Log in

View Full Version : Disable PHP source in search results???



Iiro
05-19-2006, 11:17 AM
Hi,

I have little problem with my search script. If I search with query "password" it displays all passwords I've set in my PHP scripts. So how can I disable source-viewing in my search???

The live example is here (http://www.taikasilma.com/search/?q=password).

Twey
05-19-2006, 11:40 AM
Haha, ouch. Depends on your script. I'm guessing that you're using a command like fread(), file(), or file_get_contents() to get the data to search. Instead, you should use an output buffer and include the file, so you only get the output. I'd have to see your code to be more specific.

Iiro
05-19-2006, 12:07 PM
Ok, the code:



<?php
error_reporting(0);
if(!$_GET["q"]) {
?>
<input type="text" name="q" id="q"><input type="button" value="L&#228;het&#228;" onclick="window.location = 'index.php?q=' + document.getElementById('q').value">
<?php
}
$dir = opendir("/home/taikasilma/public_html/");

while($file = readdir($dir)) {
if($file != "." && $file != ".." && !ereg(".jpg", $file) && !ereg(".jpeg", $file) && !ereg(".gif", $file) && !ereg(".htaccess", $file)) {
$filu = file("/home/taikasilma/public_html/" . $file);
for($i = 0; $i < count($filu); $i++) {
if(eregi($_GET["q"], $filu[$i]) && $filu != "ipban.php") {
print "<a href=\"http://www.taikasilma.com/" . $file . "\">" . $file . "</a> ";
print eregi_replace($_GET["q"], "<b><u>" . $_GET["q"] . "</u></b>", $filu[$i]) . "<br/>\n";
}
}

if(eregi($_GET["q"], $filu)) {
print "<a href=\"http://www.taikasilma.com/" . $file . "\">" . $file . "</a><br/>\n";
}
}
}

closedir($dir);
?>

Twey
05-19-2006, 12:13 PM
Replace:
$filu = file("/home/taikasilma/public_html/" . $file);With:
ob_start();
include("/home/taikasilma/public_html/" . $file);
$filu = explode("\n", ob_get_contents());
ob_end_clean();

Iiro
05-19-2006, 12:36 PM
THANKS VERY MUCH FOR YOU, TWEY!!!! But how can I disable HTML source too?:confused:

Twey
05-19-2006, 01:04 PM
Use:
$filu = explode("\n", preg_replace('@<[\/\!]*?[^<>]*?>@si', "", ob_get_contents()));

Iiro
05-19-2006, 05:36 PM
Thanks again, now it works for me!