Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

create unique page

jackmaessenjackmaessen ✭✭✭
edited February 2014 in Vanilla 2.0 - 2.8

using 2.0.18.10

I am trying to make this script working on a page called "develop". I created this page with the Custompages plugin.
So what i want is when a member wants to create a project, he is referred to a unique page in which is a textarea he can create code an when submit, code is being outputted on another unique page.
I use this script for it but of course, there is a problem with the route that should be manually created.
How can i make this working?

<?php

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
// generate random code
function randomString($length = 8) {
 $str = "";
 $characters = array_merge(range('a','z'), range('0','9'));
 $max = count($characters) - 1;
 for ($i = 0; $i < $length; $i++) {
  $rand = mt_rand(0, $max);
  $str .= $characters[$rand];
 }
 return $str;
}

$code = randomString();

$naam = $_POST['naam']; 

// create page with the unique code
$fileLocation = getenv("DOCUMENT_ROOT") . "/test/".$code.".php"; // path where .php files are created
$file = fopen($fileLocation,"w");
$content = "Hello <b>".$naam."</b>;&nbsp;this is your unique page!"; //content of the page
fwrite($file,$content);
fclose($file); 

// after submit, redirect to the page
header('Location: '.$code.'.php');

} //closebracket server request
?>

Under this comes the form

Tagged:

Comments

  • SetRoute function should do what you want: https://github.com/vanillaforums/Garden/search?q=setroute&type=Code

    You could also think of dispatching the calls through your controller.

    The page you want to redirect to must have a unique id and as far as I can see you are only creating a random string. Most probably there will be no duplicates, but I would use timestamp+userid.
    If you want to create a unique page, couldn't you reuse a discussion?

  • The idea is that someone goes to your page, enters some data. That data is then stored on the server in a unique file. Which then can be executed on your server?

    The security implications of this process are too numerous to enumerate. I am not going to say you can't. I definitely suggest you don't.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • @hgtonight Yes, you have a serious point. I did not think about the security. People can use "unset" or "rmdir" and when submit destroy a lot. It was actually meant for creating a development area but i understand it is too risky. People can abuse it.

  • You might just direct them to this site: http://www.tehplayground.com/

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

Sign In or Register to comment.