Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: I hate this...

  1. #1
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    211
    Thanks
    52
    Thanked 1 Time in 1 Post

    I hate this...

    I am working on a php/html page that loads various script and web related files to edit
    in a textarea element in the page. I have about a half a dozen javascript, css, and php files
    that I can work on with this. All of the php files will load into the textarea as raw code without
    problem, ACCEPT ONE which over runs the textarea splatters code all over the page, which is
    driving the browser crazy trying to interpret it as html. I cannot find the source of the problem.

    If anyone has enough experience with this type of problem, maybe you can clue me in: I will
    include browser view source. This does not show you the extent of the mess, but you will see
    numerous instances of php code that should not appear (see edit) out side of the textarea.
    browser Firefox 9x, on Mac OSX with pre installed Apache server on local Mac OSX dev server.
    edit: Actually, looking this over, it does not even show anything that would be a miss, in looking
    it over carefully, all the php code actually is inside of the textarea field. (is there a way to post
    a screen shot?)
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <title>
    Lab 0
    </title>
    <link rel="stylesheet" type="text/css" href="css/lab.css" media="screen" />
    <!--
    <script type="text/javascript" src="duh.js">
    </script>
    <script type="text/javascript" src="<so what? >.js">
    </script>
    -->
    <script type="text/javascript" src="js/lab.js">
    </script>
    <script type="text/javascript">
    //<![CDATA[
    var jsTest = "lab_editor.php";
    var lab_0 = '';
    window.onload = function()
           {
            if(jsTest)
              {
               console.log(jsTest);
              }
            lab_0 = new _LAB_0();
            lab_0.init();
           }
    //]]>
    </script>
    </head>
    <body>
    <form name="script" id="script" action="lab_interface.php" method="post">
    <div class="panel">
    
    <p class="title">lab 1</p>
    <p class="norm">To work with call back functions and variable variabes and variable functions</p>
    <hr />
    <pre class="norm"><a href="http://www.codingforums.com/">Lab Home</a>  <a href="./">Local</a></pre>
    <hr />
    <a href="http://www.codingforums.com/dummy.php">Reload</a>
    
    <pre class="norm">
    Edit script
    <textarea id="str" name="str" rows="20" cols="75"><?php
    /*
    new file created by lab_0 script on Tuesday 8th of April 2014 10:27:22 PM
    As reconstruction of original that was trashed by script errors.
    test edit: working. fopen and/or fread doesn't seem to like ./ prepended to file name 
    
    4/9/2014
    Assembling preliminary markup and script form lab_0 index. The idea is to load
    code into this page from index via a js event that opens this in a separate window
    with get query indicating what file to load.
    
    Got lab_0.php in use, to the extent of displayingbfile contents for editing.
    Now, I am pondering dual use for this file. 
    edit mode will display contents in textarea
    view mode will format files for display.
    Then the file has to submit to itself after initial load to decide what mode
    to use and what actions to take.
    View mode would display a button to load for edit.
    Edit mode would display buttons for write and view
    There should be a js close button.
    -- ALSO --
    request source screening limits to lab_0/index.php and fileSelf.
    
    Removed from comments block
    Comments:
    4/9/2014
    Assembled from elements of lab_0 index.
    
    So, I'm about ready to implement the show code. As it is, a reload with get is necessary.
    But it might be more efficient to load both versions into document and alternate display of
    mode.
    The current state is either/or where the write processing has yet to be added to lab_0.php
    and implemented here. So far, so good.
    
    4/10/2014
    The write functions are working. 
    I added indication of file owner and current perms. Added style to data string and revised
    if(GET || POST) condition to set display variables only if source request includes GET || POST;
    as a quick and dirty screening technique. Even the close button is not displayed in this
    situation because javascript will not close windows it did not open.
    Serious problem with loading the lab_editor.php file into itself in edit mode, A real NO NO
    so had to add screening compare requested file to $_fileSelf; ALTHOUGH, it seems I had it
    working without splattering source code all over the page and view source window source.
    STILL this editor script should not be used to edit itself. Found a break; missing from
    a switch block case, but that did not improve the situation.
    */
    $_fileSelf = basename($_SERVER['PHP_SELF']);
    if($_fileSelf == 'index.php')
      {
       $_fileSelf = './';
      }
    
    $_current = '';
    $_editor = '';
    $_fileStr = '';
    $_mode = '';
    $_reSub = '';
    $_perms = '';
    $_owner = '';
    $_hidden = "";
    $_editMode = "";
    $_editModeButtons = "";
    $_viewMode = "";
    $_viewModeButtons = "";
    $_buttons = '';
    $_color = "";
    $_dataStr = "";
    $_closer = '';
    $_title = "";
    $_tmp = array();
    if($_GET || $_POST)
      {
       if($_GET['doFile'])
         {
          $_reSub = $_GET['doFile'];
          $_tmp = explode('-', $_GET['doFile']);
         }
       else if($_POST['doFile'])
         {
          $_jsTest = $_POST['doFile'];
          $_reSub = $_POST['doFile'];
          $_tmp = explode('-', $_POST['doFile']);
         }
       require('php/madeFiles.php');
       if($_added[$_tmp[1]])
         {
          $_perms = substr(sprintf('%o', fileperms($_added[$_tmp[1]])), -4);
          switch($_tmp[0])
            {
             case 'UED':
             $_mode = 'Edit';
             break;
             case 'SH':
             $_mode = "Display";
             break;
             case 'CMT':
             $_mode = "Display";
             break;
            }
          $_current = $_added[$_tmp[1]];
          require('php/lab.php');
          if($_GET)
            {
             $_editor = new _LAB($_GET);
            }
          else if($_POST)
            {
             $_editor = new _LAB($_POST);
            }
          $_owner = $_editor::getOwner($_added[$_tmp[1]]);
          $_canEdit = true;
          if($_tmp[1] == $_fileSelf)
            {
             $_canEdit = false;
            }
          $_fileStr = $_editor->caller();
          $_hidden = "<input type=\"hidden\" id=\"act\" name=\"act\" value=\"\" />";
          $_hidden .= "<input type=\"hidden\" id=\"doFile\" name=\"doFile\" value=\"".$_reSub."\" />";
          if($_canEdit)
            {
             $_editMode = "<pre class=\"norm\"><textarea id=\"FT\" name=\"FT\" rows=\"50\" cols=\"150\">".$_fileStr."</textarea></pre>\n";
            }
          else
            {
             $_editMode = "<pre class=\"norm\">This editor cannot be used to edit itself</pre>\n";
            }
          $_editModeButtons = "<input type=\"button\" id=\"commit\" value=\"Write\" />   <input type=\"button\" id=\"show\" value=\"Show\" />\n".$_hidden;
          $_viewMode = "<pre class=\"norm\">".$_fileStr."</pre>\n";
          $_viewModeButtons = "<input type=\"button\" id=\"edit\" value=\"Edit\" />\n".$_hidden;
          $_buttons = '';
          $_closer = "<input type=\"button\" id=\"closer\" value=\"Close Window\" />";
          $_title = "Lab 0 file editor";
          switch($_mode)
             {
              case 'Edit':
              $_buttons = $_editModeButtons;
              break;
              case 'Display':
              $_buttons = $_viewModeButtons;
              break;
             }
          $_color = "#009900";
          $_dataStr = "\n<span style=\"color:".$_color."\">File:</span> ".$_current." -- <span style=\"color:".$_color."\">Mode :</span>".$_mode." -- <span style=\"color:".$_color."\">owner:</span> ".$_owner." -- <span style=\"color:".$_color."\">access perms:</span> ".$_perms."\n";
         }
       else
         {
          $_error = $_tmp[1]." not found";
         }
      }
    else
      {
       $_dataStr = "not available to request source";
      }
    ?>
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <title>
    Lab 0 File Editor
    </title>
    <link rel="stylesheet" type="text/css" href="css/lab.css" media="screen" />
    <!--
    <script type="text/javascript" src="duh.js">
    </script>
    <script type="text/javascript" src="<so what? >.js">
    </script>
    -->
    <script type="text/javascript" src="js/lab_editor.js">
    </script>
    <script type="text/javascript">
    //<![CDATA[
    var jsTest = "<?php print $_jsTest; ?>";
    var lab = '';
    window.onload = function()
           {
            if(jsTest)
              {
               console.log(jsTest);
              }
            lab = new _EDITOR();
            lab.init();
           }
    //]]>
    </script>
    </head>
    <body>
    <form name="script" id="script" action="<?php print $_fileSelf; ?>" method="post">
    <div>
    
    <pre class="norm"><?php print $_title."  ".$_closer."  ".$_buttons."  ".$_dataStr; ?></pre><hr />
    <div style="height:700px;overflow:auto">
    <?php
    if($_mode)
      {
       switch($_mode)
         {
          case 'Edit':
          print $_editMode;
          break;
          case 'Display':
          print $_viewMode;
          break;
         }
      }
    ?>
    </div>
    </div>
    </form>
    <br class="stack" /><br class="stack" />
    <div style="padding-left:20px">
    </div>
    </body>
    </html></textarea>
    <input type="button" id="write" value="Write" />   <input type="button" id="showScript" value="Show Script" />  Add to existing <input type="checkbox" id="addTo" name="addTo" value="true" /> <input type="button" id="show" value="Load Script" />
    <input type="hidden" id="act" name="act" value="" />
    
    <input type="hidden" id="loaded" name="loaded" value="lab_editor.php" />
    
    </pre>
    
    </div>
    <div class="panelOF">
    <pre class="norm">
    Enter file name and suffix without path to create file in suffix dir,
    or use path &quot;./&quot; for top placement:
    <input type="button" id="newFile" value="Make file named" /><input type="text" id="newTxt" name="newTxt" value="" />
    
    Files Made:
    
    </pre><table><tr><td><pre class="norm">Edit   </pre></td><td><pre class="norm">Use Editor   </pre></td><td><pre class="norm">Show   </pre></td><td><pre class="norm">Set perms   </pre></td><td><pre class="norm">current perms   </pre></td><td><pre class="norm">File Name  </pre></td></tr>
    
    <tr> <td><input type="radio" id="ED-madeFiles" name="ED-madeFiles" value="Edit" /></td> <td><input type="radio" id="UED-madeFiles" name="UED-madeFiles" value="" /></td> <td><input type="radio" id="SH-madeFiles" name="SH-madeFiles" value="Show" /></td> <td><input type="radio" id="PRM-madeFiles" name="PRM-madeFiles" value="set" /></td> <td>0666</td><td>index: madeFiles</td></tr>
    <tr> <td><input type="radio" id="ED-lab.js" name="ED-lab.js" value="Edit" /></td> <td><input type="radio" id="UED-lab.js" name="UED-lab.js" value="" /></td> <td><input type="radio" id="SH-lab.js" name="SH-lab.js" value="Show" /></td> <td><input type="radio" id="PRM-lab.js" name="PRM-lab.js" value="set" /></td> <td>0666</td><td>lab.js</td></tr>
    <tr> <td><input type="radio" id="ED-lab.css" name="ED-lab.css" value="Edit" /></td> <td><input type="radio" id="UED-lab.css" name="UED-lab.css" value="" /></td> <td><input type="radio" id="SH-lab.css" name="SH-lab.css" value="Show" /></td> <td><input type="radio" id="PRM-lab.css" name="PRM-lab.css" value="set" /></td> <td>0666</td><td>lab.css</td></tr>
    
    <tr> <td><input type="radio" id="ED-lab.php" name="ED-lab.php" value="Edit" /></td> <td><input type="radio" id="UED-lab.php" name="UED-lab.php" value="" /></td> <td><input type="radio" id="SH-lab.php" name="SH-lab.php" value="Show" /></td> <td><input type="radio" id="PRM-lab.php" name="PRM-lab.php" value="set" /></td> <td>0666</td><td>lab.php</td></tr>
    <tr> <td><input type="radio" id="ED-lab_editor.php" name="ED-lab_editor.php" value="Edit" /></td> <td><input type="radio" id="UED-lab_editor.php" name="UED-lab_editor.php" value="" /></td> <td><input type="radio" id="SH-lab_editor.php" name="SH-lab_editor.php" value="Show" /></td> <td><input type="radio" id="PRM-lab_editor.php" name="PRM-lab_editor.php" value="set" /></td> <td>0666</td><td>lab_editor.php</td></tr>
    <tr> <td><input type="radio" id="ED-lab_editor.js" name="ED-lab_editor.js" value="Edit" /></td> <td><input type="radio" id="UED-lab_editor.js" name="UED-lab_editor.js" value="" /></td> <td><input type="radio" id="SH-lab_editor.js" name="SH-lab_editor.js" value="Show" /></td> <td><input type="radio" id="PRM-lab_editor.js" name="PRM-lab_editor.js" value="set" /></td> <td>0666</td><td>lab_editor.js</td></tr>
    
    <tr> <td><input type="radio" id="ED-test.php" name="ED-test.php" value="Edit" /></td> <td><input type="radio" id="UED-test.php" name="UED-test.php" value="" /></td> <td><input type="radio" id="SH-test.php" name="SH-test.php" value="Show" /></td> <td><input type="radio" id="PRM-test.php" name="PRM-test.php" value="set" /></td> <td>0666</td><td>test.php</td></tr>
    </table>
    <pre class="norm">
    <input type="hidden" id="doFile" name="doFile" value="" /><input type="hidden" id="setPerms" name="setPerms" value="" />
    </pre>
    <div id="code">
    </div>
    </div>
    </form>
    <br class="stack" /><br class="stack" />
    
    <div style="padding-left:20px">
    <pre class="norm">
    Comments:
    4/5/2014
    Since this file was originally made by dev lab interface script and was not assigned
    a creation date indication...
    I should add script to include a time stamp on creation of lab index file of new labs
    I created a configuration file for this lab so the lab name would be available to it
    on load, instead of hard coding it as the title in the index file itself. 
    A situation is going to pop up with labs, since they are created from template by
    scipts, the directories and initial files will all be owned by the server user,
    every new lab should have a facility, as this one does, for running arbitraty scripts,
    as this one now has. Which expands to: all labs should include these scripts as proto
    typical to the lab template.
    Added code to default textarea input to runner.php if user enters script into field
    without file content loaded. But there should be input screening, at least a js confirm
    dialog.
    Fixed problem with repeated reloads accumulating extraneous text attached to title string.
    (removed ?reload=lab_0 from index and ?reload=$_GET['reload'] from dummy.php header arg...
    The browser seems to be caching these requests in a static variable )
    
