How to get a PHP script to load an arbitrary text file and return a modified version?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • visitor2010
    New Member
    • Jan 2010
    • 2
    #1

    How to get a PHP script to load an arbitrary text file and return a modified version?

    Suppose there's an arbitrary text file on the web at
    http://somedomain.com/original_text.t xt
    which contains some text like "This is my original text."

    I'd like to have a page (say it's called my_modifier.php ) on my site which accepts a URL as a parameter, and returns a modified version of that text.

    So for example, when I browse to my page...
    http://www.mydomain.co m/my_modifier.php ?http://somedomain.com/original_text.t xt
    ... I get a text file returned to me containing "modifiedText = 'This is my original text.' "

    Is this possible?
    Tags: None
    • dgreenhouse
      Recognized Expert Contributor
      • May 2008
      • 250
      #2
      Code:
      $text_in = file_get_contents('http://www.nytimes.com/robots.txt');
print "Modified Text = <br>$text_in";
      By the way, you really wouldn't want to do that normally on a 'world facing' site without some serious variable cleansing.

      I'd be reluctant to do it at all.

      It could be a hackers paradise!

        Comment

        • visitor2010
          New Member
          • Jan 2010
          • 2
          #3
          @dgreenhouse: Thanks for this. Is there a way to parametrise the URL?

          And... afraid I know nothing about php: do I make a file with just your code in it, or does it need to be wrapped in <?php ... ?> tags or something?

          Also: I'm not planning to expose this on a real site, but why is this risky?

            Comment

            • dgreenhouse
              Recognized Expert Contributor
              • May 2008
              • 250
              #4
              It's risky because a knowledgeable hacker/whacker can enter a url that they know is compromised, a series of characters that can cause a memory fault, tie up the computer processing useless sub-requests, or even execute system commands.

              You can mitigate most security breaches, but some hacks can get through anyway.

              Unfortunately, I don't have enough time right now to explain in detail, but this should at least get you thinking in the right direction.

              You'll have to read up on PHP Security Best Practices.

              Here are a couple of book titles from my library:
              Pro PHP Security
              {Author(s): Chris Snyder and Michael Southwell}
              {Publisher: Apress}
              Page: 243 covers this in detail

              Secure PHP Development
              {Author: Mohammed J. Kabir}
              {Publisher: Wiley}

              See: http://phpsec.org/projects/phpsecinf...url_fopen.html


              Parameterized.. .
              Code:
              <html>
<head><title>Load a net text file</title></head>
<body>
<form action="" method="post">
  <span>Enter a url</span>
  <input type="text" name="the_url" style="width:300px;" />
  <input type="submit" name="get_it" value="Get the text!" />
</form>
<?php

if (isset($_POST['get_it']) && isset($_POST['the_url']) && !empty($_POST['the_url'])) {
  $text_in = file_get_contents($_POST['the_url']);
  print "Modified Text = <br>$text_in";
}

// http://www.nytimes.com/robots.txt

?>
</body>
</html>

                Comment

                Previous template Next
                Working...