1

I have a string, where user can add special mark, for example [include=example_file] and I would like to include "example_file.php" to the place where the mark is.

User's text can be like:

Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.

[include=contact_form] // here should be contact_form.php included

Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s

I use this, to echo user's text, now:

<?php echo $this->view['users_text']; ?>

... and new output should be like:

<?php
// echo first paragraph
include "contact_form.php";
// echo second paragraph
?>

What is the simplest way how to include files finded in those special marks?

Improve this question
6
  • Replace the placeholder with a call for the content. str_replace('[include=contact_form]', file_get_contents(....), $this->view['users_text']) or explode on the string and then echo part 1, include file, echo part 2 Commented Apr 12, 2020 at 0:52
  • str_replace() works for me only when the file does not contain php code, unfortunately Commented Apr 12, 2020 at 1:02
  • 1
    watch out for implemented LFI's [include=../../../../../etc/passwd] Commented Apr 12, 2020 at 1:05
  • Sure, I simplied this issue. There will be, of course, some kind of control, e.g. in config file will be array with allowed files to include. Commented Apr 12, 2020 at 1:08
  • Use method 2 for PHP including. Or use preg_split if contact_form is variable. Commented Apr 12, 2020 at 1:10

1 Answer 1

Reset to default
1

Be careful of LFI attacks, but to achieve this, match the placeholder with regex, loop over it, use the value to load the file within a buffer, then replace the placeholder with the buffer.

Like this:

<?php
$content = '
Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s.

[include=contact_form] // here should be contact_form.php included

Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industrys standard dummy text ever since the 1500s

[include=cat] // here should be cat.php included
';

// match 
if (preg_match_all('#\[include=(?P<name>.*?)\]#', $content, $includes)) {
    // loop
    foreach($includes['name'] as $include) {
        // buffer
        ob_start();
        //include($include.'.php'); // 😲
        echo 'I was from '.$include.'.php';
        $buffer = ob_get_clean();

        // replace
        $content = str_replace('[include='.$include.']', $buffer, $content);
    }
}

echo $content;

https://3v4l.org/qPqbI

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.