Sanitize the user-provided URL for file_get_contents

Question

Sanitize the user-provided URL for file_get_contents

I want to use file_get_contentsa proxy server implementation so that I can execute AJAX requests with cross domains.

The query string will be used to specify the URL file_get_contents. Now the problem is that people can quench the query string around to read local files on the server. I do not want it. Can someone get a function to sanitize a query string to accept only URLs and not local files, i.e.:

?url=http://google.com.au - OK
?url=./passwords.txt - out of order

+3

php proxy file-get-contents

Luis Jun 2 '10 at 11:03

source share

1 answer

Serty oan · Accepted Answer · 2010-06-02T12:52:09+0000

$url = filter_var($_GET['url'], FILTER_SANITIZE_URL);

or

if($_GET['url'] === filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
    ... your stuff here ...
}

Sanitize the user-provided URL for file_get_contents

More articles: