473,396 Members | 1,968 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to get a php script to load an arbitrary text file and return a modified version?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

How to get a PHP script to load an arbitrary text file and return a modified version?

Suppose there's an arbitrary text file on the web at
http://somedomain.com/original_text.txt
which contains some text like "This is my original text."

I'd like to have a page (say it's called my_modifier.php) on my site which accepts a URL as a parameter, and returns a modified version of that text.

So for example, when I browse to my page...
http://www.mydomain.com/my_modifier.php?http://somedomain.com/original_text.txt
... I get a text file returned to me containing "modifiedText = 'This is my original text.' "

Is this possible?
Jan 13 '10 #1

✓ answered by dgreenhouse

It's risky because a knowledgeable hacker/whacker can enter a url that they know is compromised, a series of characters that can cause a memory fault, tie up the computer processing useless sub-requests, or even execute system commands.

You can mitigate most security breaches, but some hacks can get through anyway.

Unfortunately, I don't have enough time right now to explain in detail, but this should at least get you thinking in the right direction.

You'll have to read up on PHP Security Best Practices.

Here are a couple of book titles from my library:
Pro PHP Security
{Author(s): Chris Snyder and Michael Southwell}
{Publisher: Apress}
Page: 243 covers this in detail

Secure PHP Development
{Author: Mohammed J. Kabir}
{Publisher: Wiley}

See: http://phpsec.org/projects/phpsecinf...url_fopen.html


Parameterized...
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Load a net text file</title></head>
  3. <body>
  4. <form action="" method="post">
  5.   <span>Enter a url</span>
  6.   <input type="text" name="the_url" style="width:300px;" />
  7.   <input type="submit" name="get_it" value="Get the text!" />
  8. </form>
  9. <?php
  10.  
  11. if (isset($_POST['get_it']) && isset($_POST['the_url']) && !empty($_POST['the_url'])) {
  12.   $text_in = file_get_contents($_POST['the_url']);
  13.   print "Modified Text = <br>$text_in";
  14. }
  15.  
  16. // http://www.nytimes.com/robots.txt
  17.  
  18. ?>
  19. </body>
  20. </html>
  21.  

3 1700
dgreenhouse
250 Expert 100+
Expand|Select|Wrap|Line Numbers
  1. $text_in = file_get_contents('http://www.nytimes.com/robots.txt');
  2. print "Modified Text = <br>$text_in";
  3.  
By the way, you really wouldn't want to do that normally on a 'world facing' site without some serious variable cleansing.

I'd be reluctant to do it at all.

It could be a hackers paradise!
Jan 13 '10 #2
@dgreenhouse: Thanks for this. Is there a way to parametrise the URL?

And... afraid I know nothing about php: do I make a file with just your code in it, or does it need to be wrapped in <?php ... ?> tags or something?

Also: I'm not planning to expose this on a real site, but why is this risky?
Jan 13 '10 #3
dgreenhouse
250 Expert 100+
It's risky because a knowledgeable hacker/whacker can enter a url that they know is compromised, a series of characters that can cause a memory fault, tie up the computer processing useless sub-requests, or even execute system commands.

You can mitigate most security breaches, but some hacks can get through anyway.

Unfortunately, I don't have enough time right now to explain in detail, but this should at least get you thinking in the right direction.

You'll have to read up on PHP Security Best Practices.

Here are a couple of book titles from my library:
Pro PHP Security
{Author(s): Chris Snyder and Michael Southwell}
{Publisher: Apress}
Page: 243 covers this in detail

Secure PHP Development
{Author: Mohammed J. Kabir}
{Publisher: Wiley}

See: http://phpsec.org/projects/phpsecinf...url_fopen.html


Parameterized...
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <head><title>Load a net text file</title></head>
  3. <body>
  4. <form action="" method="post">
  5.   <span>Enter a url</span>
  6.   <input type="text" name="the_url" style="width:300px;" />
  7.   <input type="submit" name="get_it" value="Get the text!" />
  8. </form>
  9. <?php
  10.  
  11. if (isset($_POST['get_it']) && isset($_POST['the_url']) && !empty($_POST['the_url'])) {
  12.   $text_in = file_get_contents($_POST['the_url']);
  13.   print "Modified Text = <br>$text_in";
  14. }
  15.  
  16. // http://www.nytimes.com/robots.txt
  17.  
  18. ?>
  19. </body>
  20. </html>
  21.  
Jan 14 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

17
Recommendations for PHP Form Validation Script
by: Phil Powell | last post by:
Where can I find an online PHP form validator script library to use? I have tried hacking the one here at work for weeks now and it's getting more and more impossible to customize, especially now...
PHP
2
Jacks php from mail script
by: Web Master | last post by:
Hi, I am having a little issue with Jacks Form mail php script. I have installed it and configured the form to get it to work, but for some bizarre reason I have 2 issues I can't seem to debug....
PHP
2
Loading and executing an arbitrary Python script from within Python
by: TheDustbustr | last post by:
I'm writing a game in C++ that calls out to Python for scripting. The C++ kernel holds an instance of ScriptCtl and calls the load(filename) method to load a script, then run() to run all loaded...
Python
6
Script, Save, Export SQL Database Diagrams
by: Clay Beatty | last post by:
When you create database diagrams in Enterprise Manager, the details for constructing those diagrams is saved into the dtproperties table. This table includes an image field which contains most of...
Microsoft SQL Server
4
Timeout? in asp script upload
by: Scott Baxter | last post by:
Hello, I got the following scripts to upload files to my directories I call insert.htm Browse for a file, then click 'submit' It works for small files, and for a small .mdb (access file)
ASP / Active Server Pages
7
dynamically add a script source
by: cjl | last post by:
Hey all: I've searched the newsgroup, and googled, but I'm stuck. I want to be able to 'dynamically' add a .js file to a web page after the page has loaded, based on user interaction. For...
Javascript
9
rapidshare upload perl script for linux
by: 8anos | last post by:
Hello, I am new at the community and newbie at programming :) As you may know rapidshare provides a perl script for linux, to upload files at their servers. You can find the original scripts at...
Perl
82
how to check for all the fields in user registrations perl script
by: happyse27 | last post by:
Hi All, I modified the user registration script, but not sure how to make it check for each variable in terms of preventing junk registration and invalid characters? Two codes below : a)...
Perl
1
KevinADC
How to Make a File Download Script with Perl
by: KevinADC | last post by:
Note: You may skip to the end of the article if all you want is the perl code. Introduction Many websites have a form or a link you can use to download a file. You click a form button or click...
Perl
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!