Sanitize file_get_contents

Posted by Luis on Stack Overflow See other posts from Stack Overflow or by Luis
Published on 2010-06-02T11:03:00Z Indexed on 2010/06/02 11:03 UTC
Read the original article Hit count: 213

Filed under:

php

|

proxy

|

file-get-contents

I want to use file_get_contents to implement a proxy so I can do ajax cross domain requests. Querystring will be used to supply the URL to file_get_contents. Now the problem is people can muck around with the qurystring in order to read local files on the server. I dont wnat this. Can someone get me a function to sinitize the querystring in order only to accept urls and not local files: ie:

?url=http://google.com.au - OK

?url=./passwords.txt - Not OK

© Stack Overflow or respective owner

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about proxy

DNS lookup failures while accessing my website some proxy error

as seen on Server Fault - Search for 'Server Fault'
Here is a situation until today morning,every thing has been working perfectly fine with me. From past 6 months many of my domains wer accessible as http://site1.myserver.com http://site2.myserver.com http://site3.myserver.com http://site4.myserver.com All these were Reverse Proxy configurations… >>> More
Apache2 mod_proxy to remote Tomcat7 - slow response

as seen on Server Fault - Search for 'Server Fault'
Been stuck with this one for a few days. Will try to provide as much information as possible, but please feel free to ask for extra detail. I have 2 VMs behind a NAT, 192.168.0.100 and 192.168.0.102, both running Ubuntu 11.04 x64. The first one is mapped to the exterior and is our webserver, has… >>> More
How to set a proxy for Webbrowser Control without effecting the SYSTEM/IE proxy

as seen on Stack Overflow - Search for 'Stack Overflow'
How can I set a proxy for a Webbrowser Control without setting a proxy for IE. Basically I want my application to use a certain proxy however obviously I don't want to change user's IE proxy settings. >>> More
Difference between proxy server and reverse proxy server

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the difference between proxy server and reverse proxy server? >>> More
[MAJ] Transformer APACHE 2.0 en Proxy HTTP - Comment utiliser le Module Proxy d'Apache

as seen on ASP-PHP.net - Search for 'ASP-PHP.net'
Modification du script suite ? l'alerte concernant la possibilit? offerte ? n'importe qui d'utiliser le moteur APACHE comme proxy sans aucun contr?le. >>> More