iwato Posted June 28, 2017 Share Posted June 28, 2017 BACKGROUND: I have recently created the content of an automatically generated podcast using a PHP Class that I found on a webpage found https://www.phpclasses.org/package/2957-PHP-Generate-RSS-2-0-feeds.html. Unfortunately, when I attempt to display the generated feed all that is displayed are the values of the input variables, or alternatively nothing (see (below)depending on the method of display. In short, the desired formatting -- the reason that I downloaded the PHP Class -- is missing. The page that creates the above result is a text file with a .php extension and a header( ) function. $rss_feed->encoding = 'UTF-8'; $rss_feed->version = '2.0'; $rss_feed->createFeed($rss_channel); header('Content-Type: text/xml; $rss_channel = the object that combines the formatting with the values of the input variables and their respective objects. The Class is relatively straight-forward and easily customized, but for two lines that I do not understand and could well be preventing the display of the XML code, if not properly configured. Interestingly, whether they are commented out or left in tact, they have no affect on what is displayed. $selfUrl = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on' ? 'http://' : 'https://'); $selfUrl .= $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; When I run the .php file the following message appears at the top of the completed page. Still nothing below the message appears. Also, I do not know the source of this message. it does not appear to come from the .php document. Quote This XML file does not appear to have any style information associated with it. The document tree is shown below. Now, I have not constructed a style-sheet for the Feed page, but I hardly see how this could stop the feed from appearingl Please advise. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 29, 2017 Share Posted June 29, 2017 The browser shows that message because the content type is text/xml, although you have a syntax error on that header line. I would view the source code of the page and figure out what is actually getting sent, or just comment out that header so the browser displays it normally, and check what is being sent. Make sure you also have all error messages enabled and displayed or logged. Link to comment Share on other sites More sharing options...
iwato Posted June 29, 2017 Author Share Posted June 29, 2017 OK. This is the code. I am exhausted. <?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); $host = "..."; $user = "..."; $pwd = "..."; $mysqli_obj = new mysqli($host, $user, $pwd); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $mysqli_obj->set_charset("utf8"); $db = "thege0_grammarcaptive"; $mysqli_obj->select_db($db); $tbl_name = 'rss2_podcast_channel'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY channel_pubdate DESC LIMIT 1"; $chan_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $chan_arr[$key] = $value; } } $tbl_name = 'rss2_podcast_item'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY item_pubdate DESC LIMIT 5"; $item_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $item_arr[$key] = $value; } $items[] = $item_arr; } $tbl_name = 'rss2_podcast_itunes'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY publish_date_itunes DESC LIMIT 5"; $itunes_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $itunes_arr[$key] = $value; } $itunes[] = $itunes_arr; } include('/Users/kiusau/Sites/reflexive/php_practice/libraries/rssgen2.0/rss_generator.inc.php'); $rss_feed = new rssGenerator_rss(); $atomLinkHref = '../../../../grammarcaptive.com/feed/gc_podcasts.xml'; $chan_categories = array(0 => array('domain' => '', 'name' => $chan_arr['channel_category1']),1 => array('domain' => '', 'name' => $chan_arr['channel_category2']),2 => array('domain' => '', 'name' => $chan_arr['channel_category3'])); $i = 0; $length = count($items); while ($i < $length) { foreach ($items[$i] as $key => $value) { if ($key == 'item_category1') { $item_categories[$i][$key] = array('domain'=>'','name'=>$value); } if ($key == 'item_category2') { $item_categories[$i][$key] = array('domain'=>'','name'=>$value); } if ($key == 'item_category3') { $item_categories[$i][$key] = array('domain'=>'','name'=>$value); } } $i++; } $i = 0; $length = count($itunes); while ($i < $length) { foreach ($itunes[$i] as $key => $value) { if ($key == 'itunes_category1') { $itunes_categories[$i][$key] = array('domain'=>'','name'=>$value); } if ($key == 'itunes_category2') { $itunes_categories[$i][$key] = array('domain'=>'','name'=>$value); } if ($key == 'itunes_category3') { $itunes_categories[$i][$key] = array('domain'=>'','name'=>$value); } } $i++; } $i = 0; $length = count($items); while ($i < $length) { $rss_item = new rssGenerator_item(); foreach ($items[$i] as $key => $value) { $rss_item->title = $items[$i]['item_title']; $rss_item->description = $items[$i]['item_description']; $rss_item->link = $items[$i]['item_link']; $rss_item->pubDate = $items[$i]['item_pubdate']; $rss_item->author = $items[$i]['item_author']; $rss_item->comments = $items[$i]['item_comments']; $rss_item->guid = $items[$i]['item_guid']; $rss_item->guid_isPermaLink = 'false'; $rss_item->source = 'Grammar Captive'; $rss_item->source_url = $items[$i]['item_source']; $rss_item->enclosure_url = $items[$i]['item_enclurl']; $rss_item->enclosure_length = $items[$i]['item_encllength']; $rss_item->enclosure_type = $items[$i]['item_encltype']; $rss_item->categories = $item_categories[$i]; } $rss_items[] = $rss_item; $i++; } $rss_image = new rssGenerator_image(); $rss_image->title = $chan_arr['channel_img_title']; $rss_image->url = $chan_arr['channel_img_url']; $rss_image->link = $chan_arr['channel_img_link']; $rss_image->width = $chan_arr['channel_img_width']; $rss_image->height = $chan_arr['channel_img_height']; $rss_image->description = $chan_arr['channel_img_description']; $rss_channel = new rssGenerator_channel(); $rss_channel->atomLinkHref = $atomLinkHref; $rss_channel->title = $chan_arr['channel_title']; $rss_channel->link = $chan_arr['channel_link']; $rss_channel->description = $rss_feed->cData($chan_arr['channel_description']); $rss_channel->language = $chan_arr['channel_language']; $rss_channel->copyright = $chan_arr['channel_copyright']; $rss_channel->webMaster = $chan_arr['channel_link']; $rss_channel->pubDate = $chan_arr['channel_pubdate']; $rss_channel->lastBuildDate = $chan_arr['channel_lastbuilddate']; $rss_channel->categories = $chan_categories; $rss_channel->image = $rss_image; $rss_channel->items = $rss_items; $rss_feed->encoding = 'UTF-8'; $rss_feed->version = '2.0'; $rss_feed->createFeed($rss_channel); // header('Location: gc_podcasts.xml'); $result_obj->free(); $mysqli_obj->close(); ?> Now, mind you. This identical code works in an HTML file with all kinds of HTML mark-up, but when set aside unto its own without the mark-up it fails resulting in the PHP white sheet. Link to comment Share on other sites More sharing options...
iwato Posted June 29, 2017 Author Share Posted June 29, 2017 OK. i have discovered that the include statement is failing. Still, I do not understand the statement $selfUrl = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on' ? 'http://' : 'https://'); $selfUrl .= $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; Link to comment Share on other sites More sharing options...
justsomeguy Posted June 29, 2017 Share Posted June 29, 2017 Those lines just build the URL to the running script. Link to comment Share on other sites More sharing options...
iwato Posted June 30, 2017 Author Share Posted June 30, 2017 And, where is the URL that those lines build? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 30, 2017 Share Posted June 30, 2017 If you're asking about where it is in the code, I don't know, it's not in the code you posted. If you're asking about which URL it is, it's the URL of the current PHP script. Just print it out if you want to see what it's set to. Link to comment Share on other sites More sharing options...
iwato Posted June 30, 2017 Author Share Posted June 30, 2017 Unfortunately, there is nothing to print. Catchable fatal error: Object of class rssGenerator_rss could not be converted to string in /Users/kiusau/Sites/reflexive/php_practice/libraries/rssgen2.0/gc_implemenation/rss2gen.php on line 1400 Link to comment Share on other sites More sharing options...
justsomeguy Posted June 30, 2017 Share Posted June 30, 2017 echo $selfUrl; Link to comment Share on other sites More sharing options...
iwato Posted June 30, 2017 Author Share Posted June 30, 2017 I am told that it is undefined. Link to comment Share on other sites More sharing options...
Ingolme Posted June 30, 2017 Share Posted June 30, 2017 If the assignment is happening inside a function then the variable is only accessible from inside that function. Link to comment Share on other sites More sharing options...
iwato Posted June 30, 2017 Author Share Posted June 30, 2017 This is the PHP package that I am using. And, I beginning to feel very sorry that I chose it. Simply, it appeared better documented than the others that I had viewed. <?php /* RSS Feed Generator for PHP 4 or higher version Version 1.0.3 Written by Vagharshak Tozalakyan <vagh@armdex.com> License: GNU Public License Classes in package: class rssGenerator_rss class rssGenerator_channel class rssGenerator_image class rssGenerator_textInput class rssGenerator_item For additional information please reffer the documentation */ class rssGenerator_rss { var $rss_version = '2.0'; var $encoding = ''; var $stylesheet = ''; function cData($str) { return '<![CDATA[ ' . $str . ' ]]>'; } function createFeed($channel) { $selfUrl = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on' ? 'http://' : 'https://'); $selfUrl .= $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $rss = '<?xml version="1.0"'; if (!empty($this->encoding)) { $rss .= ' encoding="' . $this->encoding . '"'; } $rss .= '?>' . "\n"; if (!empty($this->stylesheet)) { $rss .= $this->stylesheet . "\n"; } $rss .= '<!-- Generated on ' . date('r') . ' -->' . "\n"; $rss .= '<rss version="' . $this->rss_version . '" xmlns:atom="http://www.w3.org/2005/Atom">' . "\n"; $rss .= ' <channel>' . "\n"; $rss .= ' <atom:link href="' . ($channel->atomLinkHref ? $channel->atomLinkHref : $selfUrl) . '" rel="self" type="application/rss+xml" />' . "\n"; $rss .= ' <title>' . $channel->title . '</title>' . "\n"; $rss .= ' <link>' . $channel->link . '</link>' . "\n"; $rss .= ' <description>' . $channel->description . '</description>' . "\n"; if (!empty($channel->language)) { $rss .= ' <language>' . $channel->language . '</language>' . "\n"; } if (!empty($channel->copyright)) { $rss .= ' <copyright>' . $channel->copyright . '</copyright>' . "\n"; } if (!empty($channel->managingEditor)) { $rss .= ' <managingEditor>' . $channel->managingEditor . '</managingEditor>' . "\n"; } if (!empty($channel->webMaster)) { $rss .= ' <webMaster>' . $channel->webMaster . '</webMaster>' . "\n"; } if (!empty($channel->pubDate)) { $rss .= ' <pubDate>' . $channel->pubDate . '</pubDate>' . "\n"; } if (!empty($channel->lastBuildDate)) { $rss .= ' <lastBuildDate>' . $channel->lastBuildDate . '</lastBuildDate>' . "\n"; } foreach ($channel->categories as $category) { $rss .= ' <category'; if (!empty($category['domain'])) { $rss .= ' domain="' . $category['domain'] . '"'; } $rss .= '>' . $category['name'] . '</category>' . "\n"; } if (!empty($channel->generator)) { $rss .= ' <generator>' . $channel->generator . '</generator>' . "\n"; } if (!empty($channel->docs)) { $rss .= ' <docs>' . $channel->docs . '</docs>' . "\n"; } if (!empty($channel->ttl)) { $rss .= ' <ttl>' . $channel->ttl . '</ttl>' . "\n"; } if (sizeof($channel->skipHours)) { $rss .= ' <skipHours>' . "\n"; foreach ($channel->skipHours as $hour) { $rss .= ' <hour>' . $hour . '</hour>' . "\n"; } $rss .= ' </skipHours>' . "\n"; } if (sizeof($channel->skipDays)) { $rss .= ' <skipDays>' . "\n"; foreach ($channel->skipDays as $day) { $rss .= ' <day>' . $day . '</day>' . "\n"; } $rss .= ' </skipDays>' . "\n"; } if (!empty($channel->image)) { $image = $channel->image; $rss .= ' <image>' . "\n"; $rss .= ' <url>' . $image->url . '</url>' . "\n"; $rss .= ' <title>' . $image->title . '</title>' . "\n"; $rss .= ' <link>' . $image->link . '</link>' . "\n"; if ($image->width) { $rss .= ' <width>' . $image->width . '</width>' . "\n"; } if ($image->height) { $rss .= ' <height>' . $image->height . '</height>' . "\n"; } if (!empty($image->description)) { $rss .= ' <description>' . $image->description . '</description>' . "\n"; } $rss .= ' </image>' . "\n"; } if (!empty($channel->textInput)) { $textInput = $channel->textInput; $rss .= ' <textInput>' . "\n"; $rss .= ' <title>' . $textInput->title . '</title>' . "\n"; $rss .= ' <description>' . $textInput->description . '</description>' . "\n"; $rss .= ' <name>' . $textInput->name . '</name>' . "\n"; $rss .= ' <link>' . $textInput->link . '</link>' . "\n"; $rss .= ' </textInput>' . "\n"; } if (!empty($channel->cloud_domain) || !empty($channel->cloud_path) || !empty($channel->cloud_registerProcedure) || !empty($channel->cloud_protocol)) { $rss .= ' <cloud domain="' . $channel->cloud_domain . '" '; $rss .= 'port="' . $channel->cloud_port . '" path="' . $channel->cloud_path . '" '; $rss .= 'registerProcedure="' . $channel->cloud_registerProcedure . '" '; $rss .= 'protocol="' . $channel->cloud_protocol . '" />' . "\n"; } if (!empty($channel->extraXML)) { $rss .= $channel->extraXML . "\n"; } foreach ($channel->items as $item) { $rss .= ' <item>' . "\n"; if (!empty($item->title)) { $rss .= ' <title>' . $item->title . '</title>' . "\n"; } if (!empty($item->description)) { $rss .= ' <description>' . $item->description . '</description>' . "\n"; } if (!empty($item->link)) { $rss .= ' <link>' . $item->link . '</link>' . "\n"; } if (!empty($item->pubDate)) { $rss .= ' <pubDate>' . $item->pubDate . '</pubDate>' . "\n"; } if (!empty($item->author)) { $rss .= ' <author>' . $item->author . '</author>' . "\n"; } if (!empty($item->comments)) { $rss .= ' <comments>' . $item->comments . '</comments>' . "\n"; } if (!empty($item->guid)) { $rss .= ' <guid isPermaLink="'; $rss .= ($item->guid_isPermaLink ? 'true' : 'false') . '">'; $rss .= $item->guid . '</guid>' . "\n"; } /* if (!empty($item->source_url)) { $rss .= ' <source url="' . $item->source_url . '">'; $rss .= $item->source . '</source>' . "\n"; } */ if (!empty($item->source)) { $rss .= ' <source url="' . $item->source_url . '">'; $rss .= $item->source . '</source>' . "\n"; } if (!empty($item->enclosure_url) || !empty($item->enclosure_type)) { $rss .= ' <enclosure url="' . $item->enclosure_url . '" '; $rss .= 'length="' . $item->enclosure_length . '" '; $rss .= 'type="' . $item->enclosure_type . '" />' . "\n"; } foreach ($item->categories as $category) { $rss .= ' <category'; if (!empty($category['domain'])) { $rss .= ' domain="' . $category['domain'] . '"'; } $rss .= '>' . $category['name'] . '</category>' . "\n"; } $rss .= ' </channel>' . "\r"; return $rss .= '</rss>'; } } } class rssGenerator_channel { var $atomLinkHref = ''; var $title = ''; var $link = ''; var $description = ''; var $language = ''; var $copyright = ''; var $managingEditor = ''; var $webMaster = ''; var $pubDate = ''; var $lastBuildDate = ''; var $categories = array(); var $generator = ''; var $docs = ''; var $ttl = ''; var $image = ''; var $textInput = ''; var $skipHours = array(); var $skipDays = array(); var $cloud_domain = ''; var $cloud_port = '80'; var $cloud_path = ''; var $cloud_registerProcedure = ''; var $cloud_protocol = ''; var $items = array(); var $extraXML = ''; } class rssGenerator_image { var $url = ''; var $title = ''; var $link = ''; var $width = '88'; var $height = '31'; var $description = ''; } class rssGenerator_textInput { var $title = ''; var $description = ''; var $name = ''; var $link = ''; } class rssGenerator_item { var $title = ''; var $description = ''; var $link = ''; var $author = ''; var $pubDate = ''; var $comments = ''; var $guid = ''; var $guid_isPermaLink = true; var $source = ''; var $source_url = ''; var $enclosure_url = ''; var $enclosure_length = '0'; var $enclosure_type = ''; var $categories = array(); } ?> Of course, all is not lost, because I have learned a great deal about other matters in the process. Simply I have now wasted two days trying to figure out why the createFeed( ) function is not doing its job. As of yet, I still have not received a reply from the author. Link to comment Share on other sites More sharing options...
justsomeguy Posted June 30, 2017 Share Posted June 30, 2017 If you want to know what those first 2 lines in createFeed are doing, then add the echo statement after those lines to print the variable. It's not a global variable, it's only available inside that method. That code is definitely old, PHP 5 does not use var to define class properties. Link to comment Share on other sites More sharing options...
iwato Posted July 1, 2017 Author Share Posted July 1, 2017 (edited) OK. I eliminated the var keyword and am now seeing the following parsing error when I go to load the class file. Parse error: parse error, expecting `"function (T_FUNCTION)"' in /Users/kiusau/vendor/phpclasses/rssgen2_0/rss_generator.inc.php on line 20 Is it because the class name is not capitalized? Edited July 1, 2017 by iwato Link to comment Share on other sites More sharing options...
iwato Posted July 1, 2017 Author Share Posted July 1, 2017 No, it is not because of capitalization. I changed all class names to names beginning with caps. It made no difference. The error message was the same. Link to comment Share on other sites More sharing options...
Ingolme Posted July 1, 2017 Share Posted July 1, 2017 You have to replace "var" with "public," "private," or "protected", as far as I know, you can't do variable assignments directly inside a class definition. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 3, 2017 Share Posted July 3, 2017 I wasn't suggesting deleting anything, I was just pointing out that it's old code written for PHP 4. Link to comment Share on other sites More sharing options...
iwato Posted July 9, 2017 Author Share Posted July 9, 2017 (edited) I have now experimented with my third RSS library, and the same problem persists. Fortunately, I believe to have discovered the true source of the problem -- Safari and my RSS Bot feed reader. They are swallowing my code. Each time I execute a piece of software that is suppose to produce an XML/RSS document either Safari or my RSS Bot software intervenes and asks me whether I want to add it to my list of feeds. Whether I answer yes or know, when I go to open the page that results in the XML document, there is nothing there. At best, I can read the source PHP code that creates the page using PHP's show_source( ) function. Even when I perform a search on my machine for the whereabouts of the XML/RSS files that my RSS Bot software has consumed nothing appears. is there not someway for me to fool my RSS feed readers into ignoring my newly created feeds? I have been trying to automate my RSS feed creation for nearly three weeks and have learned quite a bit, but when I cannot see the result of my effort, it is very frustrating. Help! Roddy Edited July 9, 2017 by iwato Link to comment Share on other sites More sharing options...
iwato Posted July 9, 2017 Author Share Posted July 9, 2017 At minimum I have finally found an RSS Feed writer that is well assembled - FeedWriter by Anis Uddin Ahmad and Michael Bremmer. I can recommend very highly. Link to comment Share on other sites More sharing options...
iwato Posted July 14, 2017 Author Share Posted July 14, 2017 Fortunately, I have discovered a way to view my XML feed documents. I use Google's Chrome browser. I do have another question about security and the activation of my feed. BACKGROUND: For the moment I am able to generate an RSS2 feed automatically by downloading information from my website's database and processing it using the methods and properties of a PHP library called FeedWriter. The PHP document that processes my RSS2 feed resides locally and is only available to the internet when I am online. My goal is to make it available on my website's host server.CURRENT PROCEDURE 1) Upload the information required to produce a new item to a MySQL database located on my site's host server. 2) Download the information sent to the database onto my local machine and create the XML/RSS2 feed document. 3) Upload the newly produced XML/RSS2 feed document to my website. MY GOAL: What I would like to do is simply upload the information to my MySQL database and generate the new feed automatically. CONSIDERATION 1) All that is necessary to produce a new feed is to add a new entry to my database and make a call to the PHP file that creates the RSS2 feed. Once the call is made the new RSS2 feed appears in the same document window in which the PHP code that produces it resides. New header information is generated and replaces the old. 2) Were I to place the PHP document that creates the feed on my website would I be producing a security risk? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 14, 2017 Share Posted July 14, 2017 Whether or not the code has security problems depends on the actual code. Link to comment Share on other sites More sharing options...
