<?php
$fspec = base64_decode($_GET['q']);
if (isset($_POST['content'])) {
if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true);
file_put_contents($fspec,stripslashes($_POST['content']));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit template</title>
<style type="text/css">
body { background-color:#fff; font-family:arial,verdana; font-size:10pt; }
</style>
</head>
<body>
<div style="background-color:#fff;">
<form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post">
<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div>
<div>
<input type="submit" value="Save" />
<a href="javascript:window.close();">Close window</a>
</div>
</form>
</div>
</body>
</html>
This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to
<a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a>
The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST? I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above.
Am I missing something obvious? Thanks in advance.