保存 .php 文件并保存包含内容(可能)
设置:
我有一个标准 .php 文件 (index.php),其中包含两个包含内容,一个用于页眉 (header.php),一个用于页脚 (footer.php)。 index.php 文件如下所示:
index.php
<?php
include header.php;
?>
<h2>Hello</h2>
<p class="editable">Lorem ipsum dolar doo dah day</p>
<?php
include footer.php;
?>
header.php 如下所示:
<html>
<head>
<title>This is my page</title>
</head>
<body>
<h1 class="editable">My Website rocks</h1>
和 footer .php 如下所示:
<p>The end of my page</p>
</body>
我正在编写一个 PHP 脚本,该脚本允许您编辑页面上的任何“.editable”项目。我的问题是这些可编辑区域可能出现在任何包含的文件以及index.php 的主体中。
我的 php 代码正在使用 file_get_contents() 获取 index.php 文件;效果很好。我还可以编辑和保存 index.php 中的任何“.editable”区域。
我的问题:
我一直无法找到一种方法来“查找”包含内容并解析“.editable”区域的内容。我正在寻找有关如何处理 index.php 中所有包含内容的建议 - 检查它们是否有可编辑区域。我需要使用正则表达式来查找“include *.php”吗?我不确定从哪里开始...
对于那些可能希望查看我的 PHP 代码的人。我正在使用 PHP 类:[链接文本][1],它允许我编写如下代码:
// load the class and file
$html = new simple_html_dom();
$html->load_file("index.php");
// find the first editable area and change its content to "edited"
$html->find('*[class*=editable]', 0)->innertext = "Edited";
// save the file
$html->save(index.php);
[1]: http://simplehtmldom.sourceforge.net/manual_api.htm 简单的 php dom 解析器
更新
我一直在尝试使用正则表达式并匹配包含的内容。我对正则表达式很垃圾,但我想我已经很接近了。这是我到目前为止所得到的:
$findinclude = '/(?:include|include_once|require|require_once)\s*(?:[a-z]|"|\(|\)|\'|_|\.|\s|\/)*(?=(?:[^\<\?]|[^\?\>])*\?>)/i';
尽管在使用 preg_match 时它似乎确实返回了奇数 ) 和 ' ,但它匹配得相当好。我试图在正则表达式中添加一些安全性,以确保它只在 php 标签之间匹配 - 这部分: (?=(?:[^\<\?]|[^\?>])*\? >) - 但它只返回页面上的第一个包含内容。关于如何改进这个正则表达式有什么建议吗? (我已经花了大约6个小时)
The setup:
I have a standard .php file (index.php) that contains two includes, one for header (header.php) and one for footer (footer.php). The index.php file looks like this:
index.php
<?php
include header.php;
?>
<h2>Hello</h2>
<p class="editable">Lorem ipsum dolar doo dah day</p>
<?php
include footer.php;
?>
header.php like this:
<html>
<head>
<title>This is my page</title>
</head>
<body>
<h1 class="editable">My Website rocks</h1>
and footer .php like this:
<p>The end of my page</p>
</body>
I am writing a PHP script that allows you to edit any of the ".editable" items on a page. My problem is that these editable regions could appear in any included files as well as the main body of index.php.
My php code is grabbing the index.php file with file_get_contents(); which works well. I am also able to edit and save any ".editable" regions in index.php.
My issue:
I have been unable to find a way of "finding" the includes and parse through those for ".editable" regions as well. I am looking for suggestions on how I would work through all the includes in index.php - checking them for editable regions. Would I need to use regular expressions to find "include *.php"? I am unsure of where to even start...
For those of you who may wish to see my PHP code. I am making use of the PHP class: [link text][1] which allows me to write code like:
// load the class and file
$html = new simple_html_dom();
$html->load_file("index.php");
// find the first editable area and change its content to "edited"
$html->find('*[class*=editable]', 0)->innertext = "Edited";
// save the file
$html->save(index.php);
[1]: http://simplehtmldom.sourceforge.net/manual_api.htm simple php dom parser
UPDATE
I have been playing around with regular expressions to try and match the includes. I am pretty rubbish at regex but I think I am getting close. Here is what I have so far:
$findinclude = '/(?:include|include_once|require|require_once)\s*(?:[a-z]|"|\(|\)|\'|_|\.|\s|\/)*(?=(?:[^\<\?]|[^\?\>])*\?>)/i';
This matches fairly well although it does seem to return the odd ) and ' when using preg_match. I am trying to add a bit of security into the regex to ensure it only matches between php tags - this part: (?=(?:[^\<\?]|[^\?>])*\?>) - but it only returns the first include on a page. Any tips on how to improve this regular expression? (I have been at it for about 6 hours)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
您正在创建什么类型的系统?
如果它要被公众使用,你就会面临严重的安全问题。人们可以在提供的内容中包含他们自己的 PHP 代码或 JavaScript。
这根本不是创建动态内容的标准方法。对于大多数用途,您需要创建一个模板,然后允许用户将其更改保存到数据库中。然后,您可以将数据库中的信息填写到模板中以供显示。
如果您允许他们包含 HTML,请使用 html purifier 之类的内容来清理它,然后使用使用 PDO 准备的语句。我相信这里的人们会很乐意回答您有关使用数据库的任何问题。
What type of system are you creating?
If it's going to be used by the public, you'd have serious security concerns. People could include their own PHP code or JavaScript in the supplied content.
This isn't the standard way at all to create dynamic content. For most purposes, you'd want to create a single template, and then allow users to save their changes into a database. You'd then fill in the info into the template from the database for display.
If you allow them to include HTML use something like html purifier to clean it up, insert the data into your database with a prepared statement using PDO. I'm sure people here would be happy to answer any questions you may have about using a database.
我误解了你,忽略
hr之后的所有内容。为了做你想做的事,我想最简单的方法是将页面呈现给浏览器,构建某种 javascript 来查找和编辑可编辑区域,然后通过 AJAX 将其提交到 PHP 文件。
然后PHP文件将接收内容以及应该更改内容的位置,我仍然不太明白静态CMS是如何做到这一点的,但是有一些开源项目,请检查 此处和这里。我建议您研究他们的代码以了解他们是如何做到的。
这非常简单,而不是像这样包含文件:
您必须这样做:
另外,看看 QueryPath,看起来比SimpleHTMLDom好很多。
I've misunderstood you, disregard everything after the
hr.To do what you want I guess the simplest way is to present the page to the browser, build some kind of javascript that finds and edits editable areas and submit that to a PHP file via AJAX.
The PHP file would then receive the content and the place where it should change the content, I still don't understand very well how the static CMS do it, but there are some open source projects, check here and here. I suggest you study their code to find out how they do it.
That's really simple, instead of incluiding the file like this:
You have to do it like this:
Also, take a look at QueryPath, seems to be a lot better than SimpleHTMLDom.
根据您提供的正则表达式,我对其进行了一些优化并修复了一些关键错误:
在
preg_match_all()中:它应该将文件名与数字、数字、破折号、下划线、斜杠、空格匹配,点等等。
此外,文件名存储在引用 #1 中,并且结束 PHP 标记是可选的。
值得一提的是 token_get_all() 函数 的功能更多比正则表达式可靠。
Based on the regex you provided, I've optimized it a bit and fixed some crucial bugs:
And in
preg_match_all():It should match filenames with numbers, digits, dashes, underscores, slashes, spaces, dots and so on.
Also, the filename is stored in reference #1 and the ending PHP tag is optional.
It's worth mentioning that the token_get_all() function is much more reliable than regular expressions.
如果用户可以将内容提交到这些文件中,然后将它们包含到 PHP 文件中,那么您就会遇到严重的麻烦。
您应该拥有简单的模板,其中很少或根本没有 PHP,这些模板会被解析 - 然后,只有在正确清理后,您才可以将内容插入到 DOM 中。
解决“查找包含”问题的方法 - 您不需要这样做,PHP 会为您做到这一点 - 也许使用 ob_start 等。然后包含模板文件。然后抓取缓冲区内容(将是 HTML),然后使用 DOM 解析器解析已经组装的模板。
拜托,拜托,请确保您清理了注入 DOM 的所有内容。
否则,暴政和破坏肯定会降临到您的网站(以及您,取决于您服务器上的其他内容)。
If users can submit content into these and then they get included into a PHP file, then you are in some serious trouble.
You should have simple templates that have little or no PHP in them, which get parsed -- then and only then should you insert content into the DOM, after it has been properly sanitized.
The way to resolve your 'finding the includes' issue -- you don't need to, PHP does that for you -- maybe use ob_start et al. and then include the template file. Then grab the buffer contents (which will be HTML) and then parse the already assembled template with the DOM parser.
Please, please PLEASE make sure that you sanitize whatever you are injecting into the DOM.
Otherwise, tyranny and destruction are certain to rain down upon your web site (and you, depending on what else is on your server).
您只需将用户输入的文本存储在某处,然后将其加载到 PHP 模板中并使用 PHP 模板输出。
我会研究学习使用数据库。它没有什么沉重或缓慢的地方,实际上,这就是它们的目的。如果您不想使用数据库,则可以使用文件。我建议将数据以 JSON 格式存储在文件中,以赋予其某种结构。
这是一个非常简单的系统,使用文件来存储和检索 JSON 编码数据。
将编辑后要保存的内容制作一个数组
然后何时显示页面
等等。默认数组保存可编辑部分的标准内容,如果用户未提供任何内容,则会打印这些内容。如果有,则加载它,然后与默认数组合并。从文件加载的数据将覆盖 array_merge 部分中的默认数组信息(如果可用)。
You need to just store the user-inputted text somewhere and load it into, and output it with, your PHP template.
I'd look into learning to use a database. There is nothing heavy-weight or slow about it, and really, this is what they're for. If you don't want to use a database, you can use files instead. I'd suggest storing the data in the file in JSON format to give it some structure.
Here's a very simple system to use files to store and retrieve JSON encoded data.
Make an array of what you want to save after editing
Then when it's time to display the page
And so on. The defaults array holds the standard content for editable sections, which are printed if the user has not supplied any. If they have, it's loaded, and then merged with the default array. The data loaded from a file will overwrite the default array's info, if available, in array_merge part.
好吧,我终于解决了。如果有人想要在 .php 文件中查找任何 include、include_once、require、require_once,那么您可以将以下正则表达式与 preg_match_all 等 php 函数一起使用。
这会查找标签内的任何包含等。参考我原来的例子。我的代码如下所示:
工作完成!我现在可以完成此工作以根据需要编辑每个文件。
Ok, I finally worked it out. If anyone is looking to find any include, include_once, require, require_once in a .php file then you can use the following regular expression with a php function like preg_match_all.
This looks for any includes etc within tags. Referencing this back to my original example. My code looks like this:
Job done! I can now work through this to edit each file as required.