Partial HTML formatted text being written

Question

I have an interesting problem. I have the code below which takes $_POST['content'] and $_POST['page']. The 'content' im attempting to write is "HTML" (see below) however, the content that is being actually written is

<footer> 
        <div class="grid_16"> 
                <div class="wrapper"> 
                        <span class="right"><!-- {%FOOTER_LINK} --></span>

ie: a majority of the content is missing.

any guidance would be greatly appreciated

<?php

if (!$_POST['content'] && !$_POST['page'])
    return false;

$content = $_POST['content'];
$page = $_POST['page'];

$fp = fopen('content/'.$page, 'w');

fwrite($fp, htmlspecialchars($content));

fclose($fp);

?>

$_POST['content'] is:

<footer> 
    <div class="grid_16"> 
        <div class="wrapper"> 
            <span class="right"><!-- {%FOOTER_LINK} --></span> l
            la-panacee &copy; 2013 &nbsp;|&nbsp; 
            <a href="privacyStatement.php">Privacy policy</a>
        </div> 
    </div>
 </footer>

I edited your post a little bit to avoid possible confusion. If you found it kind of altered your intention, please edit it back. Also, try to `print_r($_POST)` to see if your PHP actually got what you think you posted. — Passerby, Jan 11 '13 at 03:51
thanks - the changes are fine. I have checked that $_POST['content'] is complete and correct. My guess is some encoding somewhere is playing up but I cant put my finger on it. — Marc Teichtahl, Jan 11 '13 at 23:00

Mr. Polywhirl · Answer 1 · 2013-01-12T23:33:02.630

0

The reason for the truncated HTML may be because there was an unencoded ampersand present in the $_POST variable.

RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax

2.2. Reserved Characters

   Many URI include components consisting of or delimited by, certain
   special characters.  These characters are called "reserved", since
   their usage within the URI component is limited to their reserved
   purpose.  If the data for a URI component would conflict with the
   reserved purpose, then the conflicting data must be escaped before
   forming the URI.

      reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" |
                    "$" | ","

   The "reserved" syntax class above refers to those characters that are
   allowed within a URI, but which may not be allowed within a
   particular component of the generic URI syntax; they are used as
   delimiters of the components described in Section 3.

edited Jan 12 '13 at 23:33

answered Jan 11 '13 at 03:45

Mr. Polywhirl

42,981
12
84
132

thanks polywhirl - the newdoc syntax isnt much help as the content comes in from a HTML form. Hence the $_POST['content']. – Marc Teichtahl Jan 11 '13 at 22:59
Yeah... sorry, your original post had `$_POST['content'] = ...`. – Mr. Polywhirl Jan 11 '13 at 23:23
Ok progress...it would seem that I had to URL encode the HTML before i write it to the file urlencode($content) the question is why ? – Marc Teichtahl Jan 12 '13 at 08:48
indeed. trying to include say for example @copy; would violate RFC2396. I assume by using urlencode() these are replaces with %XX which are compliant. – Marc Teichtahl Jan 13 '13 at 06:18

Partial HTML formatted text being written

1 Answers1