Jump to content

Ask! Bugs from file_get_contents()


nicx

Recommended Posts

Mr.I was create a source view html with file_get_contents() function.But that have a bug,so someone can know my cpanel username and password. Where he can know that? What method he use? My code

<form action="" method="post"><input type="text" name="url" /><input type="submit" value="submit" /></form><?php$file = @file_get_contents($_POST["url"]);echo nl2br(htmlspecialchars($file));?>

Link to comment
https://forums.phpfreaks.com/topic/140584-ask-bugs-from-file_get_contents/
Share on other sites

I found that the easiest way to prevent the user from viewing your source code and just seeing html is by making them put in the full url (including http:// or https://) So the following should work and has a validator.

<form action="" method="post">You must place the full url starting with http:// or https://<br />
<input type="text" name="url" value="http://<? echo $_SERVER['SERVER_NAME']; ?>"/>
<input type="submit" value="submit" /></form>
<?php
if (isset($_POST["url"]) && substr($_POST["url"],0,4)==='http')
    {
    $file = @file_get_contents($_POST["url"]);
    echo nl2br(htmlspecialchars($file));
    } else if (isset($_POST["url"])) {
echo "You must have the full url starting with http:// or https://";
}
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.