Methods and risks for PHP to open remote files and solutions _php tips

Source: Internet
Author: User
Tags sql injection
PHP has a configuration option called Allow_url_fopen, which is valid by default. It allows you to point to many types of resources and handle them like local files. For example, by reading the URL you can get the content of a page (HTML), look at the following code
Copy Code code as follows:

<?php
$contents = file_get_contents (' http://www.jb51.net/');
?>

When contaminated data is used for include and require file points, a serious vulnerability can occur. In fact, I think this vulnerability is one of the most dangerous vulnerabilities in PHP applications because it allows an attacker to execute arbitrary code. Although severity is almost at a level, a similar vulnerability can occur when contaminated data is used in a standard file system function:
Copy Code code as follows:

<?php
$contents = file_get_contents ($_get[' filename ']);
?>

This example enables the user to manipulate the behavior of the file_get_contents () so that it obtains the contents of the remote resource. Consider a request similar to the following:
Http://example.org/file.php?file ... mple.org%2fxss.html
This leads to a situation where the value of the $content is contaminated, and because the value is obtained indirectly, it is likely to ignore this fact. This is also the principle of depth prevention will see the file system as a remote data source, but also depending on the value of $content as input, so that your filtering mechanism will potentially play a role in the future.
Because the $content value is contaminated, it can lead to multiple security vulnerabilities, including Cross-site scripting vulnerabilities and SQL injection vulnerabilities. For example, here is an example of a cross-site scripting vulnerability:
Copy Code code as follows:

<?php
$contents = file_get_contents ($_get[' filename ']);
Echo $contents;
?>

Solutionis never to use contaminated data to point to a filename. Adhere to the filter input and be sure to filter the data before it points to a filename:
Copy Code code as follows:

<?php
$clean = Array ();
/* Filter Input ($_get[' filename ')] * *
$contents = file_get_contents ($clean [' filename ']);
?>

While there is no guarantee that the data in the $content is completely fine, it gives a reasonable assurance that the file you are reading is the file you want to read, not the attacker. To enhance the security of this process, you also need to think of $content as input and filter it before use.
Copy Code code as follows:

<?php
$clean = Array ();
$html = Array ();
/* Filter Input ($_get[' filename ')] * *
$contents = file_get_contents ($clean [' filename ']);
/* Filter Input ($contents) * *
$html [' contents '] = htmlentities ($clean [' contents '], ent_quotes, ' UTF-8 ');
echo $html [' contents '];
?>

The above process provides a powerful way to protect against multiple attacks, and is recommended for practical programming.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.