当前位置：文江博客话题详情

PHP 正则表达式替换

发布于 2024-12-09 02:07:50 字数 295 浏览 0 评论 0原文

我目前正在尝试使用 PHP 将令牌添加到 CMS。

用户可以输入（到所见即所得编辑器中）一个字符串，例如[my_include.php]。我们希望提取具有这种格式的任何内容，并将其转换为以下格式的包含：

include('my_include.php');

任何人都可以协助编写正则表达式和提取过程以允许此操作？理想情况下，我想将它们全部提取到一个数组中，以便我们可以在将其解析为 include();? 之前提供一些检查。

谢谢！

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

晚雾 2024-12-16 02:07:50

preg_replace('~\[([^\]]+)\]~', 'include "\\1";', $str);

工作示例：http://ideone.com/zkwX7

preg_replace('~\[([^\]]+)\]~', 'include "\\1";', $str);

Working sample: http://ideone.com/zkwX7

回复收藏 0 原文

枯寂 2024-12-16 02:07:50

您要么想要使用 preg_match_all()，在循环中运行结果并替换您找到的任何内容。可能比下面的回调解决方案快一点，但如果使用 PREG_OFFSET_CAPUTRE 和 substr_replace() 则有点棘手。

<?php

function handle_replace_thingie($matches) {
  // build a file path
  $file = '/path/to/' . trim($matches[1]);

  // do some sanity checks, like file_exists, file-location (not that someone includes /etc/passwd or something)
  // check realpath(), file_exists() 
  // limit the readable files to certain directories
  if (false) {
    return $matches[0]; // return original, no replacement
  }

  // assuming the include file outputs its stuff we need to capture it with an output buffer
  ob_start();
  // execute the include
  include $file;
  // grab the buffer's contents
  $res = ob_get_contents();
  ob_end_clean();
  // return the contents to replace the original [foo.php]
  return $res;
}

$string = "hello world, [my_include.php] and [foo-bar.php] should be replaced";
$string = preg_replace_callback('#\[([^\[]+)\]#', 'handle_replace_thingie', $string);
echo $string, "\n";

?>

You'll either want to go with preg_match_all(), run the results in a loop and replace whatever you found. Might be a bit faster than the following callback solution, but is a bit more tricky if PREG_OFFSET_CAPUTRE and substr_replace() is used.

<?php

function handle_replace_thingie($matches) {
  // build a file path
  $file = '/path/to/' . trim($matches[1]);

  // do some sanity checks, like file_exists, file-location (not that someone includes /etc/passwd or something)
  // check realpath(), file_exists() 
  // limit the readable files to certain directories
  if (false) {
    return $matches[0]; // return original, no replacement
  }

  // assuming the include file outputs its stuff we need to capture it with an output buffer
  ob_start();
  // execute the include
  include $file;
  // grab the buffer's contents
  $res = ob_get_contents();
  ob_end_clean();
  // return the contents to replace the original [foo.php]
  return $res;
}

$string = "hello world, [my_include.php] and [foo-bar.php] should be replaced";
$string = preg_replace_callback('#\[([^\[]+)\]#', 'handle_replace_thingie', $string);
echo $string, "\n";

?>

回复收藏 0 原文

っ左 2024-12-16 02:07:50

使用 preg_match_all() ，你可以这样做：

$matches = array();

// If we've found any matches, do stuff with them
if(preg_match_all("/\[.+\.php\]/i", $input, $matches))
{
    foreach($matches as $match)
    {
        // Any validation code goes here

        include_once("/path/to/" . $match);
    }
}

这里使用的正则表达式是 \[.+\.php\]。这将匹配任何 *.php 字符串，因此如果用户键入 [hello]，它将不匹配。

Using preg_match_all(), you could do this:

$matches = array();

// If we've found any matches, do stuff with them
if(preg_match_all("/\[.+\.php\]/i", $input, $matches))
{
    foreach($matches as $match)
    {
        // Any validation code goes here

        include_once("/path/to/" . $match);
    }
}

The regex used here is \[.+\.php\]. This will match any *.php string so that if the user types [hello] for example, it won't match.

回复收藏 0 原文

~没有更多了~