Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
ex3xeng2015-11-25 10:33:32
PHP
ex3xeng, 2015-11-25 10:33:32

Do I need to filter data file_exists(), file_get_contents()?

there is a diagram like this:

$file = (isset($_GET['file']) && !empty($_GET['file']) ? $_GET['file'] : false);
if ($file) {
   if (file_exists($file)) $file = file_get_contents($file);
}

while the get parameter is sent by the client, is it necessary to somehow filter the incoming data in this case? are errors possible?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Alexey Ukolov, 2015-11-25
@alexey-m-ukolov

Of course, this is a classic mistake - you are actually letting the user read an arbitrary file on your server. This is a huge security hole.
Stepic.org has a course on web project security and it has a chapter on exactly this issue.

Report
A
Alexey Hog, 2015-11-25
@Skiphog

Some information can be found here

Similar questions
M
Max Ba2017-04-06 13:55:11
How to make a key for a TIN? 3Reply
Y
Yaroslav2019-10-03 12:49:21
Where and how to find free labor for the for fun project and where to discuss ideas? 7Reply
S
Simon Tis2019-10-03 19:03:22
How all the same to connect a script in header 1C? 3Reply
P
podde2019-10-07 17:31:28
How to create an automatic signature in Service desk? 3Reply
I
Ivan Zhuravlev2019-10-07 20:13:32
How to set up routing on Raspberry Pi? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question