Jul 19, 2009
Searching for a text string in all files and directories recursively in PHP
I was having a similar problem. I needed to edit the footer of my site http://www.techmindz.com but I didn’t know which file, out of 100s, had that particular part. I just made a script for that.
<?php
$query=escapeshellarg($_GET['str']);
$query="find . -exec grep -l $query {} ;";
system($query);
?>Save this file as textsearch.php in your root directory. Now visit the site www.yoursite.com/textsearch.php?str=yoursearchstring
And voila! You get the results.
Peace!
Disclaimer: Please note that this should be used only by webmasters as a quick tool to find specific strings within all files without having to download all the files to local computer. While this method is not recommended, this can be used as a temporary tool only. This file (textsearch.php) should be deleted as soon as your work is done with it for security reasons. I won’t be held responsible for any damages caused.
Is this post serious?
This code snippet is wrong in so many ways!
DO NOT ANYONE – bother with this.
Firstly – why not just run the bash command directly on the command line?!
Secondly – you are passing insecure, UNSANITISED input to the command line. This is open season for abuse.
Well you’ve achieved one thing at least – you made my head hurt.
@Dave
Well, when command line is not available, what you gonna do?
Secondly – Its for your own personal use… that link will never go public, so how do you think it will be abused? You can add entry in robots.txt to not index this file.
LOL
I too though it was a joke at first.
@t0x1caT0r
Security by obscurity is not security.
Just because its not indexed doesn’t mean its not accessible.
If you don’t have access to the command line – why not use FTP (which you must have at least) and download the whole site to your dev machine, search/develop/etc and then deploy when done.
Just because your hammer is PHP – does not make mean you should hit everything with it. Searching in files – PHP is not the answer here (yes I am fulltime professional PHP developer, btw).
Even if you did secure access to this file with – lets say a IP-restricted .htaccess file – this php script, per se, is a perfect example of why PHP is viewed poorly by many. You are publishing a very insecure script with no disclaimer telling newbies the context of how to secure the file from public use.
Throwing in a simple escapeshellarg() around the input is easy, too.
@valeriyz
What did you think afterwards?
@Dave
Well, this was published just as a trick for webmasters who wouldn’t want the hassle to download whole site, modify and upload it. Seriously, I am in a country where 128KBps is considered high speed. Upload speed is even more pathetic. I can’t possibly download all the files and reupload it. And what if I just want to modify a single line which is lying in unknown file amongst hundreds of other files? Download them all just to change one line?
It did the job for me and I removed it as soon as I was done with it, so I thought of sharing it with everyone.
Anyways, I’ve put a disclaimer on the post. Fine now?
Okay, please don’t take it personally. A lot of code that I wrote was dismissed as overengineered or just plain useless. So it happens with all. Seriously, even if you don’t have shell access to the box (in which case you don’t need the script), presumably you have FTP. You can easily mount FTP with FUSE if you are on Linux or Mac, and I guess in Windows world shells like Far or Total Commander will help you out with grepping all the remote files at once. I’d never use a script like this nor would I write one.