[thelist] HOWTO read PHP source code into a textarea

[Christian Heilmann]

Tim Burgan wrote:

> John williams wrote:
>
>> "Rather unsafe" is probably irresponsible understatement, Christian.
>> ;-) Let's hope this script is very well segregated from the rest of
>> the internet.
>>  
>>
>
> Thanks for your replies,
>
> Can someone please explain to me the dangers that you are speaking about.
>
> I want to load a php file into a textarea which ONLY has contents like:
>
> ------START OF FILE
> <?php
> $nav[1][text] = 'Home';
> $nav[1][link] = 'index.php?urlkeyword=home';
>
> $nav[2][text] = 'Contact';
> $nav[2][link] = 'index.php?urlkeyword=contact';
> ?>
> ------END OF FILE
>
> I want to load this into a text area so I can easily add a new element 
> to the array, then overwrite the old file.
>
>
> I've never done something like this before.. so I don't know the risks.

What keep an evildoer from adding any PHP code there? A phpinfo() would 
give all the information about your PHP setup and the rest is up to his 
skills to follow.

 From a usér's prspective, why don't you keep the navigation in XML, or 
HTML instead. The syntax above is hard to maintain for Joe Average. The 
easiest option I've found is to use an HTML file that is the navigation 
(nested list, headlines and lists) and use PHP to parse it. You  can 
either allow the user to change this with an own editor or, like I did, 
use contribute and dreamweaver templates. Contribute is dead easy to 
use, the only thing I hate about it is that the user creates embedded 
HTML, there is no separation of content, structure and presentation.