It's risky because a knowledgeable hacker/whacker can enter a url that they know is compromised, a series of characters that can cause a memory fault, tie up the computer processing useless sub-requests, or even execute system commands.
You can mitigate most security breaches, but some hacks can get through anyway.
Unfortunately, I don't have enough time right now to explain in detail, but this should at least get you thinking in the right direction.
You'll have to read up on PHP Security Best Practices.
Here are a couple of book titles from my library:
Pro PHP Security
{Author(s): Chris Snyder and Michael Southwell}
{Publisher: Apress}
Page: 243 covers this in detail
Secure PHP Development
{Author: Mohammed J. Kabir}
{Publisher: Wiley}
See:
http://phpsec.org/projects/phpsecinf...url_fopen.html
Parameterized...
-
<html>
-
<head><title>Load a net text file</title></head>
-
<body>
-
<form action="" method="post">
-
<span>Enter a url</span>
-
<input type="text" name="the_url" style="width:300px;" />
-
<input type="submit" name="get_it" value="Get the text!" />
-
</form>
-
<?php
-
-
if (isset($_POST['get_it']) && isset($_POST['the_url']) && !empty($_POST['the_url'])) {
-
$text_in = file_get_contents($_POST['the_url']);
-
print "Modified Text = <br>$text_in";
-
}
-
-
// http://www.nytimes.com/robots.txt
-
-
?>
-
</body>
-
</html>
-