| execute php in template [message #175770] |
Sun, 23 October 2011 19:47  |
cerr
Messages: 33
Registered: September 2010
Karma: 0
|
Member |
|
|
hi There,
I have a page that i assemble with a graphics template and a content
file in my index.php. Kinda like:
<?
$template = file_get_contents($tmpl_path);
$content = file_get_contents($cont_path);
and in template, there's a marker where to insert the content:
$page = str_replace("[CONTENT]",$content,$template);
echo $page.
This works well so far, but if I wanna use php in my template, it
doesn't get executed by file_get_contents(). How can I load this file
and execute php within it? Also, I would like to reuse ($_GET)
variables i have in index.php. Do I need to forward them to my
template by a regular get url or will i just be able to reuse the
variables straight?
Thanks for help in this matter!
Ron
|
|
|
|
| Re: execute php in template [message #175771 is a reply to message #175770] |
Sun, 23 October 2011 20:29  |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 10/23/2011 3:47 PM, cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>
> Ron
You can use the exec() command to do it, but such operations are VERY
DANGEROUS and not recommended. For instance, what if someone snuck into
your code something like:
system('rm -r /');
That will (on unix) erase everything available to the process on your
hard drive. You use exec() at your own risk and don't be surprised when
your system is hacked.
Each request to a page is a new execution unit, and the only things
available to the execution are what you send it. There are a number of
ways you can do it, i.e. $_GET parameters, sessions, cookies, hidden
fields in a submitted form... but nothing from previous script
executions will be available without it.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: execute php in template [message #175772 is a reply to message #175770] |
Sun, 23 October 2011 21:03 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>
try
include("/path/to/my_template");
> Ron
|
|
|
|
| Re: execute php in template [message #175774 is a reply to message #175772] |
Sun, 23 October 2011 22:43 |
cerr
Messages: 33
Registered: September 2010
Karma: 0
|
Member |
|
|
On Oct 23, 2:03 pm, The Natural Philosopher <t...@invalid.invalid>
wrote:
> cerr wrote:
>> hi There,
>
>> I have a page that i assemble with a graphics template and a content
>> file in my index.php. Kinda like:
>> <?
>> $template = file_get_contents($tmpl_path);
>> $content = file_get_contents($cont_path);
>> and in template, there's a marker where to insert the content:
>> $page = str_replace("[CONTENT]",$content,$template);
>> echo $page.
>
>> This works well so far, but if I wanna use php in my template, it
>> doesn't get executed by file_get_contents(). How can I load this file
>> and execute php within it? Also, I would like to reuse ($_GET)
>> variables i have in index.php. Do I need to forward them to my
>> template by a regular get url or will i just be able to reuse the
>> variables straight?
>> Thanks for help in this matter!
>
> try
> include("/path/to/my_template");
>
Thanks to both for the replies, I have not tried exec or passthru but
include e.g. won't return me anything, it'll just execute the template
right there instead of returning me a string that i'll be able to
modify (to insert the content)...
> what if someone snuck into
> your code something like:
> system('rm -r /');
How would someone be able to do that? From the "outside" there's no
access to do this, right?
Thanks,
Ron
|
|
|
|
| Re: execute php in template [message #175775 is a reply to message #175774] |
Sun, 23 October 2011 23:20 |
Gregor Kofler
Messages: 69
Registered: September 2010
Karma: 0
|
Member |
|
|
Am 2011-10-24 00:43, cerr meinte:
> On Oct 23, 2:03 pm, The Natural Philosopher <t...@invalid.invalid>
> wrote:
>> cerr wrote:
>>> hi There,
>>
>>> I have a page that i assemble with a graphics template and a content
>>> file in my index.php. Kinda like:
>>> <?
>>> $template = file_get_contents($tmpl_path);
>>> $content = file_get_contents($cont_path);
>>> and in template, there's a marker where to insert the content:
>>> $page = str_replace("[CONTENT]",$content,$template);
>>> echo $page.
>>
>>> This works well so far, but if I wanna use php in my template, it
>>> doesn't get executed by file_get_contents(). How can I load this file
>>> and execute php within it? Also, I would like to reuse ($_GET)
>>> variables i have in index.php. Do I need to forward them to my
>>> template by a regular get url or will i just be able to reuse the
>>> variables straight?
>>> Thanks for help in this matter!
>>
>> try
>> include("/path/to/my_template");
>>
>
> Thanks to both for the replies, I have not tried exec or passthru but
> include e.g. won't return me anything, it'll just execute the template
> right there instead of returning me a string that i'll be able to
> modify (to insert the content)...
Buffer the content (ob_start() and accompanying functions) and work with
the buffer content, flush buffer once you are done.
Gregor
--
http://vxweb.net
|
|
|
|
| Re: execute php in template [message #175777 is a reply to message #175774] |
Sun, 23 October 2011 23:38 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 10/23/2011 6:43 PM, cerr wrote:
> On Oct 23, 2:03 pm, The Natural Philosopher<t...@invalid.invalid>
> wrote:
>> cerr wrote:
>>> hi There,
>>
>>> I have a page that i assemble with a graphics template and a content
>>> file in my index.php. Kinda like:
>>> <?
>>> $template = file_get_contents($tmpl_path);
>>> $content = file_get_contents($cont_path);
>>> and in template, there's a marker where to insert the content:
>>> $page = str_replace("[CONTENT]",$content,$template);
>>> echo $page.
