HTMLDOC 1.8.27 Software Users Manual
Home · Articles & FAQs · Bugs & Features · Documentation · Download · ForumsLogin

[ Comments | Contents | Previous | Next ]

Calling HTMLDOC from PHP

PHP is quickly becoming the most popular server-side scripting language available. PHP provides a passthru() function that can be used to run HTMLDOC. This combined with the header() function can be used to provide on-the-fly reports in PDF format.

Here is a simple PHP function that can be used to convert a HTML report to PDF and send it to the HTTP client:

    function topdf($filename, $options = "") {
	# Tell HTMLDOC not to run in CGI mode...
        putenv("HTMLDOC_NOCGI=1");

	# Write the content type to the client...
	header("Content-Type: application/pdf");
	flush();

	# Run HTMLDOC to provide the PDF file to the user...
	passthru("htmldoc -t pdf --quiet --jpeg --webpage $options '$filename'");
    }

The function accepts a filename and an optional "options" string for specifying the header, footer, fonts, etc.

To prevent malicious users from passing in unauthorized characters into this function, the following function can be used to verify that the URL/filename does not contain any characters that might be interpreted by the shell:

    function bad_url($url) {
	// See if the URL starts with http: or https:...
	if (strncmp($url, "http://", 7) != 0 &&
	    strncmp($url, "https://", 8) != 0) {
            return 1;
	}

	// Check for bad characters in the URL...
	$len = strlen($url);
	for ($i = 0; $i < $len; $i ++) {
            if (!strchr("~_*()/:%?+-&@;=,$.", $url[$i]) &&
		!ctype_alnum($url[$i])) {
		return 1;
	    }
	}

	return 0;
    }

Another method is to use the escapeshellarg() function provided with PHP 4.0.3 and higher to generate a quoted shell argument for HTMLDOC.

To make a "portal" script, add the following code to complete the example:

    global $SERVER_NAME;
    global $SERVER_PORT;
    global $PATH_INFO;
    global $QUERY_STRING;

    if ($QUERY_STRING != "") {
	$url = "http://${SERVER_NAME}:${SERVER_PORT}${PATH_INFO}?${QUERY_STRING}";
    } else {
	$url = "http://${SERVER_NAME}:${SERVER_PORT}$PATH_INFO";
    }

    if (bad_url($url)) {
      print("<html><head><title>Bad URL</title></head>\n"
	   ."<body><h1>Bad URL</h1>\n"
	   ."<p>The URL <b><tt>$url</tt></b> is bad.</p>\n"
	   ."</body></html>\n");
    } else {
      topdf($url);
    }

[ Comments | Contents | Previous | Next ]

User CommentsAdd Comment ]

No comments for this page.

Copyright 1997-2008 by Easy Software Products. HTMLDOC and <HTML>DOC are the trademark property of Easy Software Products. HTMLDOC is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.