如何在 PHP 中包含以字符串标记的文件?
How to include file marked in string in PHP?
我有一个字符串,用户可以在其中添加特殊标记,例如[include=example_file],我想在标记所在的位置包含"example_file.php"。
用户的文本可以是这样的:
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.
[include=contact_form] // here should be contact_form.php included
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s
我现在用这个来回显用户的文本:
<?php echo $this->view['users_text']; ?>
... 新的输出应该是这样的:
<?php
// echo first paragraph
include "contact_form.php";
// echo second paragraph
?>
包含在那些特殊标记中找到的文件的最简单方法是什么?
小心 LFI 攻击,但要实现这一点,请将占位符与正则表达式匹配,对其进行循环,使用该值在缓冲区中加载文件,然后用缓冲区替换占位符。
像这样:
<?php
$content = '
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.
[include=contact_form] // here should be contact_form.php included
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s
[include=cat] // here should be cat.php included
';
// match
if (preg_match_all('#\[include=(?P<name>.*?)\]#', $content, $includes)) {
// loop
foreach($includes['name'] as $include) {
// buffer
ob_start();
//include($include.'.php'); //
echo 'I was from '.$include.'.php';
$buffer = ob_get_clean();
// replace
$content = str_replace('[include='.$include.']', $buffer, $content);
}
}
echo $content;
我有一个字符串,用户可以在其中添加特殊标记,例如[include=example_file],我想在标记所在的位置包含"example_file.php"。
用户的文本可以是这样的:
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.
[include=contact_form] // here should be contact_form.php included
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s
我现在用这个来回显用户的文本:
<?php echo $this->view['users_text']; ?>
... 新的输出应该是这样的:
<?php
// echo first paragraph
include "contact_form.php";
// echo second paragraph
?>
包含在那些特殊标记中找到的文件的最简单方法是什么?
小心 LFI 攻击,但要实现这一点,请将占位符与正则表达式匹配,对其进行循环,使用该值在缓冲区中加载文件,然后用缓冲区替换占位符。
像这样:
<?php
$content = '
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.
[include=contact_form] // here should be contact_form.php included
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s
[include=cat] // here should be cat.php included
';
// match
if (preg_match_all('#\[include=(?P<name>.*?)\]#', $content, $includes)) {
// loop
foreach($includes['name'] as $include) {
// buffer
ob_start();
//include($include.'.php'); //
echo 'I was from '.$include.'.php';
$buffer = ob_get_clean();
// replace
$content = str_replace('[include='.$include.']', $buffer, $content);
}
}
echo $content;