Can a Site get a Virus from using Curl?
- by Mark Tyler
I have a script which uses simple php curl requests to get the contents from rss/atom feeds....
now my question is it possible that by using curl, is there a chance i might get a virus?
Let's say I do a php curl request to a rss feed in feedburner (I know this site does not contain any viruses, but this is only an example) and let's say this site has a malicious virus of some kind. Is there a chance that I might inherit that virus too?
If yes, what precautions can I do to make sure something like that never happens.
This is the php code I am currently using to fetch the RSS
$headers [] = 'Connection: Keep-Alive';
$headers [] = 'Content-type: application/x-www-form-urlencoded; charset=utf-8';
$headers [] = 'Accept-Encoding: application/xhtml+xml,application/xml,text/xml,text/html;q=0.9,*/*;q=0.8';
$ch = curl_init($url);
//curl_setopt($ch, CURLOPT_USERAGENT,'Phenoix/0.1.3 (Feed Parser Beta; Beta ; Allow like Gecko) Build/20111112');
curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1');
//curl_setopt($ch, CURLOPT_REFERER, "http://google.com/auto/clogger");
//curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate' );
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers );
//curl_setopt($channel, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
//allow cookie
$cookie_file = "cookie1.txt";
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
$xml = curl_exec($ch);
if(curl_error($ch)){
//$text .= "Error while updating. Please try again later";
return array(0, curl_error($ch));
}
$info = curl_getinfo($ch);
curl_close($ch);