Xeoncross Posted June 25, 2007 Share Posted June 25, 2007 I am trying to create an array of the files that I will allow to show the source code of. These files will be in a multidimensional array and when someone asks my script to highlight a file (using a $_GET like "show_source.php?page=index.php") I will check to make sure that the file is in the array before I highlight the PHP code and show it to the user. Basically, I want to prevent something like "show_source.php?page=../db.php" Here is what the array "$files" looks like: Array ( [1] => Array ( [level] => 1 [name] => index.php [path] => /path/cms/ ) [2] => Array ( [level] => 2 [name] => functions.php [path] => /path/cms/functions/ ) [3] => Array ( [level] => 3 [name] => login.php [path] => /path/cms/admin/ ) [4] => Array ( [level] => 3 [name] => functions.php [path] => /path/cms/admin/ ) } I have tried something like this but I can't get it to work. <?php //NOTE: The list of ok files to highlight is called "$files". //Lets make two files that a user could try to highlight. $page = 'functions.php'; $page2 = 'sdkfjsdkfjdj.php'; if (!in_array($page2, $files)) { $content .= '<ul id="pages">'; foreach ($files as $list) { //print array $content .= '<li class="pages"><a href="/show_source.php?page='. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '">'. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '</a> (Level '. $list['level']. ')</li>'; //" => Path: " . $list['path'] ."<br>"; } $content .= '</ul>'; //Else the file is the the array so it is safe to highlight. } else { $content = highlight_file($page2, true); } print $content; ?> I also tried something like this: <?php //The list of ok files to highlight is called "$files". $page = 'functions.php'; //if (!in_array($page, $files)) { if (array_search($page,$files) > -1) { $content .= '<ul id="pages">'; foreach ($files as $list) { //print array $content .= '<li class="pages"><a href="/show_source.php?page='. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '">'. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '</a> (Level '. $list['level']. ')</li>'; //" => Path: " . $list['path'] ."<br>"; } $content .= '</ul>'; //Else the file is the the array so it is safe to highlight. } else { $content = highlight_file($page, true); } print $content; ?> How can I go through the multidimensional array of $files and make sure that the $page that the user wants highlighted is in fact a "safe" page in the array and not some kind of hacking attempt? Quote Link to comment https://forums.phpfreaks.com/topic/57089-checking-array-before-show_source-of-file/ Share on other sites More sharing options...
per1os Posted June 25, 2007 Share Posted June 25, 2007 Part of the problem could be that this file <?php //NOTE: The list of ok files to highlight is called "$files". //Lets make two files that a user could try to highlight. $page = 'functions.php'; $page2 = 'sdkfjsdkfjdj.php'; if (!in_array($page2, $files)) { $content .= '<ul id="pages">'; foreach ($files as $list) { //print array $content .= '<li class="pages"><a href="/show_source.php?page='. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '">'. str_replace('cms/', '', ($list['dir']. '/')). $list['name']. '</a> (Level '. $list['level']. ')</li>'; //" => Path: " . $list['path'] ."<br>"; } $content .= '</ul>'; //Else the file is the the array so it is safe to highlight. } else { $content = highlight_file($page2, true); } } print $content; ?> Has a syntax error with the very last bracket. That is 1 bracket too many. Quote Link to comment https://forums.phpfreaks.com/topic/57089-checking-array-before-show_source-of-file/#findComment-282076 Share on other sites More sharing options...
Xeoncross Posted June 25, 2007 Author Share Posted June 25, 2007 Thanks, but this has nothing to do with the grammar of the code as this is just a quick snippet I wrote up to show the problem. So feel free to ignore any of my bad typing The problem is I don't know how to get http://us.php.net/in_array or http://us.php.net/manual/en/function.array-search.php or http://us.php.net/manual/en/function.array-key-exists.php to check a multidimensional array for my value. Quote Link to comment https://forums.phpfreaks.com/topic/57089-checking-array-before-show_source-of-file/#findComment-282088 Share on other sites More sharing options...
sasa Posted June 25, 2007 Share Posted June 25, 2007 try <?php function my_in_arr($p) { $a = Array( 1 => Array('level' => 1, 'name' => 'index.php', 'path' => '/path/cms/'), 2 => Array('level' => 2, 'name' => 'functions.php', 'path' => '/path/cms/functions/'), 3 => Array('level' => 3, 'name' => 'login.php', 'path' => '/path/cms/admin/'), 4 => Array('level' => 3, 'name' => 'functions.php', 'path' => '/path/cms/admin/')); $out = false; foreach ($a as $v) if ($v['name'] == $p) $out = true; return $out; } $page = 'functions.php'; if(my_in_arr($page)) echo 'in array'; else echo 'not in array'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/57089-checking-array-before-show_source-of-file/#findComment-282098 Share on other sites More sharing options...
Xeoncross Posted June 25, 2007 Author Share Posted June 25, 2007 Thanks sasa! Actually, I was looking for the value in the first array (see code above) and that is why I couldn't find it! I needed to go down one level and then look for it... <?php $found = FALSE; foreach ($files as $value) { if(is_array($value)) { if (array_search($page, $value)) { $found = TRUE; } } } if($found) { $content = "<br /><hr /><br />We found the value!<br />". $content; $content .= highlight_file($page, true); } ?> This works fine now. Quote Link to comment https://forums.phpfreaks.com/topic/57089-checking-array-before-show_source-of-file/#findComment-282104 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.