1

I need to implement a simple PHP proxy in a web application I am building (Its flash based and the destination service provider doesn't allow edits to their crossdomain.xml file)

Can any php gurus offer advice on the following 2 options? Also, I think, but am not sure, that I need to include some header info as well.

Thanks for any feedback!

option1

$url = $_GET['path'];
readfile($path);

option2

 $content .= file_get_contents($_GET['path']);

 if ($content !== false) 
 {  

      echo($content);
 } 
 else 
 {  
      // there was an error
 }
4

2 回答 2

5

首先,永远不要包含仅基于用户输入的文件。想象一下如果有人这样调用你的脚本会发生什么:

http://example.com/proxy.php?path=/etc/passwd

那么问题来了:你代理的是什么类型的数据?如果有任何类型,那么您需要从内容中检测内容类型,并将其传递给接收端,以便接收端知道它得到了什么。如果可能的话,我建议使用 HTTP_Request2 之类的东西或 Pear 中的类似东西(参见:http ://pear.php.net/package/HTTP_Request2 )。如果您可以访问它,那么您可以执行以下操作:

// First validate that the request is to an actual web address
if(!preg_match("#^https?://#", $_GET['path']) {
        header("HTTP/1.1 404 Not found");
        echo "Content not found, bad URL!";
        exit();
}

// Make the request
$req = new HTTP_Request2($_GET['path']);
$response = $req->send();
// Output the content-type header and use the content-type of the original file
header("Content-type: " . $response->getHeader("Content-type"));
// And provide the file body
echo $response->getBody();

请注意,此代码尚未经过测试,这只是为您提供一个起点。

于 2010-01-20T20:14:18.043 回答
0

这是使用 curl 的另一种解决方案有人可以评论吗?

$ch = curl_init();
$timeout = 30;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
curl_setopt($ch, CURLOPT_URL, $_REQUEST['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

$response = curl_exec($ch);    
if (curl_errno($ch)) {
    echo curl_error($ch);
} else {
curl_close($ch);
echo $response;
}
于 2010-01-21T20:06:03.577 回答