Php methods and risks of opening remote files and solutions. PHP has a configuration option named allow_url_fopen, which is valid by default. It allows you to point to many types of resources and process them like local files. For example, by reading the URL, you can set the configuration option allow_url_fopen in PHP. this option is valid by default. It allows you to point to many types of resources and process them like local files. For example, by reading a URL, you can obtain the content of a page (HTML) and view the following code.
The code is as follows:
$ Contents = file_get_contents ('http: // www.jb51.net /');
?>
Serious vulnerabilities may occur when contaminated data is directed to include and require files. In fact, I think this vulnerability is one of the most dangerous vulnerabilities in PHP applications because it allows attackers to execute arbitrary code. Although the severity level is worse, a similar vulnerability may occur if contaminated data is used in a standard file system function:
The code is as follows:
$ Contents = file_get_contents ($ _ GET ['filename']);
?>
In this example, you can manipulate the behavior of file_get_contents () to obtain the content of remote resources. Consider the following request:
Http://example.org/file.php? File... mple.org3162fxss.html
This causes the value of $ content to be contaminated. as this value is obtained indirectly, it is likely to ignore this fact. This is also the principle of in-depth prevention. it will regard the file system as a remote data source and the value of $ content as the input, so that your filtering mechanism will potentially turn around.
Because the $ content value is contaminated, it may lead to multiple security vulnerabilities, including cross-site scripting and SQL injection vulnerabilities. For example, the following is an example of a cross-site scripting vulnerability:
The code is as follows:
$ Contents = file_get_contents ($ _ GET ['filename']);
Echo $ contents;
?>
SolutionNever point to a file name with contaminated data. You must always filter the input, and be sure to be filtered before the data points to a file name:
The code is as follows:
$ Clean = array ();
/* Filter Input ($ _ GET ['filename']) */
$ Contents = file_get_contents ($ clean ['filename']);
?>
Although the data in $ content cannot be completely correct, it provides a reasonable guarantee that the file you read is exactly the file you want to read, not specified by the attacker. To enhance the security of this process, you also need to regard $ content as input and filter it before use.
The code is as follows:
$ Clean = array ();
$ Html = array ();
/* Filter Input ($ _ GET ['filename']) */
$ Contents = file_get_contents ($ clean ['filename']);
/* Filter Input ($ contents )*/
$ Html ['Contents'] = htmlentities ($ clean ['Contents'], ENT_QUOTES, 'utf-8 ');
Echo $ html ['tents'];
?>
The above process provides a powerful way to prevent multiple attacks, and is recommended in actual programming.
Bytes. It allows you to point to many types of resources and process them like local files. For example, you can read the URL...