    4/6/2014
    Working with editing the lab_0.js file to add and remove an alert dialog. The runner.php
    file needs to display line numbers to make it easier to locate parse and other errors.
    Developing code to display php scripts with line numbers. It is no easy task because of
    the markup pattern php generates with highlight_file(). It needs messaging with regex,
    which I have partially got working with the runner.php file as a test/development case.
    The madeFiles.php script was much simpler.
    I could work up a custom syntax highlighting system but I will need a raw list of all
    the builtin function names, reservered words and punctuation....
    O.K., I am done fussing around and tweaking. The formatting looks well enough. I am
    curious about loop producing file contents with line numbers (not from highlight_file)
    0 has to have 3 spaces after it to get the pipe to line up with the rest of the line numbers,
    whereas 1 - 9 only need one space, and 10 needs no spaces ( as 1-0 ??)
    
    4/7/2014
    Features to add:
    1: Set file list in a table with edit show and set perms columns
    Each row will have a radio set for the various instructions.
    2: Rewrite textarea loading code to include original version of text to edit
       so the original text can be a replacement target. 
    3: Reformat executable php and javascript files to have explode target string
       for the sake of replacement of targeted sections.
    // split ->
    with a sub split string for functions: // functions ->
    each section would have a addTo string that should be unique.
    
    Wrote in options for displaying and changing permissions for made files. I posted
    query to codingforums and while waiting for a response, I decided that the way
    to convert permissions as string input to useable number was to write a script
    file and writting it as a value assigned a variable without quotes. Then when
    the script is written, it is required and the value read (now being interpreted
    as a number). Then I found settype(). But this seems to convert the string to
    the decimal representation of the permissions string; 0666 becomes 666. So the
    file writing approach seems to be simpler, since the decimal value would have
    to be converted to the analogous octal value (more juggling).
    
    4/8/2014
    Revised file write script to just overwrite files from text input. No real
    need to create a bunch of string replace strings, as long as I don't remove
    the header. For that matter, the creation date can be added to the $_added
    array in madeFiles.php.
    </pre>
    </div>
    </body>
    </html>
    Last edited by anotherJEK; 04-11-2014 at 07:13 AM. Reason: further inspection

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    This is real ugly to read.
    Since you specified that this is the result of the source, than the problem is quite clear. The HTML hasn't been replaced into the proper special characters; <textarea> doesn't grant any special treatment of data between it, if its HTML it will be treated as HTML.
    Whatever is creating the data must be captured and filtered through htmlspecialchars to convert the HTML into characters that can be displayed in a textarea.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    211
    Thanks
    52
    Thanked 1 Time in 1 Post

    Yes it is ugly, very ugly

    edit: I have been testing this and the only thing SO FAR that I found was that:
    the only element a html textarea field doesn't want inside of itself is another textarea tag set,
    even if it sees it embedded in quotes in php script. (so far testing is exclusively in Firefox 9.x)

    edit 2: I have been narrowing this down to the closing </textarea> tag. It looks like the browser
    is looking ahead for that and freaks out when it sees one. If I leave it out, the file text loads into
    the textarea field of the host html completely, without problems (with trivial trial cases used for testing).

    edit 3: Bingo, it is the slash in the closing </textarea> tag. If the code that fetches the file for display
    in a form textarea field, it should do replacement of / with \/ in the closing textarea tags in file contents:
    I.E. escape it.
    To be on the safe side, I used str_replace('</text', '<\/text', <code file string>) with the knowledge that
    the only html tag that is going to have 'text' in its closing tag is a textarea element. To make this more
    universal, I would use preg_replace for cases where there may be upper and lower case instances of /text

    The reason I was expecting this to work is that I have an app in progress that loads php script files, javscript files, and css files
    without complaint and particularly, the php scripts are NOT escaped (unless the server and browser conspire to encode and decode
    it on receipt). I can edit the code and send it back to the server to have it saved without any problem.
    The only difference with this file is that it contain raw html markup.
    In addition, THIS forum seems to be able to load raw html into what appear to be textarea fields with out the browser freaking out.
    SO, I strongly suspect that it is possible. I am a bit of control freak and am working on my own solution in php and javascript so
    I won't ask for code. I suspect that if I suspend the assignment of the file string to the textarea field value with javascript untill
    the document has finished loading, it won't complain.

    sorry to put you through this.
    Last edited by anotherJEK; 04-12-2014 at 10:18 PM. Reason: further info


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •