On 16/01/2008, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
> Tom Chubb schreef:
> > Can anyone tell me how to wrap the results of highlight_file so it
> > doesn't mess up the size of my table div?
>
> use CSS to control the visual display in the browser.
> not to mention that 'table div' doesn't make much sense as a concept.
>
> probably you'll want to do something with the CSS property 'overflow'.
>
> > I tried the following and doesn't work!
> >
> >
> > if ($ext == "phps") {
> > $showcode = highlight_file($pathtoscripts . $_GET['file']);
>
> you are not santizing the request data, you need to be doing something
> like the following (maybe someone else can check my example and
> offer even better sanitizing code?):
>
>
> $file = basename($_GET['file']);
>
> if (!$file) die('nice try');
>
> $ext = explode('.', $file);
> $ext = array_pop($ext);
>
> if ($ext != 'phps') die('nice try');
>
> $file = $pathtoscripts . basename($_GET['file']);
>
> if (is_dir($file) || !is_readable($file)) die('nice try');
>
>
>
> > echo wordwrap($showcode, 70);x
> > } else {
> > echo "Nice try, but you are not authorised to view the source of
> > files with a $ext extension! ;)\n";
> > }
> >
> > Thanks,
> >
> > Tom
> >
>
>
Jochem,
Thanks for that. So presumably it's not possible to do it in PHP?
Haven't come across array_pop before - that's much quicker than what I
was doing before. Thanks :)
And thanks for the pointers about sanitizing. That was my next step!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
