Jump to content

Special chars in textarea


PeterMartin

Recommended Posts

<?php 

$fspec = base64_decode($_GET['q']);

if (isset($_POST['content'])) { 
if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true);
file_put_contents($fspec,stripslashes($_POST['content']));
} 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit template</title>
<style type="text/css">
body { background-color:#fff; font-family:arial,verdana; font-size:10pt; }
</style>
</head>
<body>
<div style="background-color:#fff;">
<form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> 
<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div>
<div>
	<input type="submit" value="Save" />  
	<a href="javascript:window.close();">Close window</a>
</div>
</form>
</div>
</body>
</html>

 

This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to

 

<a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a>

 

The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST?  I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above.

 

Am I missing something obvious? Thanks in advance.

 

 

Link to comment
Share on other sites

The solution is to use htmlentities to put the contents of the file in the textarea so it gets interpreted correctly by html and then passed correctly to $_POST.

	<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php echo htmlentities(file_get_contents($fspec)); ?></textarea></div>

 

If you really need to include it though (because there's dynamic content in the file or something), I suppose you could always hack your way with output buffering:

<?php
ob_start();
include $fspec;
$output = ob_get_clean();
?>
<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php echo htmlentities($output); ?></textarea></div>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.