>>
>>> This works well so far, but if I wanna use php in my template, it
>>> doesn't get executed by file_get_contents(). How can I load this file
>>> and execute php within it? Also, I would like to reuse ($_GET)
>>> variables i have in index.php. Do I need to forward them to my
>>> template by a regular get url or will i just be able to reuse the
>>> variables straight?
>>> Thanks for help in this matter!
>>
>> try
>> include("/path/to/my_template");
>>
>
> Thanks to both for the replies, I have not tried exec or passthru but
> include e.g. won't return me anything, it'll just execute the template
> right there instead of returning me a string that i'll be able to
> modify (to insert the content)...
>
You can buffer the content. See ob_start(), ob_end_clean(), etc.
>> what if someone snuck into
>> your code something like:
>> system('rm -r /');
>
> How would someone be able to do that? From the "outside" there's no
> access to do this, right?
>
> Thanks,
> Ron
Are you sure? Sony thought so...
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: execute php in template [message #175778 is a reply to message #175777] |
Mon, 24 October 2011 01:37 |
Hans Olo
Messages: 7
Registered: October 2011
Karma: 0
|
Junior Member |
|
|
On 10/23/2011 6:38 PM, Jerry Stuckle cried from the depths of the abyss:
>
>>> what if someone snuck into
>>> your code something like:
>>> system('rm -r /');
>>
>> How would someone be able to do that? From the "outside" there's no
>> access to do this, right?
>
> Are you sure? Sony thought so...
>
Keep in mind that the rm request can only delete files that have the
same permissions as the httpd user. This is why apache recommends
creating a bs account (httpd, acache, joeblow, etc.) to use to run the
httpd server. Almost all stock httpd configs use a bogus user (either
configged by a package, or a requirement if compililng from source), and
this wouldn't delete too much except www related files & perhaps some
config files.
/ will only get deleted if the httpd is being run as root
|
|
|
|
| Re: execute php in template [message #175779 is a reply to message #175778] |
Mon, 24 October 2011 02:30 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 10/23/2011 9:37 PM, Hans Olo wrote:
> On 10/23/2011 6:38 PM, Jerry Stuckle cried from the depths of the abyss:
>>
>>>> what if someone snuck into
>>>> your code something like:
>>>> system('rm -r /');
>>>
>>> How would someone be able to do that? From the "outside" there's no
>>> access to do this, right?
>>
>> Are you sure? Sony thought so...
>>
>
> Keep in mind that the rm request can only delete files that have the
> same permissions as the httpd user. This is why apache recommends
> creating a bs account (httpd, acache, joeblow, etc.) to use to run the
> httpd server. Almost all stock httpd configs use a bogus user (either
> configged by a package, or a requirement if compililng from source), and
> this wouldn't delete too much except www related files & perhaps some
> config files.
>
> / will only get deleted if the httpd is being run as root
Please read what I said in my first post. And never count on the
process being a bogus user with limited rights.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: execute php in template [message #175781 is a reply to message #175770] |
Mon, 24 October 2011 07:02 |
Goran
Messages: 38
Registered: January 2011
Karma: 0
|
Member |
|
|
On 23.10.2011 21:47, cerr wrote:
> hi There,
>
> I have a page that i assemble with a graphics template and a content
> file in my index.php. Kinda like:
> <?
> $template = file_get_contents($tmpl_path);
> $content = file_get_contents($cont_path);
> and in template, there's a marker where to insert the content:
> $page = str_replace("[CONTENT]",$content,$template);
> echo $page.
>
> This works well so far, but if I wanna use php in my template, it
> doesn't get executed by file_get_contents(). How can I load this file
> and execute php within it? Also, I would like to reuse ($_GET)
> variables i have in index.php. Do I need to forward them to my
> template by a regular get url or will i just be able to reuse the
> variables straight?
> Thanks for help in this matter!
>
> Ron
Use output buffering functions to grab content before it is outputed.
|
|
|
|
| Re: execute php in template [message #175786 is a reply to message #175779] |
Mon, 24 October 2011 12:39 |
Hans Olo
Messages: 7
Registered: October 2011
Karma: 0
|
Junior Member |
|
|
On 10/23/2011 9:30 PM, Jerry Stuckle cried from the depths of the abyss:
>> / will only get deleted if the httpd is being run as root
>
> Please read what I said in my first post. And never count on the process
> being a bogus user with limited rights.
>
I wasn't correcting you. Just adding on to what you said. Your warning
could put the fear of root into newbies. I just wanted to clarify is all.
|
|
|
|
| Re: execute php in template [message #175787 is a reply to message #175786] |
Mon, 24 October 2011 13:16 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 10/24/2011 8:39 AM, Hans Olo wrote:
> On 10/23/2011 9:30 PM, Jerry Stuckle cried from the depths of the abyss:
>
>>> / will only get deleted if the httpd is being run as root
>>
>> Please read what I said in my first post. And never count on the process
>> being a bogus user with limited rights.
>>
>
> I wasn't correcting you. Just adding on to what you said. Your warning
> could put the fear of root into newbies. I just wanted to clarify is all.
Which is why I said "That will (on unix) erase everything available to
the process on your hard drive.".
And NEVER count on the process being a bogus user with limited rights.
Such assumptions are always dangerous.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]