0

I am using this piece of code on a site of mine. If there is PHP code in the array and if you echo it, it does not run.

There is piece of code;

function spin($var){
$words = explode("{",$var);
foreach ($words as $word)
{
    $words = explode("}",$word);
    foreach ($words as $word)
    {
        $words = explode("|",$word);
        $word = $words[array_rand($words, 1)];        
        echo $word." ";

    }

}
}

$text = "example.com is {the best forum|a <? include(\"myfile.php\");?>Forum|a wonderful Forum|a perfect Forum} {123|some other sting}";
spin($text);

The file that needs to be included "myfile.php" will not be included. and the PHP codes will be visible. Why is that? How can I solve this problem?

Improve this question
8
  • 11
    You're doing something terribly wrong... Commented Jan 6, 2012 at 13:14
  • this looks remarkably similar to spin article, based on condition (not random). can you please point out the differences. Commented Jan 6, 2012 at 13:15
  • its not duplicate. I gave up on that.. now trying to modify it so I can run php. how is this duplicate ?? Commented Jan 6, 2012 at 13:17
  • It would be better if you described what's the outcome that you're trying to achieve. It's more than likely that the approach you have with the myfile.php file and all could be done much easier some other way. Commented Jan 6, 2012 at 13:20
  • Duplicate issue: if you actually read the code and my question, you will see that that was to pick one of the array based on the condition but NOT random. Original code is random. I could not find a way to do it, and thanks to a few guys that voted, I had no choice but to carry on. So, this one is to run php codes(execute) in those random arrays. The one before was to pick the array on some if/ten situation Commented Jan 6, 2012 at 13:20

3 Answers 3

Reset to default
3

I believe that you will want to run the include statement through eval(). However note that:

"The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand." (PHP.net)

SOURCE: http://php.net/manual/en/function.eval.php

You might try the following:

<?php
  function spin($var)
  {
     $words = explode("\{",$var);
        foreach ($words as $word)
        {
           $words = explode("}",$word);
           foreach ($words as $word)
           {
              $words = explode("|",$word);
              $word = $words[array_rand($words, 1)];        

              if ( preg_match( "/\<\? include\(\\\"([A-Za-z\.]+)\\\"\)\;\?\>/", $word ) )
              {
                 $file = preg_replace( "/^.*\<\? include\(\\\"([A-Za-z\.]+)\\\"\)\;\?\>.*\$/", "\$1", $word );
                 $pre = preg_replace( "/^(.*)\<\? include\(\\\"[A-Za-z\.]+\\\"\)\;\?\>.*\$/", "\$1", $word );
                 $post = preg_replace( "/^.*\<\? include\(\\\"[A-Za-z\.]+\\\"\)\;\?\>(.*)\$/", "\$1", $word );

                 echo $pre;
                 include( $file );
                 echo $post;
              }
          }
      }
   }

   $text = "example.com is {the best forum|a <? include(\"myfile.php\");?>Forum|a          wonderful Forum|a perfect Forum} {123|some other sting}";
   spin($text);
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Fair enough. I added an example of a better way of handling this to be more informative.
Very much so. An /e pattern could be shorter, but the specific and restricted expression lookup is a pretty sane eval (include and eval lead to the same internal PHP function anyway) usage. It might need ob_start/_get_clean possibly.
1

My suggestion is a bit of other way,

function spin($var){
$words = explode("{",$var);
foreach ($words as $word)
{
    $words = explode("}",$word);
    foreach ($words as $word)
    {
        $words = explode("|",$word);
        $word = $words[array_rand($words, 1)];
        if(str_replace(" ","",$word) == 'thisparam'){
            echo 'a'; 
                include("myfile.php");
            echo 'Forum';
        }else{
            echo $word." ";
        }
    }
}
}

$text = "example.com is {the best forum| thisparam |a wonderful Forum|a perfect Forum} {123|some other sting}";
spin($text);

where thisparam is you variable $test is the parameter to run the if statement. I place a str_replace infront of $word to replace strings to get exact word.

Improve this answer

Comments

0

Well it is just a string of text after all. The echo will just output the text...

I suggest you look to make use of eval http://php.net/manual/en/function.eval.php

I cant really tell why you wish to do this though. Whenever I need to use eval and friends I stop to think "Should I be doing this?"

Improve this answer

1 Comment

Thanks, but my site works on spinning the articles.. So whole content is html file, in that html there are {choice1|choice2} variations. And some of them are realy long. (long as; images/headers/comment forms/etc..) so some of them needs file includes etc.. Thats why...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.