trying to send javascript to php script using JSON to get packed

StackOverflow https://stackoverflow.com/questions/10829241

Question

I'm using JSON to send the javascript script code over to a php script to get packed(encrypted) I'm using Dead Edwrd's PHP Javascript Packer http://joliclic.free.fr/php/javascript-packer/en/index.php The packer works fine but i am facing a weird problem causing the packed results to go wrong.

Here's the original script i want to pack:

<script type='text/javascript'>jwplayer('mediaspace').setup({ 'flashplayer': 'http://www.domain.com/player/player/player.swf', 'file': 'http://doamin.com','image': 'http://www.domain.com/images/background.jpg', 'skin': 'http://www.domain.com/player/skin/glow.zip', 'plugins': 'hd-2,timeslidertooltipplugin-1', 'hd.file': 'http://doamin.com', 'controlbar': 'over', 'stretching': 'exactfit', 'width': '700', 'height': '404' });</script>

I use javascript escape on this script before sending it to my php script

It looks like this after escaped:

%3Cscript%20type%3D%27text/javascript%27%3Ejwplayer%28%27mediaspace%27%29.setup%28%7B%20%27flashplayer%27%3A%20%27http%3A//www.domain.com/player/player.swf%27%2C%20%27file%27%3A%20%27http%3A//domain.com%27%2C%20%20%20%20%20%27image%27%3A%20%27http%3A//www.domain.com/images/background.jpg%27%2C%20%27skin%27%3A%20%27http%3A//www.domain.com/player/skin/glow.zip%27%2C%20%27plugins%27%3A%20%27hd-2%2Ctimeslidertooltipplugin-1%27%2C%20%27hd.file%27%3A%20%27http%3A//domain.com%27%2C%20%27controlbar%27%3A%20%27over%27%2C%20%27stretching%27%3A%20%27exactfit%27%2C%20%27width%27%3A%20%27700%27%2C%20%27height%27%3A%20%27404%27%20%7D%29%3B%3C/script%3E

Then i send this over to my php script using JSON.

PHP script to get the value and packed the script and return the packed script to the javascript:

<?php
$src = $_GET['code'];
$callback = $_GET['callback'];

require 'class.JavaScriptPacker.php';

$packer = new JavaScriptPacker($src, 'Normal', true, false);
$packed = $packer->pack();

$output = array('error'=>'none', 'results'=> $packed , 'source' => $src);
$out_string =  json_encode($output);
echo $callback.'('.$out_string.');';
?>

P/S I have added 'source' to the array , so i can check what exactly php GET.

Now the problem , i don't know why but php is adding backward slashes to the source/$src as shown below:

<script type=\'text/javascript\'>jwplayer(\'mediaspace\').setup({ \'flashplayer\': \'http://www.domain.com/player/player.swf\', \'file\': \'http://domain.com\', \'image\': \'http://www.domain.com/images/ackground.jpg\', \'skin\': \'http://www.domain.com/player/skin/glow.zip\', \'plugins\': \'hd-2,timeslidertooltipplugin-1\', \'hd.file\': \'http://domain.com\', \'controlbar\': \'over\', \'stretching\': \'exactfit\', \'width\': \'700\', \'height\': \'404\' });</script>

This wreck the pack results

Results i wanted:

eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c])}}return p}('<8 g=\'f/e\'>d(\'l\').k({\'j\':\'3://6.5.0/4/4/4.n\',\'7\':\'3://b.0\',\'m\':\'3://6.5.0/i/h.c\',\'9\':\'3://6.5.0/4/9/x.z\',\'o\':\'a-2,w-1\',\'a.7\':\'3://b.0\',\'y\':\'v\',\'u\':\'q\',\'p\':\'r\',\'s\':\'t\'});</8>',36,36,'com|||http|player|domain|www|file|script|skin|hd|doamin|jpg|jwplayer|javascript|text|type|background|images|flashplayer|setup|mediaspace|image|swf|plugins|width|exactfit|700|height|404|stretching|over|timeslidertooltipplugin|glow|controlbar|zip'.split('|')))

BUT the results i got due to the backward slashes(which wreck the script too)

eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c+'\\b','g'),k[c])}}return p}('<2 1=\\\'0/3\\\'>4(\\\'7\\\').6({\\\'5\\\':\\\'8:',9,9,'text|type|script|javascript|jwplayer|flashplayer|setup|mediaspace|http'.split('|')))

what am i doing wrong?

Was it helpful?

Solution

Add this at start of your php script:

if(get_magic_quotes_gpc())
{
    function undo_magic_quotes_array($array)
    {
        return is_array($array) ? array_map('undo_magic_quotes_array', $array) : stripslashes($array));
    }
    $_GET = undo_magic_quotes_array($_GET);
    $_POST = undo_magic_quotes_array($_POST);
    $_COOKIE = undo_magic_quotes_array($_COOKIE);
    $_FILES = undo_magic_quotes_array($_FILES);
    $_REQUEST = undo_magic_quotes_array($_REQUEST);
}

OTHER TIPS

You probably have magic_quotes turned on which automatically adds the backslash to POST, GET and COOKIE variables.

Disable it in php.ini (it's deprecated as of PHP 5.3 and removed in 5.4 anyway) or simply use stripslashes:

$src = $_GET['code'];
if (get_magic_quotes_gpc())  
  $src = stripslashes($src);

Or you can escape all $_GET variables at once:

$_GET = array_map('stripslashes', $_GET);

It is because of json_encode. You are treating your entire script as if it were a string. Naturally, as a string, it will need \ to escape various characters.

The JSON that would be created here looks something like this:

{
    'error':'none', 
    'results':'eval(...)',
    'source':'...whatever your $src is...'
}

notice that eval(...) and whatever your $src was are now wrapped in quotes. They are strings and various characters must be escaped.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top