Sanitize file_get_contents
Posted
by Luis
on Stack Overflow
See other posts from Stack Overflow
or by Luis
Published on 2010-06-02T11:03:00Z
Indexed on
2010/06/02
11:03 UTC
Read the original article
Hit count: 217
I want to use file_get_contents to implement a proxy so I can do ajax cross domain requests. Querystring will be used to supply the URL to file_get_contents. Now the problem is people can muck around with the qurystring in order to read local files on the server. I dont wnat this. Can someone get me a function to sinitize the querystring in order only to accept urls and not local files: ie:
?url=http://google.com.au - OK
?url=./passwords.txt - Not OK
© Stack Overflow or respective owner