Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

eval cut off my content

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General
View previous topic :: View next topic  
Author Message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Sun Jun 24, 2018 4:16 am    Post subject: eval cut off my content Reply with quote

Hi,

I have the following html.
after using eval, the result cut off at "產品目錄" and the rest is disapper.

Anyone can help me and thanks a lot.

Stackoverflow link : https://stackoverflow.com/questions/51010267/smarty-3-fetch-method-cut-the-tail-of-my-html?noredirect=1#comment89013295_51010267

Code:
include "smarty/bootstrap.php";
   include "../config/configWebsite.php";
   include "phpmailer/PHPMailerAutoload.php";
   
   $emailSettingId = addslashes($_REQUEST["emailSettingId"]);
   $sql = "select * from emailSetting where emailSettingId ='".$emailSettingId."'";
   $setting = $db->sql($sql)->fetch();
   
   $smtp = $setting["smtp"];
   $from = $setting["email"];
   $fromName = $setting["fromName"];
   $username = $setting["username"];
   $password = $setting["password"];
   $port = $setting["port"];

   $redirect = $setting["url"];
   $email = $setting["email"];
   $subject = $setting["subject"];
   $content = $setting["content"];
   //echo $content;
   //print_r($setting);
   
   $smarty = new Smarty();
   foreach($_REQUEST as $key=>$value) {
      //echo $key;
      if ( $key != "PHPSESSID" && $key != "__zlcmid" ) {
         $smarty->assign($key,$value);
         //echo " - ".$value;
      }
      //echo "<br>";
   }
   $subject = $smarty->fetch('string:'.$subject);
   //$content = $smarty->fetch('string:'.$content);
   $content = $smarty->fetch('email.tpl');
   
   //Create a new PHPMailer instance
   $mail = new PHPMailer;
   
   $mail->CharSet = 'UTF-8';
   //Tell PHPMailer to use SMTP
   //$mail->isSMTP();
   
   //Enable SMTP debugging
   // 0 = off (for production use)
   // 1 = client messages
   // 2 = client and server messages
   $mail->SMTPDebug = 2;
   
   //Ask for HTML-friendly debug output
   $mail->Debugoutput = 'html';
   
   //Set the hostname of the mail server
   $mail->Host = gethostbyname($smtp);
   
   //Set the SMTP port number - likely to be 25, 465 or 587
   $mail->Port = $port;
   
   //Set the encryption system to use - ssl (deprecated) or tls
   $mail->SMTPSecure = 'tls';
   
   //Whether to use SMTP authentication
   $mail->SMTPAuth = true;
   
   //Username to use for SMTP authentication
   $mail->Username = $username;
   
   //Password to use for SMTP authentication
   $mail->Password = $password;
   
   //Set who the message is to be sent from
   $mail->setFrom($from, $fromName);
   
   //Set an alternative reply-to address
   $mail->addReplyTo($from, $fromName);
   
   //Set who the message is to be sent to
   $mail->addAddress($email);
   
   //Set the subject line
   $mail->Subject = $subject;
   
   //Read an HTML message body from an external file, convert referenced images to embedded,
   //convert HTML into a basic plain-text alternative body
   $mail->msgHTML($content);
   
   //Replace the plain text body with one created manually
   $mail->AltBody = 'To view the message, please use an HTML compatible email viewer!';
   
   $mail->CharSet      = "UTF-8";
   
   /* if (!$mail->send()) {
      echo "Mailer Error: " . $mail->ErrorInfo;
   } else {
      echo "Message sent!";
   } */
   
   print_r($_REQUEST);
   
   echo $content;

--- result -----
姓名: 1
電話: 3
電郵: 4
工程名稱:
工程地址: 5
工程大小Sq.m: 6
工程位置: 室外
工程性質: 翻新
材質:

石屎( 0 )
鐵器( 0 )
地台( 0 )
其他( 0 )
查詢資料:

TDS( 0 )
MSDS( 0 )
報價( 0 )
色版( 0 )
產品目錄 - 0


Last edited by cokechiu on Tue Jun 26, 2018 4:17 am; edited 2 times in total
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Sun Jun 24, 2018 9:48 pm    Post subject: Reply with quote

Don't use eval.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Mon Jun 25, 2018 3:15 am    Post subject: Reply with quote

I have also tried "string" and the result are the same.
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Mon Jun 25, 2018 2:46 pm    Post subject: Reply with quote

You didn't show anything that would warrant using either.
So, just don't use any of them.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 4:07 am    Post subject: Reply with quote

I don't understand what you mean.

I said anything wrong ?

Are you suggesting me give up smarty coz I don't know any other method to solve the problem.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 4:15 am    Post subject: Reply with quote

I have updated top post's content to show all codes that I use.
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Jun 26, 2018 6:40 am    Post subject: Reply with quote

I stopped reading at the "$sql = "select * from emailSetting where emailSettingId ='".$emailSettingId."'";"

Your code contains a ready SQL injection exploit waiting to be used.

https://xkcd.com/327/
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 7:05 am    Post subject: Reply with quote

Thanks for the advice about injection, I will correct the sql statement.

I give up smarty already. Please close this post if need, or just ignore it.

Thanks again for reading my post.
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Jun 26, 2018 7:39 am    Post subject: Reply with quote

It's like trying to use a hammer to dig, and concluding that it's a useless piece of crap because it does not move dirt well.

You're not using Smarty for anything it was intended for.
You didn't even read the documentation and any of its examples.

Your only correct use of Smarty was "$content = $smarty->fetch('email.tpl');"
Subject line, and any other header, are completely out of place, unless you enchant Smarty with specific MIME-aware tools.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 7:42 am    Post subject: Reply with quote

I am not complaining smarty, relax. I am following instruction to write code.

The point is I run out of time to further study.

Relax !!
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Jun 26, 2018 7:42 am    Post subject: Reply with quote

In my own mail sender, I've used 3 separate templates and two custom plugins and even then I'm not very happy about the results.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 7:45 am    Post subject: Reply with quote

I just want to let user customize the auto reply email with front end form.

Finally I write str_replace. It works, maybe the requirement too simple and no need to to smarty.
Back to top
View user's profile Send private message
cokechiu
Smarty Rookie


Joined: 24 Jun 2018
Posts: 8

PostPosted: Tue Jun 26, 2018 7:45 am    Post subject: Reply with quote

AnrDaemon wrote:
In my own mail sender, I've used 3 separate templates and two custom plugins and even then I'm not very happy about the results.


Why is that happen ?
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Jun 26, 2018 8:11 am    Post subject: Reply with quote

Why I'm not very pleased? Because http://tools.ietf.org/html/rfc5322 (formerly RFC 2822, formerly RFC 822) is not the shortest one and can not be implemented in just two simple filters. Even if they are shamelessly using treasure trove of existing language functionality.
There still enough underwater stones and banana peels to make your life "interesting".
In your specific case, you should use PHPMailer's own facilities to correctly format message headers.
It is not Smarty that "cuts" your data, it fully supports UTF-8 out of the box.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> General All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP