1
+ − 1
<?php
+ − 2
+ − 3
/**
+ − 4
*
+ − 5
* Embeds the results of a PHP script at render-time.
+ − 6
*
+ − 7
* @category Text
+ − 8
*
+ − 9
* @package Text_Wiki
+ − 10
*
+ − 11
* @author Paul M. Jones <pmjones@php.net>
+ − 12
*
+ − 13
* @license LGPL
+ − 14
*
+ − 15
* @version $Id: Embed.php,v 1.3 2005/02/23 17:38:29 pmjones Exp $
+ − 16
*
+ − 17
*/
+ − 18
+ − 19
/**
+ − 20
*
+ − 21
* Embeds the results of a PHP script at render-time.
+ − 22
*
+ − 23
* This class implements a Text_Wiki_Parse to embed the contents of a URL
+ − 24
* inside the page at render-time. Typically used to get script output.
+ − 25
* This differs from the 'include' rule, which incorporates results at
+ − 26
* parse-time; 'embed' output does not get parsed by Text_Wiki, while
+ − 27
* 'include' ouput does.
+ − 28
*
+ − 29
* This rule is inherently not secure; it allows cross-site scripting to
+ − 30
* occur if the embedded output has <script> or other similar tags. Be
+ − 31
* careful.
+ − 32
*
+ − 33
* @category Text
+ − 34
*
+ − 35
* @package Text_Wiki
+ − 36
*
+ − 37
* @author Paul M. Jones <pmjones@php.net>
+ − 38
*
+ − 39
*/
+ − 40
+ − 41
class Text_Wiki_Parse_Embed extends Text_Wiki_Parse {
+ − 42
+ − 43
var $conf = array(
+ − 44
'base' => '/path/to/scripts/'
+ − 45
);
+ − 46
+ − 47
var $file = null;
+ − 48
+ − 49
var $output = null;
+ − 50
+ − 51
var $vars = null;
+ − 52
+ − 53
+ − 54
/**
+ − 55
*
+ − 56
* The regular expression used to find source text matching this
+ − 57
* rule.
+ − 58
*
+ − 59
* @access public
+ − 60
*
+ − 61
* @var string
+ − 62
*
+ − 63
*/
+ − 64
+ − 65
var $regex = '/(\[\[embed )(.+?)( .+?)?(\]\])/i';
+ − 66
+ − 67
+ − 68
/**
+ − 69
*
+ − 70
* Generates a token entry for the matched text. Token options are:
+ − 71
*
+ − 72
* 'text' => The full matched text, not including the <code></code> tags.
+ − 73
*
+ − 74
* @access public
+ − 75
*
+ − 76
* @param array &$matches The array of matches from parse().
+ − 77
*
+ − 78
* @return A delimited token number to be used as a placeholder in
+ − 79
* the source text.
+ − 80
*
+ − 81
*/
+ − 82
+ − 83
function process(&$matches)
+ − 84
{
+ − 85
// save the file location
+ − 86
$this->file = $this->getConf('base', './') . $matches[2];
+ − 87
+ − 88
// extract attribs as variables in the local space
+ − 89
$this->vars = $this->getAttrs($matches[3]);
+ − 90
unset($this->vars['this']);
+ − 91
extract($this->vars);
+ − 92
+ − 93
// run the script
+ − 94
ob_start();
+ − 95
include($this->file);
+ − 96
$this->output = ob_get_contents();
+ − 97
ob_end_clean();
+ − 98
+ − 99
// done, place the script output directly in the source
+ − 100
return $this->wiki->addToken(
+ − 101
$this->rule,
+ − 102
array('text' => $this->output)
+ − 103
);
+ − 104
}
+ − 105
}
+ − 106
?>