'', '[m[1;31m' => '', '[m[1;32m' => '', '[m[1;33m' => '', '[m[1;34m' => '', '[m[1;37m' => '', ); // $endDict = array( // '[m' => '', // ); // validation logic if($_SERVER["REQUEST_METHOD"] == "POST") { //if(!empty($_POST["server"]) && preg_match($serverRegex, $_POST["server"]) == 1) { if(!empty($_POST["server"])) { //$server = validateServer($_POST["server"]); $server = $_POST["server"]; $serverError = ""; } else { $server = ""; $serverError = "Please enter a valid hostname or IP"; $cmdError += 1; } //if(!empty($_POST["port"]) && preg_match($portRegex, $_POST["port"]) == 1) { if(!empty($_POST["port"])) { //$port = validatePort($_POST["port"]); $port = $_POST["port"]; $portError = ""; } else { $port = ""; $portError = "Please enter a valid port"; $cmdError += 2; } if(!empty($_POST["starttls"])) { //$starttls = validateStarttls($_POST["starttls"]); $starttls = $_POST["starttls"]; $starttlsError = ""; } else { // no POST data? assume no //$starttls = ""; //$starttlsError = "Please enter a valid STARTTLS value"; //$cmdError += 4; $starttls = "No"; } if((!empty($_POST["starttls"]) && !empty($_POST["starttlsType"])) || empty($_POST["starttls"])) { //$starttlsType = validateStarttlsType($_POST["starttlsType"]); $starttlsType = $_POST["starttlsType"]; $starttlsTypeError = ""; } else { $starttlsType = ""; $starttlsTypeError = "Please enter a valid STARTTLS Type"; $cmdError += 8; } } function validateStarttls() { } function validateStarttlsType() { } ?>

Target

">

Result

                                                
                                                        \?\r\n]/", '', fread($proc, 4096));
                                                                                //$htmlString = str_replace(array_keys($endDict), $endDict, str_replace(array_keys($startDict), $startDict, $result_raw));
                                                                                //$htmlString = str_replace(array_keys($startDict), $startDict, $result_raw);
                                                                                //$htmlString = str_replace('[m[1;32m', '', $result_raw);
                                                                                $htmlString = preg_replace("/\e\[m\e\[1;32m/", '', fread($proc, 4096));

                                                                                //echo fread($proc, 4096);
                                                                                echo "$htmlString";

                                                                                @ flush();
                                                                        }
                                                                }
                                                        ?>