从 file_get_contents 方法中隐藏 php 代码

Question

我正在使用 PHPMailer 发送电子邮件。 template.php 文件中提供了我的电子邮件设计。我正在使用 mail.php 文件中的 file_get_contents 方法提取 template.php 文件的内容。但是我有这样一个问题，我在template.php文件中的所有php代码也是可见的。我怎样才能隐藏它们？

Mail.php

<?php
// Import PHPMailer classes into the global namespace
// These must be at the top of your script, not inside a function
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'PHPMailer/src/Exception.php';
require 'PHPMailer/src/PHPMailer.php';
require 'PHPMailer/src/SMTP.php';

require_once 'assets/standart/db.php';
require 'assets/class/all.php';

$connect = new baglan();
$settings = new ayarlar();


// SMTP settings connect
$connect->connect('settings_smtp', '', '', 0);
$smtp_settings = $connect->connect->fetch(PDO::FETCH_ASSOC);

$smtp_mail = $smtp_settings['mail'];
// /SMTP settings connect

$template_file = 'PHPMailer/template.php';

if(file_exists($template_file)){
$mail_template = htmlspecialchars(file_get_contents($template_file));
}else{
    die("Unable to locate the template file");
}

//Load Composer's autoloader

// require 'vendor/autoload.php';

//Create an instance; passing `true` enables exceptions
$mail = new PHPMailer(true);

try {
    //Server settings
    $mail->SMTPDebug = 0;
    $mail->isSMTP();
    $mail->Host       = $smtp_settings['host'];
    $mail->SMTPAuth   = true;
    $mail->Username   = $smtp_settings['mail'];
    $mail->Password   = $smtp_settings['password'];
    $mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
    $mail->Port       = $smtp_settings['port'];

    //Recipients
    $mail->setFrom("$smtp_mail", 'Mailer');
    $mail->addAddress('example@gmail.com', 'Joe User');     //Add a recipient
    // $mail->addAddress('ellen@example.com');               //Name is optional
    // $mail->addReplyTo('info@example.com', 'Information');
    // $mail->addCC('cc@example.com');
    // $mail->addBCC('bcc@example.com');

    //Attachments
    // $mail->addAttachment('/var/tmp/file.tar.gz');         //Add attachments
    // $mail->addAttachment('/tmp/image.jpg', 'new.jpg');    //Optional name

    //Content
    $mail->isHTML(true);
    $mail->CharSet = 'UTF-8';
    
    $mail->Subject = 'Here is the subject';
    $mail->Body    = $mail_template;
    $mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

    $mail->send();
    echo 'Message has been sent';
} catch (Exception $e) {
    echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}

Template.php

<?php
echo $forexample = 'Some words here';
?>

Answer 1

不要为此使用 file_get_contents，使用包含输出缓冲。这样它将 运行 PHP 代码，你将看到它的执行结果而不是代码本身。

Answer 2

有

$mail_template = htmlspecialchars(file_get_contents($template_file));

你只会将文件的内容放入变量$mail_template

您可以按照此处所述使用 eval() 函数：https://www.php.net/manual/en/function.eval.php 但要小心使用！

Caution: The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

你可以这样使用它：

$mail_template_php = htmlspecialchars(file_get_contents($template_file));
$mail_template = eval($mail_template_php);

Answer 3

你必须运行模板文件，而不是简单地阅读它。

你可以这样做：

ob_start();
include ( $template_file );
$mail_template = ob_get_clean();

ob_start() (output-buffer start) 导致所有 php 脚本输出（来自 echo 等）进入输出缓冲区。 output_get_clean() 检索该输出。