Comparing revisions for ShowCsv
- [4649] 2005-01-15 16:48:43 by NilsLindenberg (unregistered user) [code changes + security holes added]
- [17004] 2007-05-31 23:27:40 by NilsLindenberg (unregistered user) [Reverted]
Additions:
""{{showcsv file="uploads/file" seperator="," header="on"}}""
''use this only with trusted files or not at all till the two possible security holes are closed (see below)!''
- ++allow only *.csv files++
- big security hole: cause the content of the file is renderd with the html-code of the page, you can add html-code (and surely php/javascript too). Question for a solution in ProgrammingHelp
- look for the difference of excel *.csv and normal csv
- possibility of sorting the entries?
* @author mjwilco at yahoo dot com
* @author Stefan Lindenberg (http://wikka.jsnx.com/NilsLindenberg)
* file string mandatory the name of the file which should be shown (without the .csv ending)
* delimeter char optional the delimeter of the entries in the csv-file. standard is ","
* header string optional if set to "on", the first entry will be used as header. Standard is "off".
//parameters
$file = $vars['file'].".csv";
if ($vars['seperator']) $seperator = $vars['seperator'];
else $seperator = ",";
else $header = "off";
if (file_exists($file))
$id = fopen($file, "r");
while ($data = fgetcsv($id, filesize($file), $seperator))
{
$line[] = $data; //put each line into its own entry in the $table array
}
fclose($id);
//print the table
echo "<table border=1>\n";
//first entry handeld seperate, possible header
echo "<tr>\n";
for ($i = 0; $i<count($line); $i++)
{
if ($header == 'on') echo "<th>";
else echo "<td>";
echo $line[0][$i];
if ($header == 'on') echo "</th>\n";
else echo "</td>\n";
}
echo "</tr>\n";
for($j=1;$j<count($line);$j++)
{
for ($k=0; $k<count($line[$j]);$k++)
echo "<td>";
echo $line[$k][$j];
echo "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
else print("File .".$file.". not found.");
table="<TR>";
if (inputs.containsKey(args[compt])) table+="<TD> <INPUT type=text size=8 value="+temp+" ></TD>";
else table+="<TD>"+temp+"</TD>";
if (inputs.containsKey(args[compt])) table+="<TD> <INPUT type=text size=8 value="+value.substring(1,value.length()-1)+" ></TD>";
else table+="<TD>"+value.substring(1,value.length()-1)+"</TD>";
table+="</TR>";
str += "<TD>"+args[i]+"</TD>";
str+= "</TR>";
result[0] += "</TABLE>";
<SCRIPT LANGUAGE="JavaScript">
</HEAD>
<BODY>
~&All that said, it may not be so hard to translate the code from Java to PHP, and would welcome a proposal so we can compare the two alternatives in the same language. --JavaWoman (who is not a Java expert ;-))
''use this only with trusted files or not at all till the two possible security holes are closed (see below)!''
- ++allow only *.csv files++
- big security hole: cause the content of the file is renderd with the html-code of the page, you can add html-code (and surely php/javascript too). Question for a solution in ProgrammingHelp
- look for the difference of excel *.csv and normal csv
- possibility of sorting the entries?
* @author mjwilco at yahoo dot com
* @author Stefan Lindenberg (http://wikka.jsnx.com/NilsLindenberg)
* file string mandatory the name of the file which should be shown (without the .csv ending)
* delimeter char optional the delimeter of the entries in the csv-file. standard is ","
* header string optional if set to "on", the first entry will be used as header. Standard is "off".
//parameters
$file = $vars['file'].".csv";
if ($vars['seperator']) $seperator = $vars['seperator'];
else $seperator = ",";
else $header = "off";
if (file_exists($file))
$id = fopen($file, "r");
while ($data = fgetcsv($id, filesize($file), $seperator))
{
$line[] = $data; //put each line into its own entry in the $table array
}
fclose($id);
//print the table
echo "<table border=1>\n";
//first entry handeld seperate, possible header
echo "<tr>\n";
for ($i = 0; $i<count($line); $i++)
{
if ($header == 'on') echo "<th>";
else echo "<td>";
echo $line[0][$i];
if ($header == 'on') echo "</th>\n";
else echo "</td>\n";
}
echo "</tr>\n";
for($j=1;$j<count($line);$j++)
{
for ($k=0; $k<count($line[$j]);$k++)
echo "<td>";
echo $line[$k][$j];
echo "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
else print("File .".$file.". not found.");
table="<TR>";
if (inputs.containsKey(args[compt])) table+="<TD> <INPUT type=text size=8 value="+temp+" ></TD>";
else table+="<TD>"+temp+"</TD>";
if (inputs.containsKey(args[compt])) table+="<TD> <INPUT type=text size=8 value="+value.substring(1,value.length()-1)+" ></TD>";
else table+="<TD>"+value.substring(1,value.length()-1)+"</TD>";
table+="</TR>";
str += "<TD>"+args[i]+"</TD>";
str+= "</TR>";
result[0] += "</TABLE>";
<SCRIPT LANGUAGE="JavaScript">
</HEAD>
<BODY>
~&All that said, it may not be so hard to translate the code from Java to PHP, and would welcome a proposal so we can compare the two alternatives in the same language. --JavaWoman (who is not a Java expert ;-))
Deletions:
- class is the css-class for the table. Standard is csvtable.
''use this only with trusted files or not at all till the possible security hole are closed (see below)!''
- add "csvtable" css
- documentation!!
==Notes==
- The file now requieres the HandleCsvData library.
- html tags in a csv-file are stripped (note that everything between <?php ?> will not be shown, too)
*
* @param string file mandatory: the name of the file which should be shown
* @param char delimeter optional: the delimeter of the entries in the csv-file. Standard is ","
* @param ? header optional: if set to "on", the first entry will be shown strong. Standard is "off";
require_once('library/handlecsvdata.php');
// ***Get the params ***
$header= 'off';
$separator = ",";
$filename = $vars['file'].".csv";
$tableclass = $vars['tableclass'];
if ($vars['separator']) $separator = $vars['separator'];
// *** Get the data and print the table ***
if (is_array($table = GetCsvData($filename, $separator, $tableclass))) PrintCsvTable($table, $header);
table="<tr>";
if (inputs.containsKey(args[compt])) table+="<td> <INPUT type=text size=8 value="+temp+" ></td>";
else table+="<td>"+temp+"</td>";
if (inputs.containsKey(args[compt])) table+="<td> <INPUT type=text size=8 value="+value.substring(1,value.length()-1)+" ></td>";
else table+="<td>"+value.substring(1,value.length()-1)+"</td>";
table+="</tr>";
str += "<td>"+args[i]+"</td>";
str+= "</tr>";
result[0] += "</table>";
<script LANGUAGE="JavaScript">
</head>
<body>
~&All that said, it may not be so hard to translate the code from Java to PHP, and would welcome a proposal so we can compare the two alternatives in the same language. --JavaWoman (who is not a Java expert ;-))
----
CategoryUserContributions
