Thanks for the read.
Javascript php lib.
Moderator: General Moderators
Javascript php lib.
Is there already or what's your oppinion on making a Javascript library call php, which empliments the php language in a global scoped object: PHP.properties/methods?
Thanks for the read.
Thanks for the read.
Right now I have something that may be a start on this concept.
Javascript lib:
I'm using jQuery right now just for quick coding.
Basically it works but stripslashes is totally not appropriate. I used it be cause when ever I place quotes within the argument of php.eval ( php.eval("exit('hello');") ) it automatically addslashes to the qoutes and I'm not aware of any other way to prevent this.
But other then that, I came up with a basic expression of my idea for a JS library. And what do you think?
Javascript lib:
Code: Select all
php = {
eval: function (str) {
$.post("API.php", { eval:str } , function(data) {
alert("Data Loaded: " + data);
});
}
};
Code: Select all
<?php
if ($_POST['eval'])
{
$eval = stripslashes($_POST['eval']);
eval("$eval");
}
else
{
exit("no eval");
}
?>But other then that, I came up with a basic expression of my idea for a JS library. And what do you think?
might as well implemented like this
http://thedailywtf.com/Articles/Client-side_PHP.aspx
punishable by death
http://thedailywtf.com/Articles/Client-side_PHP.aspx
punishable by death
How would people have access to write on the server in the first place? I don't understand? You'd need to use the "php.eval()" method to execute something, on the server on the fly (which is what intended). Even then you need to be able to write that on that somewhere on the site. I don't see what the difference is between using Ajax to call a page on the server?feyd wrote:Because you're compromising the security of a server, any server, knowingly. That is completely irresponsible.
And you still could implement the php object not to be used in certain circumstances.
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
I can't believe I just read this... If you owned a hosting company, would you care if one of your clients used a script like this on your server?JellyFish wrote:Only on the server that the API.php file is hosted on. Why would that server be mine exactly? Why would I need to worry if that server is not mine?Not to mention that using eval() would allow anyone to run arbitrary code... not a good idea.
If you still don't care, then you need serious help...
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
It is unbelievably trivial to inject your own javascript into any site you want... Javascript is run in userland, a land where monsters and wizards are always lurking, waiting for a script such as this to have fun with...
<edit>
It is probably easier to directly inject php code into the POST request.
</edit>
<edit>
It is probably easier to directly inject php code into the POST request.
</edit>
I see now. Didn't realize at the time of creating this post that one could use a tool like firebug to write client script on any web page.
So I thought that maybe through a php function you could active this javascript lib and let there be a function that deactivates it! Then only those with server access could write in this library. Is this a solution?
So I thought that maybe through a php function you could active this javascript lib and let there be a function that deactivates it! Then only those with server access could write in this library. Is this a solution?
-
nickvd
- DevNet Resident
- Posts: 1027
- Joined: Thu Mar 10, 2005 5:27 pm
- Location: Southern Ontario
- Contact:
the best solution would be to send off an ajax request with the data you want to send to the php script, which will preform the function that you tell it (thru GET or POST depending on the use).
Send a request such as: ajax.php?command=getbook&id=4
Which would activate the getbook function in ajax.php..
Send a request such as: ajax.php?command=getbook&id=4
Which would activate the getbook function in ajax.php..