TalkPHP - View Single Post

sjaq · 02-04-2008, 08:51 AM

Try indenting your code next time, its easier on the eyes

PHP Code:


			
<?php

    if(isset($_POST['submit'])) { 



        $code = $_POST['url'];

        $source = file($code);



        foreach ($source as $line_num => $output) {

        //for each key as value  key is hidden , value is line number looking in $source

    

            $str = $output;

            $start = strpos($str, 'content=\"') + 1;

            $end = strpos($str, "\"");

            $keyword = substr($str,$start,$end, - $start);

            $keys = explode(",", $keyword);

    

        }

        

        for($i=0;$i<count($keys); $i++) { 

            echo $keys[$i]."<br/>";

        }



    } else { 



?>

<html>

    <head>

        <title></title>

    </head>

    <body>

        <form method="post" action="<? echo $_SERVER['PHP_SELF']; ?>">

            url: <input type="text" name="url"/><br/>

            <input type="submit" name="submit" value="submit"/>

        </form>

    </body>

</html>

<? } ?>

It looks like you forgot to close the for loop:

PHP Code:


			
for($i=0;$i<count($keys); $i++) 

    { echo $keys[$i]."<br/>";

b.t.w. I hope you know this script is really insecure at the moment, you're including a file that the user can specify without cleaning up the input, so someone could just put in /etc/passwd in the POST field and get that file. I always use str_replace to remove every / from the given string.

02-04-2008, 08:51 AM	#2 (permalink)
sjaq The Acquainted Join Date: Nov 2007 Location: Netherlands Posts: 113 Thanks: 11	Try indenting your code next time, its easier on the eyes PHP Code: <?php if(isset($_POST['submit'])) { $code = $_POST['url']; $source = file($code); foreach ($source as $line_num => $output) { //for each key as value key is hidden , value is line number looking in $source $str = $output; $start = strpos($str, 'content=\"') + 1; $end = strpos($str, "\""); $keyword = substr($str,$start,$end, - $start); $keys = explode(",", $keyword); } for($i=0;$i<count($keys); $i++) { echo $keys[$i]."<br/>"; } } else { ?> <html> <head> <title></title> </head> <body> <form method="post" action="<? echo $_SERVER['PHP_SELF']; ?>"> url: <input type="text" name="url"/><br/> <input type="submit" name="submit" value="submit"/> </form> </body> </html> <? } ?> It looks like you forgot to close the for loop: PHP Code: `for($i=0;$i<count($keys); $i++) { echo $keys[$i]."<br/>";` b.t.w. I hope you know this script is really insecure at the moment, you're including a file that the user can specify without cleaning up the input, so someone could just put in /etc/passwd in the POST field and get that file. I always use `str_replace` to remove every / from the given string.