[SOLVED] stopping execution of php code within a file in a broswer
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
stopping execution of php code within a file in a broswer
Hi group,
I am having a problem displaying a php file in a browser. If I just download the file, the browser executes it. So I have writting a php script to view the code but it execute the file in the browser and does not show all of the file. My script looks like this:
I am sorry, I have a very hard time understanding your problem. You want to be able to view PHP files without them being executed as PHP by the server?
If your web server is configured to execute .php files, it will execute them. You can disable the PHP module for the whole web server or a part of it. Or you can rename the php files to some other extension so that they are not executed.
If I'm misunderstanding you, please re-phrase your question.
readfile() does not execute your code provided that your $_SERVER['DOCUMENT_ROOT'] does not contain "something://". Can you paste example file and contents of received file?
My problem is not with the server, it is doing what it is supposed to. The problem is on the browser side. When the browser sees the "<?php" code in the data, it assumes that it should process that code.
If you go to: http://64.124.13.3/Fritzing/PerfBoard.htmlScroll down to "The Script" header and click on "View perf.php". When the page is loaded, there is code missing in the browser window but if you view the page source, all of the code is there. I have tried both Seamonkey ( Mozilla ) and Firefox. I am uncertain why the browser is executing any code, I thought that happened only on the server side?
All I want is to view the php code in a browser's window. I though by defining
Quote:
content="text/plain;
that would tell the browser "this is just plain text"?
Does that make my problem clearer? Sorry for the confusion.
When the browser sees the "<?php" code in the data, it assumes that it should process that code.
As an important point of clarification, the browser is not PHP aware and does not interpret or process your code. This is purely a server side function. The PHP interpreter on your server converts the code into HTML or rather generates the HTML from your PHP code. The reason your code is being executed is that any code between the <?php and ?> tags will be interpreted before it is passed through to the browser.
Your fix, reads the raw text file into strings, which you are then echoing, while the htmlspecialchars function converts things like quotes and ampersands which are part of the code, into entity references that will display in HTML (what is being echoed).
Just as a matter of interest, what are you trying to achieve that 'View Source' (or 'Source') in the browser doesn't do?
I am trying to give the user the option of viewing the php code in a browser window before downloading it. Many people are very paranoid about downloads.
As an important point of clarification, the browser is not PHP aware and does not interpret or process your code. This is purely a server side function. The PHP interpreter on your server converts the code into HTML or rather generates the HTML from your PHP code. The reason your code is being executed is that any code between the <?php and ?> tags will be interpreted before it is passed through to the browser.
Your fix, reads the raw text file into strings, which you are then echoing, while the htmlspecialchars function converts things like quotes and ampersands which are part of the code, into entity references that will display in HTML (what is being echoed).
Before this experience I would have agreed with you. Now I don't. The browser does do something with php code in a web page, as well as CSS and Java. Further testing is needed for me.
The browser does do something with php code in a web page...
Yes, it do something, but does not execute this code, bucause it just does not understand PHP, like Noway2 wrote ealier. CSS, Java (if special plugin is enabled), HTML, JS (if not blocked), but not PHP. What you saw on browser was an attempt to interpret this <?php ..... ?> as HTML tags. So, you didn't saw what was between this tags (because this is not html and was hidden), and saw the rest.
If you want to display unknown text in the browser you need to use htmlspecialchars() functions. All these special chars, like <, >, &, etc. are interpreted by browser and you did not see them like you want. Also maybe you been interested about a function highlight_file().
As you are beginner in PHP advise you to read about security, like filtering user data. For example
Code:
$prog = $_GET[ 'prog' ];
here a malicious user can read any file from your serwer.
Like eSelix and Noway2 said, php is purely a server side language.
If you try to actually deliver the php code to the browser it may try(!) to run it, but it won't know how.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.