0

I am working on a BB code system for a content manager and I want to be able to use something like [code=php]<?php echo "Hello World!"; ?>[/code] in my textarea. Using GeSHi (A syntax highlighter) I have made the following function to parse the code:

function parsecode($codetype) {
    $source = file_get_contents("file.php"); 
    $language = $codetype; 
    $geshi = new GeSHi($source, $language); 
    echo '<code class="num">', implode(range(1,count(file("file.php"))), "<br />"), "</code>"; 
    echo $geshi->parse_code();
}

This works perfectly fine!

Now this is where the BB code comes in. Using preg_replace I made a simple system that finds and replaces bits of code:

$find = array( 
  "/\[code\=(.+?)\](.+?)\[\/code\]/is"
);
$replace = array(
  '<?php parsecode("$1"); ?>'
);

Yes, for now this means it only reads the language and parses the file "file.php" but eventually I will have this work different, but that's not important for now.

What happens, is that the BB code gets executed correctly, and the result is that it does in fact execute the code, but it does NOT execute the function parsecode() . I made a small adjustment to find out where the problem is, and made it save to a file and it turns out the file contained the following: <?php parsecode("php"); ?> . Which is exactly what it should contain. When I write this line of code in the file, it executes.

Anything submitted in the textarea gets stored in a file, which is then read using fopen() and then echo'd on a different page.

My question: Why does the function not execute & parse the code like it should?

Thanks ahead!

Improve this question

1 Answer 1

Reset to default
1

There is only one way to get PHP code to execute within PHP code (change code dynamically) and that is with eval().

http://www.php.net/manual/en/function.eval.php

This let's you dynamically make code and execute it

Please remember this quote though: "If eval() is the answer, you're almost certainly asking the wrong question. -- Rasmus Lerdorf, BDFL of PHP"

eval() is known for security vulnerabilities and being exploited. Highly not recommended. However, as long as you're not using user generated code IN the eval you will be fine. You could put a return around it to get the result only in the database.

You could instead achieve the same effect by running this in the script but not replacing it before it's run in the entry but on the forum page itself...

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Sorry for the late reply, I went to sleep after an hour. So basically this is the only way to do this. In my case, I have this secured with a solid login system, but there is of course always ways around this so this is indeed discouraged. Then my question remains, how could I make this possible? How could I make a BB code structure that allows you to type [code=php]<?php echo "Hello World!"; ?>[/code] and have that rendered with the code in my original post? I am sure this is possible, but I wouldn't know how.. Thanks for your reply :)
Here's another solution: why not do the syntax highlighting client side? There a libraries like highlight.js that can do this: highlightjs.org You could then simply use javascript to do all the parsing on the client side or prepare the HTML in your processing script and simply run the HTML as it comes from the database.
I've indeed crossed highlightjs.org several times, but I wouldn't have an idea how to build that into a functional BB code :/
Alright, so where I am at now, I got it working with code-tags (in BB code) and using Highlightjs.org . Now is there any way I can add line numbers to this? I used some styling before but I can't implement that anymore now :/
If you read the doc, you can see that they deliberately lack support for line numbers. This framework supports line numbers : alexgorbatchev.com/SyntaxHighlighter Hope I've helped :)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.