Disable PHP source in search results???

[Iiro]

Hi,

I have little problem with my search script. If I search with query "password" it displays all passwords I've set in my PHP scripts. So how can I disable source-viewing in my search???

The live example is here.

[Twey]

Haha, ouch. Depends on your script. I'm guessing that you're using a command like fread(), file(), or file_get_contents() to get the data to search. Instead, you should use an output buffer and include the file, so you only get the output. I'd have to see your code to be more specific.

[Iiro]

Ok, the code:

Code:

<?php 
error_reporting(0);
if(!$_GET["q"]) {
?>
<input type="text" name="q" id="q"><input type="button" value="L&#228;het&#228;" onclick="window.location = 'index.php?q=' + document.getElementById('q').value">
<?php 
}
$dir = opendir("/home/taikasilma/public_html/");

while($file = readdir($dir)) {
	if($file != "." && $file != ".." && !ereg(".jpg", $file) && !ereg(".jpeg", $file) && !ereg(".gif", $file) && !ereg(".htaccess", $file)) {
		$filu = file("/home/taikasilma/public_html/" . $file);
			for($i = 0; $i < count($filu); $i++) {
				if(eregi($_GET["q"], $filu[$i]) && $filu != "ipban.php") {
					print "<a href=\"http://www.taikasilma.com/" . $file . "\">" . $file . "</a> ";
					print eregi_replace($_GET["q"], "<b><u>" . $_GET["q"] . "</u></b>", $filu[$i]) . "<br/>\n";
				}
			}

		if(eregi($_GET["q"], $filu)) {
			print "<a href=\"http://www.taikasilma.com/" . $file . "\">" . $file . "</a><br/>\n";
		}
	}
}

closedir($dir); 
?>

[Twey]

Replace:

Code:

		$filu = file("/home/taikasilma/public_html/" . $file);

With:

Code:

		ob_start();
		include("/home/taikasilma/public_html/" . $file);
		$filu = explode("\n", ob_get_contents());
		ob_end_clean();

[Iiro]

THANKS VERY MUCH FOR YOU, TWEY!!!! But how can I disable HTML source too?

[Twey]

Use:

Code:

		$filu = explode("\n", preg_replace('@<[\/\!]*?[^<>]*?>@si', "", ob_get_contents()));

[Iiro]

Thanks again, now it works for me!