phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

{PHP:} & parseing variables

https://forum.phpwcms.org/viewtopic.php?t=1281

Page 1 of 2

{PHP:} & parseing variables

Posted: Sat 20. Mar 2004, 23:54
by pSouper
is it possible to parse a variable within the {PHP:} replacement tag?
e.g....
my Article...

Code: Select all

{PHP:include\inc_ext\myFile.php?foo="Dir/SubDir/"}
myfile.php ...

Code: Select all

$foo = $_GET['foo']; ...
any help, as always is greatfully apreciated.

Posted: Sun 21. Mar 2004, 01:46
by ionrock
No that won't work. Doing an include will not use the http get method. But you can just put straight php code in the plain text area if that might help.

Posted: Sun 21. Mar 2004, 01:47
by ionrock
I take that back... It looks like you can't do regular php code in your plain text area. I might have missed something with that though so who knows.

Posted: Sun 21. Mar 2004, 10:53
by pSouper
I was hopeing to avoide making a new repTag. Replacement tags are a truly great thing but as mention elsewhere in this forum, making replacement tags that just call an external php is silly. using {PHP:} to extend/mod is a cool option but sometimes parseing variables would be nice :)

Posted: Sun 21. Mar 2004, 11:42
by hidiho
Hi all,

as i was reading this thread, i had a flashback: someone already solved it with a short hack (fatxu was his name). The thread:http://phpwcms.de/forum/viewtopic.php?t=410

and his hack:
i change some code in front.func.inc.php. so i can transfer some value to my ext php.
Code:

function include_ext_php($inc_file) {
// includes an external PHP script file and returns
// the result as string from buffered include content
$ext_php_content = "";
ob_start();
$command=strpos($inc_file,"?");
if ($command>0)
{
parse_str(substr($inc_file,$command+1));
$inc_file=substr($inc_file,0,$command);
}
include $inc_file;
$ext_php_content = ob_get_contents();
ob_end_clean();
return $ext_php_content;
}



i can use it like that


Code:

{PHP:showmoviecat.php?cat=1}
hopes this helps

regard

hidiho

Posted: Sun 21. Mar 2004, 16:46
by pSouper
thanks for finding this Hidiho.
it reads to me as though it only strips the arguments out of the code though - and doesn't actually parse it on to the inclided file.

Code: Select all

$command=strpos($inc_file,"?");// LOOK FOR A '?'
if ($command>0)//IF THERE IS A '?' do....
{
parse_str(substr($inc_file,$command+1));
$inc_file=substr($inc_file,0,$command);//GET ALL BEFORE THE '?'
}
am i wrong?

EDIT: i am wrong (neither the first nor the last time).
I understand (now) that the variables are created and that this is enough - I was using $_GET[foo] in my included code :oops:

thanks all for your help

Posted: Sun 21. Mar 2004, 21:02
by ionrock
There is this post also if it might help

http://www.phpwcms.de/forum/viewtopic.p ... ght=phpvar

Posted: Sun 21. Mar 2004, 23:46
by pSouper
thanks IR, I have it working now - but this thread is very interesting to know too :)

Newly secured front.func.inc.php patch

Posted: Sat 8. May 2004, 16:15
by pSouper
Since Oliver et al have released a patch for the include ext php function I thought I release the newly hacked version too....
(no idea if it meets any additional security though)

Code: Select all

function include_ext_php($inc_file) {
// includes an external PHP script file and returns
// the result as string from buffered include content
$ext_php_content = '';
	$command = strpos($inc_file, '?');
	if ($command !== false) {
		
		parse_str(substr($inc_file,$command+1));
		$inc_file_short = substr($inc_file, 0, $command);
		}
		
  if(is_file($inc_file_short)) {
		
		$this_path = str_replace("\\", '/', dirname(realpath($inc_file_short)));
		$this_path = preg_replace('/\/$/', '', $this_path);
		
		$root_path = str_replace("\\", '/', PHPWCMS_ROOT);
		$root_path = preg_replace('/\/$/', '', $root_path);
		
		if(strpos($this_path, $root_path) === 0) {
			ob_start();
			include $inc_file_short;
			$ext_php_content = ob_get_contents();
			ob_end_clean();
		}
	}
	return $ext_php_content;
}

Posted: Sat 8. May 2004, 18:28
by mdgroot
Hi, since I updated with the security patch today, my external programs are not running anymore...

eg.
{PHP:http://pub.alxnet.com/guestbook?id=xxxxxx}

it displays nothing anymore.... someone any idea ?

rgds,
marc

Posted: Sat 8. May 2004, 18:44
by pSouper
did you just install olivers patch or the one above you post by me?

Posted: Sat 8. May 2004, 20:13
by mdgroot
I did install Oliver's patch, also tried yours ..

Posted: Sat 8. May 2004, 23:58
by pSouper
would you post your new inc_ext_php function?

Posted: Sun 9. May 2004, 00:16
by mdgroot

Code: Select all

function include_ext_php($inc_file) { 
        // includes an external PHP script file and returns 
        // the result as string from buffered include content 
        $ext_php_content = ''; 
        //check if this is a local file 
        if(is_file($inc_file)) { 
                
                $this_path = str_replace("\\", '/', dirname(realpath($inc_file))); 
                $this_path = preg_replace('/\/$/', '', $this_path); 
                
                $root_path = str_replace("\\", '/', PHPWCMS_ROOT); 
                $root_path = preg_replace('/\/$/', '', $root_path); 
                
                if(strpos($this_path, $root_path) === 0) { 
                        ob_start(); 
                        include $inc_file; 
                        $ext_php_content = ob_get_contents(); 
                        ob_end_clean(); 
                } 
        } 
        return $ext_php_content; 
}

Posted: Sun 9. May 2004, 00:22
by pSouper
:oops: sorry my fault, I pasted the wrong version. I have edited my post so the code above will work now.
thanks for highlighting that for me. I shall cry myself to sleep with embarrassment now.
All times are UTC+01:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited