hi all
I'm trying to do the following:
a user can log in on a site where he/she can change the contents of a css-stylesheet
file with the aid of forms.
The results of the form input are used to wrie a css file on the webserver which later
will be used in the HTML files of the website.
I know how to read/write to the server. But after the action I have to chmod the file
which was created. I don't want users to input php code or perl code which can then be
executed by calling the url....Anybody knows how to do this?
In the example file below I use the chmod function. I tried nearly every value (not
only 0777), but still you are able to enter php code, goto the url and ...voila the
script is executed.
Any ideas would be most welcome.
Wilbert
//start of
fwrite.php--------------------------------------------------------------------------
<?php
//this file is called write.php
global $filename,$filecontent;
if (!(isset($stage)))
{
if (file_exists("$filename") and ($filename<>""))
{
$fd=fopen("$filename", "r");//open file read only
$fstring=fread($fd,filesize($filename));
}
?>
<html>
<body>
<form action="fwrite.php" method="post" name="writefile" id="writefile">
<input type="hidden" name="stage" value="1">
<input type="text" name="filename" value="<?php echo "$filename"?>">file name<BR>
<textarea cols="20" rows="20" name="filecontent" id="filecontent">
<?php echo "$fstring"?>
</textarea>
<input type="submit" name="submit" value="save to file">
</form>
<a href="<?php echo "$filename"?>"><?php echo "$filename"?></a>
</body>
</html>
<?php
}
else
{
$fd2=fopen("$filename", "w+");//open file
chmod($filename,0777);
$fout=fwrite($fd2,$filecontent);
header("location:fwrite.php?filename=".$filename);
}
?>
//end of fwrite.php
-------------------------
Pas de Deux
Van Mierisstraat 25
2526 NM Den Haag
tel 070 4450855
fax 070 4450852
http://www.pdd.nl
[EMAIL PROTECTED]
-------------------------
