Hi, I'm having problems with this module, which I think I have traced to check_plain, and inside that the use of preg_match.

Basically I'm executing a shell command, curl, to get the contents of a webpage into a variable. Testing this shows it is doing it fine. However, when I use the functions after/between/etc, depending on what strings I pass to $this and $andthis, etc I get undesirable results.

In order to replicate it, I have outputted the contents of the particular web page to a text file here:
http://home.imprison.me.uk/t/test.txt

now if i try calling the function 'after' say like so: after('Frampton', $text), I get the correct result. However if I try with a variety of other $this values, like say after('<td>', $text); it returns an empty string.

in the function after($this, $inthat, $check_plain = TRUE) the line of code that is generating the return value in this particular case is the last one:
return check_plain(substr($inthat, strpos($inthat,$this)+strlen($this)));
which returns nothing, but when I check the output of substr($inthat, strpos($inthat,$this)+strlen($this)) I get the correct result...

any ideas? otherwise what I can do is simply rewrite the functions in the API to not use the check_plain?

thanks!

Comments

crystaldawn’s picture

crystaldawn commented

The reason it uses check_plain by default is for security purposes. It's suppose to break and let you know that you are playing with potentially dangerous incoming data. The fix is to do replace what you have with this:

//Change this
after('Frampton', $text);

//To this
after('Frampton', $text, $check_plain = FALSE);

//Or this will work to
after('Frampton', $text, FALSE);

The last php line up there will set $check_plain to false and it will NOT use check_plain. The 2nd line is more readable, the 3rd line is a shorthand version of the 2nd line, and the 1st line would run everything through check_plain. When it's run through check_plain and it encounters ANY type of code, it simply returns NOTHING alerting you that some code came in through the data.

dazmcg’s picture

dazmcg commented
Status: Active » Closed (works as designed)

wow quick! thanks a lot crystaldawn for the explanation!

dazmcg’s picture

dazmcg commented
Status: Closed (works as designed) » Closed (fixed)