find / grep to list files with php's short_open_tag

Reindl Harald h.reindl at thelounge.net
Fri May 10 13:02:39 UTC 2013 

Am 10.05.2013 01:52, schrieb David Beveridge:
>> [egreshko at meimei try]$ find /tmp/try -type f -name \*.php -exec grep -l -i -n -G "<?$" '{}' \;
>> /tmp/try/one.php
>>
>> The only thing worse than a poorly asked question is a cryptic answer.
>>
> So you want all the <? but not the <?php, <?xml, <?= in text files?
> 
> grep -r "<?" * | grep -v "Binary file" | grep -v "<\?php" | grep -v
> "<\?xml" | grep -v "<\?="

i finally solved it with a php-script itself using a years ago written
PHP-SPL-wrapper for recursive listing of files started in the dir the
php-cli-script is living

relevant is <? followed by space, LF, CR, TAB to catch also files with
windows or OSX line-breaks

you must not list here files containing value="<?=(int)$id?>" because this
short echo-variant is starting with PHP 5.4 always supported and no longer
in context with "short_open_tag" from php.ini

well, i found 7 files out of some thousand written in the last 10 years :-)

script and 3 test-files below
__________________________________________________________________________________

#!/usr/bin/php
<?php
 if(PHP_SAPI != 'cli')
 {
  exit('Forbidden');
 }
 require('global.inc.php');
 $fs = new rh_filesystem();
 $liste = $fs->ListFilesRecursive(/**$path*/__DIR__, /**$details*/false, /**$excludes*/array());
 foreach($liste as $file)
 {
  if($file != __FILE__ && strtolower(pathinfo($file, PATHINFO_EXTENSION)) == 'php' && is_readable($file))
  {
   $content = file_get_contents($file);
   if(strpos($content, '<? ') !== false || strpos($content, "<?\r") !== false || strpos($content, "<?\n") !== false
|| strpos($content, "<?\t") !== false)
   {
    echo $file . MY_LE;
    flush();
   }
  }
 }
?>

__________________________________________________________________________________

$fs->ListFilesRecursive() is basically this:

     $spl_objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
     try
     {
      foreach($spl_objects as $filename=>$spl_object)
      {
       if(!$spl_object->isDir())
       {
        if(DIRECTORY_SEPARATOR === "\\")
        {
         $filename = str_replace(DIRECTORY_SEPARATOR, '/', $filename);
        }
        if(substr($filename, 0, 2) === './')
        {
         $filename = substr($filename, 2);
        }
        if(empty($pattern) || !preg_match($pattern, $filename))
        {
         if(!$ignore_svn || strpos($filename, '/.svn') === false)
         {
          $enumerate_list[] = $filename;
         }
        }
       }
      }
     }
     catch(UnexpectedValueException $e)
     {
      error_log('Directory "' . $path . '" contained a directory we can not recurse into');
      return false;
     }
     sort($enumerate_list);

__________________________________________________________________________________

[harry at srv-rhsoft:/www]$ cat test-short-open-1.php
<?
 echo 'TEST';
?>
__________________________________________________________________________________

[harry at srv-rhsoft:/www]$ cat test-short-open-2.php
<?php
 echo 'TEST';
?>
<form action="<? echo "TEST"?>"></form>
__________________________________________________________________________________

[harry at srv-rhsoft:/www]$ cat test-short-open-3.php
<?
 echo 'TEST';
?>
<td>
 <?
  echo 'TEST';
 ?>
</td>
__________________________________________________________________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130510/9927c947/attachment.sig>

More information about the users mailing list