Jump to content

the crazy magic codes issue

seularts

By seularts
in PHP Coding Help

Recommended Posts

seularts Member

seularts

Posted
Posted

this is what happens when i try to submit my update:

<? include(\\\"lib/cap.php\\\"); ?><p class=\\\"baev-sub\\\"><a href=\\\"../../images/oth/lastscan/lastscan.jpg\\\" rel=\\\"lightbox\\\" id=\\\"imgi\\\" title=\\\"lastscan\\\"><img src=\\\"../../images/oth/lastscan/lastscan.jpg\\\" align=\\\"left\\\" height=\\\"100\\\" alt=\\\"Band picture: lastscan\\\" title=\\\"Buy now lastscan\\\"></a><big>lastscan</big><br />Input full text for Event sub-category here..

</p><p><a href=\\\"Javascript:history.go(-1);\\\">< Go Back</a></p><? include(\\\"lib/coada.php\\\"); ?>

 

and this is the script for submission:

 

if($_POST['edit']) {

$filenamex = $_POST['file'];

$filename="dir/".$filenamex.".php";

$boom = explode("/", $filename);

$name = explode(".", end($boom));

$filenamey=$name[0];

$handle = fopen($filename, "r");

$contents = fread($handle, filesize($filename));

echo "<form method=\"post\" action=\"index.php?area=edit\">

<strong>$filenamey</strong><br>

<input type=\"hidden\" name=\"file\" value=\"$filename\">

<textarea name=\"content\" cols=\"60\" rows=\"20\">".$contents."</textarea><br>

<input type=\"submit\" name=\"update\" value=\"Update\">

</form>";

fclose($handle);

} elseif($_POST['update']) {

$filename = $_POST['file'];

if(is_writable($filename)) {

$handle = fopen($filename, "w+");

fwrite($handle, $_POST['content']);

fclose($handle);

echo "File: <strong>". $filename . "</strong> edited successfully.<br><a href=\"$PHP_SELF\">Edit More Files</a>";

} else {

echo "Error! <strong>". $filename . "</strong> File may not be writable.";

}

} else {

echo "<form method=\"post\" action=\"$PHP_SELF\">

File: <input type=\"text\" name=\"file\"><br>

<input type=\"submit\" name=\"edit\" value=\"Edit\">

</form>";

}

 

how can i remove the \\\\\\\\\\\\ ?

Link to comment
https://forums.phpfreaks.com/topic/105453-the-crazy-magic-codes-issue/
Share on other sites
craygo Member

craygo

Posted
Posted

try this

<?php
$PHP_SELF = $_SERVER['PHP_SELF'];
if(isset($_POST['edit'])) {
$filenamex = $_POST['file'];
$filename=$filenamex.".php";
$boom = explode("/", $filename);
$name = explode(".", end($boom));
$filenamey=$name[0];
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
echo "<form method=\"post\" action=\"$PHP_SELF?area=edit\">
<strong>$filenamey</strong>

<input type=\"hidden\" name=\"file\" value=\"$filename\">
<textarea name=\"content\" cols=\"60\" rows=\"20\">".stripslashes($contents)."</textarea>

<input type=\"submit\" name=\"update\" value=\"Update\">
</form>";
fclose($handle);
} elseif(isset($_POST['update'])) {
$filename = $_POST['file'];
  if(is_writable($filename)) {
  $handle = fopen($filename, "w+");
  $content = stripslashes($_POST['content']);
  fwrite($handle, $content);
  fclose($handle);
  echo "File: <strong>". $filename . "</strong> edited successfully.
  <a href=\"$PHP_SELF\">Edit More Files</a>";
  } else {
  echo "Error! <strong>". $filename . "</strong> File may not be writable.";
  }
} else {
echo "<form method=\"post\" action=\"$PHP_SELF\">
File: <input type=\"text\" name=\"file\">

<input type=\"submit\" name=\"edit\" value=\"Edit\">
</form>";
}
?>

 

Ray

seularts Member

seularts

Posted
  • Author
Posted

Thanks that is perfect:) I also found this method.. but this is for serious slashes problems i guess:P

 

<?php

//Prevent Magic Quotes from affecting scripts, regardless of server settings

 

//Make sure when reading file data,

//PHP doesn't "magically" mangle backslashes!

set_magic_quotes_runtime(FALSE);

 

if (get_magic_quotes_gpc()) {

  /*

  All these global variables are slash-encoded by default,

  because    magic_quotes_gpc is set by default!

  (And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE)

  */

  $_SERVER = stripslashes_array($_SERVER);

  $_GET = stripslashes_array($_GET);

  $_POST = stripslashes_array($_POST);

  $_COOKIE = stripslashes_array($_COOKIE);

  $_FILES = stripslashes_array($_FILES);

  $_ENV = stripslashes_array($_ENV);

  $_REQUEST = stripslashes_array($_REQUEST);

  $HTTP_SERVER_VARS = stripslashes_array($HTTP_SERVER_VARS);

  $HTTP_GET_VARS = stripslashes_array($HTTP_GET_VARS);

  $HTTP_POST_VARS = stripslashes_array($HTTP_POST_VARS);

  $HTTP_COOKIE_VARS = stripslashes_array($HTTP_COOKIE_VARS);

  $HTTP_POST_FILES = stripslashes_array($HTTP_POST_FILES);

  $HTTP_ENV_VARS = stripslashes_array($HTTP_ENV_VARS);

  if (isset($_SESSION)) {    #These are unconfirmed (?)

      $_SESSION = stripslashes_array($_SESSION, '');

      $HTTP_SESSION_VARS = stripslashes_array($HTTP_SESSION_VARS, '');

  }

  /*

  The $GLOBALS array is also slash-encoded, but when all the above are

  changed, $GLOBALS is updated to reflect those changes.  (Therefore

  $GLOBALS should never be modified directly).  $GLOBALS also contains

  infinite recursion, so it's dangerous...

  */

}

 

function stripslashes_array($data) {

  if (is_array($data)){

      foreach ($data as $key => $value){

          $data[$key] = stripslashes_array($value);

      }

      return $data;

  }else{

      return stripslashes($data);

  }

}

?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.