Solved

open/edit/save text files in form text area.

Posted on 2003-11-10
3
1,910 Views
Last Modified: 2006-11-17
I am in desparate need of a page that has a list of text files that can be edited (I can do that). The page I can't do is the one to open the chosen text file (through querystring $_GET['file']) into a form textarea field, allow it to be edited, and then saved back over the top of the existing file. Preferably it would create a backup of the file it is re-saving.

Thanks.
0
Comment
Question by:ralphuk100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
snoyes_jw earned 95 total points
ID: 9716809
page1.php:

<form action="page2.php">
<input name = "fileName" type="hidden" value="<?php echo $filename?>" method="POST">
<textarea name="somecontent">
<?php
// read the file contents
$filename = $_GET['file'];
$handle = fopen($filename, 'r');
echo fread ($handle, filesize ($filename));
fclose ($handle);
?>
</textarea>
</form>


page2.php:

<?php
// backup the file
copy ($_POST'fileName'], $_POST['fileName'] . "backup");
// write over the file
$handle = fopen($filename, 'w');
fwrite($handle, $_POST['somecontent']);
fclose($handle);
?>
0
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 9716817
Sorry, the method=post should go in the form tag, not the hidden input tag, and $filename won't be defined until after the $filename = $_GET['file'], so move the hidden input tag to after the text area.
0
 
LVL 6

Expert Comment

by:aolXFT
ID: 9718153
I recommend adding a htmlentities() to snoyes_jw's code, since his has XSS vulnerabilities.

If you have a page with the following contents(although you shouldn't), it will cause problems:

##############################

</textarea>

<script language="javascript">
<!--
do_bad_evil_stuff();

//-->
</script>

##############################

You are going to have problems.

to get around this problem, you can htmlspecialchars the contents of the textarea.

replace

echo fread ($handle, filesize ($filename));

with

echo htmlspecialchars(fread ($handle, filesize ($filename)));
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question