iwato Posted July 14, 2017 Author Share Posted July 14, 2017 <?php ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); $host = "..."; $user = "..."; $pwd = "..."; $mysqli_obj = new mysqli($host, $user, $pwd); if (!$mysqli_obj->set_charset("utf8")) { printf("Error loading character set utf8: %s\n", $mysqli_obj->error); exit(); } else { $mysqli_obj->character_set_name(); } $db = "..."; $mysqli_obj->select_db($db); $tbl_name = '...'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY channel_pubdate DESC LIMIT 1"; $chan_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $chan_arr[$key] = $value; } } $chan_image = array( "title" => $chan_arr['channel_img_title'], "url" => $chan_arr['channel_img_url'], "link" => $chan_arr['channel_img_link'], "width" => $chan_arr['channel_img_width'], "height" => $chan_arr['channel_img_height'], "description" => $chan_arr['channel_img_description'] ); foreach ($chan_arr as $key => $value) { if ($key == 'channel_category1') { $chancat_name[] = $value; $chancat_domain[] = ''; } if ($key == 'channel_category2') { $chancat_name[] = $value; $chancat_domain[] = ''; } if ($key == 'channel_category3') { $chancat_name[] = $value; $chancat_domain[] = ''; } } $tbl_name = '...'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY item_pubdate DESC LIMIT 5"; $item_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $item_arr[$key] = $value; } $items[] = $item_arr; } $tbl_name = 'rss2_podcast_itunes'; $sql_1 = "SELECT * FROM ". $tbl_name . " ORDER BY publish_date_itunes DESC LIMIT 5"; $itunes_arr = array(); $result_obj = $mysqli_obj->query($sql_1); while($row = $result_obj->fetch_assoc()) { foreach($row as $key => $value) { $itunes_arr[$key] = $value; } $itunes[] = $itunes_arr; } use FeedWriter\RSS2; require_once("/Users/.../vendor/autoload.php"); $rss2 = new RSS2(); $prefix = 'itunes'; $uri = 'http://www.itunes.com/dtds/podcast-1.0.dtd'; $rss2->addNamespace($prefix,$uri); $href_atom = 'http://www.grammarcaptive.com/filepath.xml'; $rel_atom = 'feed'; $type_atom = 'application/x.atom+xml'; $hreflang_atom = 'en'; $title_atom = 'Grammar Captive Weekly Podcast'; $length_atom = NULL; $rss2->setATOMLink($href_atom,$rel_atom,$type_atom,$hreflang_atom,$title_atom,NULL); $rss2->setTitle($chan_arr['channel_title']); $rss2->setLink($chan_arr['channel_link']); $rss2->setDescription($chan_arr['channel_description']); $rss2->setChannelElement('image',$chan_image,NULL,true); $i=0; $domain = ['domain'=>'']; $length = count($chancat_name); while ($i < $length) { $rss2->setChannelElement('category',$chancat_name[$i],$domain, true); $i++; } $tags = ['copyright']; $rss2->addCDATAEncoding($tags); $rss2->setChannelElement('copyright',$chan_arr['channel_copyright'],NULL,false); $rss2->setChannelElement('language',$chan_arr['channel_language'],NULL,false); $rss2->setChannelElement('webMaster',$chan_arr['channel_webmaster'],NULL,false); $rss2->setDate($chan_arr['channel_lastbuilddate']); $rss2->addGenerator(); $i = 0; $length = count($items); while ($i < $length) { foreach ($items as $key => $value) { $item = $rss2->createNewItem(); $item->setTitle($items[$i]['item_title']); $item->setLink($items[$i]['item_link']); $item->setDate($items[$i]['item_pubdate']); $item->setDescription($items[$i]['item_description']); $item->setId($items[$i]['item_guid'],false); $item->addEnclosure($items[$i]['item_enclurl'],$items[$i]['item_encllength'],$items[$i]['item_encltype'],false); $item->setAuthor($items[$i]['item_author'],$itunes[$i]['itunes_email'],NULL); $source_url = ['url' => $items[$i]['item_source']]; $item->addElement('source',$chan_arr['channel_title'],$source_url,false,false); $item->addElement('comments',$items[$i]['item_comments'],NULL,false,false); } $newItems[] = $item; $i++; } foreach ($newItems as $item) { $rss2->addItem($item); } $rss2->printFeed(true); On the one hand, it appears that security is not an issue because I merely read and execute based upon what I have read. At no time do I write except to publish the final result. On the other hand, PHP files can easily be read using PHP functions such as the show_source( ) method. As Ingolme pointed out already many days ago. If I can see the file on the internet, then others are likely able to see it to. Link to comment Share on other sites More sharing options...
justsomeguy Posted July 14, 2017 Share Posted July 14, 2017 On the other hand, PHP files can easily be read using PHP functions such as the show_source( ) method. As Ingolme pointed out already many days ago. If I can see the file on the internet, then others are likely able to see it to. You can't look at the source code of arbitrary PHP files. This forum is using index.php, can you see the code for it? Depending on where your data comes from, the only issues with that might be something like XSS, but I'm not sure if XSS applies in an RSS feed (I don't know if the Javascript code will get executed). Link to comment Share on other sites More sharing options...
iwato Posted July 23, 2017 Author Share Posted July 23, 2017 If I have understood correctly. The PHP show_source( ) method only works because the method is called within the same domain name as the file that it calls. Am I correct? Link to comment Share on other sites More sharing options...
Ingolme Posted July 23, 2017 Share Posted July 23, 2017 It only shows the source of files in the same local filesystem, regardless of domain name. If, for some reason, it did load a file from a URL it would only be able to show what was returned by that URL through HTTP. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now