fpc*

what about XSS attacks, or inject html, inject javascript, and any other html compatible markup?

I have an advertisor who has requested I use php code to include their ad tag, this is the code they have given me; [quote]<?php $SERVER_NAME=$_SERVER['SERVER_NAME']; $urlx=$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $ref=str_replace(" ",null,$HTTP_USER_AGENT); $URL="http://www.etc.com/etc/etc.php?urlx=".$urlx."&site=".$SERVER_NAME."&ref=".$ref; $file = @fopen("$URL", "r"); $r = ""; do {   $data = @fread($file, 8192);   if (strlen($data) == 0) {       break;   }   $r .= $data; } while (true); fclose ($file); echo $r; ?> [/quote] Does this look malicous in any way? Can it be used to run remote commands, upload files or download files? I am a bit paranoid, but only because I am a bit clueless ;> Any help is appreciated. thanks