason: solved what to do


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •