Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Handling script editing via script 1

Status
Not open for further replies.
monkle

monkle

Programmer
Feb 11, 2004
132
US
I am trying to make a php script that will display the source of another php script and allow it to be edited.

The problem that I am having is that the submitted data has invalid characters in it (such as backslashes)

I know there has to be aa way to do this, but I have not yet found a simple way to do it. Urldecode is my first thought, but I have no way to encode script source that is being submitted. Where do I need to be looking to find more information on this? Any help would be greatly appreciated.
 
Sort by date Sort by votes
Backslashes are not invalid. Maybe you have to use the function stripslashes() on the returned data before processing it.

Can we see the code you're using?

Ken
 
Upvote 0 Downvote
I'm sorry for the brevity of the original post. I was in too much of a hurry when I posted it.

The entire script is very short (34 lines), so I will post it in it's entirety.

I should have been more clear about "invalid characters". The characters themselves are not invalid, however, it is adding characters to the script being edited that cause the script to not function correctly.

Code: 
<?php

if ($_POST['user'] == 'usr' && $_POST['pass'] == 'pass')
{
  //echo '`';
  $filedir = "index.php";
  if (is_writable($filedir) && strlen($_POST['indexsrc']) > 0)
  {
    $handle = fopen($filedir, "w");
    fwrite($handle, $_POST['indexsrc']);
    fclose($handle);
  } 
  else
  {
    echo "Can't write to ", $filedir;
  }
}
else if ($_POST['user'])
{
  echo '.';
}
echo "<center><h2>Daily Linkage Page - Edit!</h2></center><hl>
<form action = 'edit.php' method = 'POST'>User: <input type = 'text' name = 'user'> Pass: <input type = 'password' name = 'pass'><br>";

// output file to page
$handle = fopen("index.php", "r");
while (!feof($handle)) {
    $buffer = $buffer . fgets($handle, 4096);
    //echo $buffer;
}
fclose($handle);
echo "<textarea name = 'indexsrc' cols = '100' rows = '50'>$buffer</textarea><br>
<input type = 'submit' value = 'Save Changes'></form>"
?>
 
Upvote 0 Downvote
Magic Quotes are turned on.

Do a stripslashes() on the returned text before writing it to a file.

You can also turn Magic Quotes off.

Ken
 
Upvote 0 Downvote
You need to escape in and out of PHP in your string:
Code: 
<?
$str = '?>kewrewlk<br><? require("testingr.php"); ?><br> sdofs<br><?';
eval($str);
?>
Works correctly.
 
Upvote 0 Downvote
That appears to do it, thanks! I thought there was something like that, but I couldn't remember what it was, and I didn't find anything about it while researching the problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sugram
  • Locked
  • Question
how start a second shell script
Replies
0
Views
152
sugram
sugram
Marine1969
  • Locked
  • Question
Ajax Script
Replies
0
Views
123
Marine1969
Marine1969
lupidol
  • Locked
  • Question
PHP editing value doesn't fully shows the original value 1
Replies
3
Views
133
vacunita
vacunita
southbeach
  • Locked
  • Question
How can I tell if curl is calling my script? 2
Replies
7
Views
282
ChrisHirst
ChrisHirst
moukieb
  • Locked
  • Question
Bitcoin Price Ticker Script
Replies
2
Views
286
moukieb
moukieb

Part and Inventory Search

Sponsor

Back
Top