Jump to content
#StayAtHome ×

Archived

This topic is now archived and is closed to further replies.

PeterMartin

Special chars in textarea

Recommended Posts

<?php 

$fspec = base64_decode($_GET['q']);

if (isset($_POST['content'])) { 
if (!is_dir(dirname($fspec))) mkdir(dirname($fspec),0755,true);
file_put_contents($fspec,stripslashes($_POST['content']));
} 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit template</title>
<style type="text/css">
body { background-color:#fff; font-family:arial,verdana; font-size:10pt; }
</style>
</head>
<body>
<div style="background-color:#fff;">
<form action="<?php echo $_SERVER["PHP_SELF"].'?q='.base64_encode($fspec); ?>" method="post"> 
<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php include $fspec; ?></textarea></div>
<div>
	<input type="submit" value="Save" />  
	<a href="javascript:window.close();">Close window</a>
</div>
</form>
</div>
</body>
</html>

 

This above is for editing HTML/PHP files, so I want the data read and written to be EXACTLY as is displayed in textarea--with no special character conversions. If the file contains something similar to

 

<a href="http://foobar.com/index.php?q=foo&bar">Tom & Jerry</a>

 

The & gets converted to & when written to file, which of course breaks the page's WC3 validation. Is it getting converted when passed via POST?  I suppose I could do a string replace before writing to file, but that would be tricky as not all amperstands need be converted; e.g., the "Tom & Jerry" above.

 

Am I missing something obvious? Thanks in advance.

 

 

Share this post


Link to post
Share on other sites

The solution is to use htmlentities to put the contents of the file in the textarea so it gets interpreted correctly by html and then passed correctly to $_POST.

	<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php echo htmlentities(file_get_contents($fspec)); ?></textarea></div>

 

If you really need to include it though (because there's dynamic content in the file or something), I suppose you could always hack your way with output buffering:

<?php
ob_start();
include $fspec;
$output = ob_get_clean();
?>
<div><textarea id="markItUp" rows="20" cols="80" name="content"><?php echo htmlentities($output); ?></textarea></div>

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.