Jump to content

the crazy magic codes issue

seularts

By seularts
in PHP Coding Help

 Share

Recommended Posts

seularts Member

seularts

Posted
Posted

this is what happens when i try to submit my update:

<? include(\\\"lib/cap.php\\\"); ?><p class=\\\"baev-sub\\\"><a href=\\\"../../images/oth/lastscan/lastscan.jpg\\\" rel=\\\"lightbox\\\" id=\\\"imgi\\\" title=\\\"lastscan\\\"><img src=\\\"../../images/oth/lastscan/lastscan.jpg\\\" align=\\\"left\\\" height=\\\"100\\\" alt=\\\"Band picture: lastscan\\\" title=\\\"Buy now lastscan\\\"></a><big>lastscan</big><br />Input full text for Event sub-category here..

</p><p><a href=\\\"Javascript:history.go(-1);\\\">< Go Back</a></p><? include(\\\"lib/coada.php\\\"); ?>

 

and this is the script for submission:

 

if($_POST['edit']) {

$filenamex = $_POST['file'];

$filename="dir/".$filenamex.".php";

$boom = explode("/", $filename);

$name = explode(".", end($boom));

$filenamey=$name[0];

$handle = fopen($filename, "r");

$contents = fread($handle, filesize($filename));

echo "<form method=\"post\" action=\"index.php?area=edit\">

<strong>$filenamey</strong><br>

<input type=\"hidden\" name=\"file\" value=\"$filename\">

<textarea name=\"content\" cols=\"60\" rows=\"20\">".$contents."</textarea><br>

<input type=\"submit\" name=\"update\" value=\"Update\">

</form>";

fclose($handle);

} elseif($_POST['update']) {

$filename = $_POST['file'];

if(is_writable($filename)) {

$handle = fopen($filename, "w+");

fwrite($handle, $_POST['content']);

fclose($handle);

echo "File: <strong>". $filename . "</strong> edited successfully.<br><a href=\"$PHP_SELF\">Edit More Files</a>";

} else {

echo "Error! <strong>". $filename . "</strong> File may not be writable.";

}

} else {

echo "<form method=\"post\" action=\"$PHP_SELF\">

File: <input type=\"text\" name=\"file\"><br>

<input type=\"submit\" name=\"edit\" value=\"Edit\">

</form>";

}

 

how can i remove the \\\\\\\\\\\\ ?

Link to comment
https://forums.phpfreaks.com/topic/105453-the-crazy-magic-codes-issue/
Share on other sites
craygo Member

craygo

Posted
Posted

try this

<?php
$PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_POST['edit'])) {
$filenamex = $_POST['file'];
$filename=$filenamex.".php";
$boom = explode("/", $filename);
$name = explode(".", end($boom));
$filenamey=$name[0];
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
echo "<form method=\"post\" action=\"$PHP_SELF?area=edit\">
<strong>$filenamey</strong>

<input type=\"hidden\" name=\"file\" value=\"$filename\">
<textarea name=\"content\" cols=\"60\" rows=\"20\">".stripslashes($contents)."</textarea>

<input type=\"submit\" name=\"update\" value=\"Update\">
</form>";
fclose($handle);
} elseif(isset($_POST['update'])) {
$filename = $_POST['file'];
  if(is_writable($filename)) {
  $handle = fopen($filename, "w+");
  $content = stripslashes($_POST['content']);
  fwrite($handle, $content);
  fclose($handle);
  echo "File: <strong>". $filename . "</strong> edited successfully.
  <a href=\"$PHP_SELF\">Edit More Files</a>";
  } else {
  echo "Error! <strong>". $filename . "</strong> File may not be writable.";
  }
} else {
echo "<form method=\"post\" action=\"$PHP_SELF\">
File: <input type=\"text\" name=\"file\">

<input type=\"submit\" name=\"edit\" value=\"Edit\">
</form>";
}
?>

 

Ray

seularts Member

seularts

Posted
  • Author
Posted

Thanks that is perfect:) I also found this method.. but this is for serious slashes problems i guess:P

 

<?php

//Prevent Magic Quotes from affecting scripts, regardless of server settings

 

//Make sure when reading file data,

//PHP doesn't "magically" mangle backslashes!

set_magic_quotes_runtime(FALSE);

 

if (get_magic_quotes_gpc()) {

  /*

  All these global variables are slash-encoded by default,

  because    magic_quotes_gpc is set by default!

  (And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE)

  */

  $_SERVER = stripslashes_array($_SERVER);

  $_GET = stripslashes_array($_GET);

  $_POST = stripslashes_array($_POST);

  $_COOKIE = stripslashes_array($_COOKIE);

  $_FILES = stripslashes_array($_FILES);

  $_ENV = stripslashes_array($_ENV);

  $_REQUEST = stripslashes_array($_REQUEST);

  $HTTP_SERVER_VARS = stripslashes_array($HTTP_SERVER_VARS);

  $HTTP_GET_VARS = stripslashes_array($HTTP_GET_VARS);

  $HTTP_POST_VARS = stripslashes_array($HTTP_POST_VARS);

  $HTTP_COOKIE_VARS = stripslashes_array($HTTP_COOKIE_VARS);

  $HTTP_POST_FILES = stripslashes_array($HTTP_POST_FILES);

  $HTTP_ENV_VARS = stripslashes_array($HTTP_ENV_VARS);

  if (isset($_SESSION)) {    #These are unconfirmed (?)

      $_SESSION = stripslashes_array($_SESSION, '');

      $HTTP_SESSION_VARS = stripslashes_array($HTTP_SESSION_VARS, '');

  }

  /*

  The $GLOBALS array is also slash-encoded, but when all the above are

  changed, $GLOBALS is updated to reflect those changes.  (Therefore

  $GLOBALS should never be modified directly).  $GLOBALS also contains

  infinite recursion, so it's dangerous...

  */

}

 

function stripslashes_array($data) {

  if (is_array($data)){

      foreach ($data as $key => $value){

          $data[$key] = stripslashes_array($value);

      }

      return $data;

  }else{

      return stripslashes($data);

  }

}

?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.