{PHP:} & parseing variables

pSouper · Post by **pSouper** » Sat 20. Mar 2004, 23:54

is it possible to parse a variable within the {PHP:} replacement tag?
e.g....
my Article...

{PHP:include\inc_ext\myFile.php?foo="Dir/SubDir/"}

myfile.php ...

Code: Select all

$foo = $_GET['foo']; ...

any help, as always is greatfully apreciated.

ionrock · Post by **ionrock** » Sun 21. Mar 2004, 01:46

No that won't work. Doing an include will not use the http get method. But you can just put straight php code in the plain text area if that might help.

ionrock · Post by **ionrock** » Sun 21. Mar 2004, 01:47

I take that back... It looks like you can't do regular php code in your plain text area. I might have missed something with that though so who knows.

pSouper · Post by **pSouper** » Sun 21. Mar 2004, 10:53

I was hopeing to avoide making a new repTag. Replacement tags are a truly great thing but as mention elsewhere in this forum, making replacement tags that just call an external php is silly. using {PHP:} to extend/mod is a cool option but sometimes parseing variables would be nice

hidiho · Post by **hidiho** » Sun 21. Mar 2004, 11:42

Hi all,

as i was reading this thread, i had a flashback: someone already solved it with a short hack (fatxu was his name). The thread:http://phpwcms.de/forum/viewtopic.php?t=410

and his hack:

i change some code in front.func.inc.php. so i can transfer some value to my ext php.
Code:

function include_ext_php($inc_file) {
// includes an external PHP script file and returns
// the result as string from buffered include content
$ext_php_content = "";
ob_start();
$command=strpos($inc_file,"?");
if ($command>0)
{
parse_str(substr($inc_file,$command+1));
$inc_file=substr($inc_file,0,$command);
}
include $inc_file;
$ext_php_content = ob_get_contents();
ob_end_clean();
return $ext_php_content;
}

i can use it like that

Code:

{PHP:showmoviecat.php?cat=1}

hopes this helps

regard

hidiho

pSouper · Post by **pSouper** » Sun 21. Mar 2004, 16:46

thanks for finding this Hidiho.
it reads to me as though it only strips the arguments out of the code though - and doesn't actually parse it on to the inclided file.

Code: Select all

$command=strpos($inc_file,"?");// LOOK FOR A '?'
if ($command>0)//IF THERE IS A '?' do....
{
parse_str(substr($inc_file,$command+1));
$inc_file=substr($inc_file,0,$command);//GET ALL BEFORE THE '?'
}

am i wrong?

EDIT: i am wrong (neither the first nor the last time).
I understand (now) that the variables are created and that this is enough - I was using $_GET[foo] in my included code

thanks all for your help

ionrock · Post by **ionrock** » Sun 21. Mar 2004, 21:02

There is this post also if it might help

http://www.phpwcms.de/forum/viewtopic.p ... ght=phpvar

pSouper · Post by **pSouper** » Sun 21. Mar 2004, 23:46

thanks IR, I have it working now - but this thread is very interesting to know too

pSouper · Post by **pSouper** » Sat 8. May 2004, 16:15

Since Oliver et al have released a patch for the include ext php function I thought I release the newly hacked version too....
(no idea if it meets any additional security though)

Code: Select all

function include_ext_php($inc_file) {
// includes an external PHP script file and returns
// the result as string from buffered include content
$ext_php_content = '';
	$command = strpos($inc_file, '?');
	if ($command !== false) {
		
		parse_str(substr($inc_file,$command+1));
		$inc_file_short = substr($inc_file, 0, $command);
		}
		
  if(is_file($inc_file_short)) {
		
		$this_path = str_replace("\\", '/', dirname(realpath($inc_file_short)));
		$this_path = preg_replace('/\/$/', '', $this_path);
		
		$root_path = str_replace("\\", '/', PHPWCMS_ROOT);
		$root_path = preg_replace('/\/$/', '', $root_path);
		
		if(strpos($this_path, $root_path) === 0) {
			ob_start();
			include $inc_file_short;
			$ext_php_content = ob_get_contents();
			ob_end_clean();
		}
	}
	return $ext_php_content;
}

mdgroot · Post by **mdgroot** » Sat 8. May 2004, 18:28

Hi, since I updated with the security patch today, my external programs are not running anymore...

eg.
{PHP:http://pub.alxnet.com/guestbook?id=xxxxxx}

it displays nothing anymore.... someone any idea ?

rgds,
marc

pSouper · Post by **pSouper** » Sat 8. May 2004, 18:44

did you just install olivers patch or the one above you post by me?

mdgroot · Post by **mdgroot** » Sat 8. May 2004, 20:13

I did install Oliver's patch, also tried yours ..

pSouper · Post by **pSouper** » Sat 8. May 2004, 23:58

would you post your new inc_ext_php function?

mdgroot · Post by **mdgroot** » Sun 9. May 2004, 00:16

Code: Select all

function include_ext_php($inc_file) { 
        // includes an external PHP script file and returns 
        // the result as string from buffered include content 
        $ext_php_content = ''; 
        //check if this is a local file 
        if(is_file($inc_file)) { 
                
                $this_path = str_replace("\\", '/', dirname(realpath($inc_file))); 
                $this_path = preg_replace('/\/$/', '', $this_path); 
                
                $root_path = str_replace("\\", '/', PHPWCMS_ROOT); 
                $root_path = preg_replace('/\/$/', '', $root_path); 
                
                if(strpos($this_path, $root_path) === 0) { 
                        ob_start(); 
                        include $inc_file; 
                        $ext_php_content = ob_get_contents(); 
                        ob_end_clean(); 
                } 
        } 
        return $ext_php_content; 
}

pSouper · Post by **pSouper** » Sun 9. May 2004, 00:22

sorry my fault, I pasted the wrong version. I have edited my post so the code above will work now.
thanks for highlighting that for me. I shall cry myself to sleep with embarrassment now.

{PHP:} & parseing variables

{PHP:} & parseing variables

Newly secured front.func.inc.php patch