构建一个“简单的” php url 代理

发布于 2024-08-18 08:38:40 字数 432 浏览 13 评论 0原文

我需要在我正在构建的 Web 应用程序中实现一个简单的 PHP 代理（它基于 Flash，并且目标服务提供商不允许编辑其 crossdomain.xml 文件）

任何 php 专家都可以提供有关以下 2 个选项的建议吗？另外，我认为（但不确定）我还需要包含一些标题信息。

感谢您的任何反馈！

选项1

$url = $_GET['path'];
readfile($path);

选项2

 $content .= file_get_contents($_GET['path']);

 if ($content !== false) 
 {  

      echo($content);
 } 
 else 
 {  
      // there was an error
 }

原文

I need to implement a simple PHP proxy in a web application I am building (Its flash based and the destination service provider doesn't allow edits to their crossdomain.xml file)

Can any php gurus offer advice on the following 2 options? Also, I think, but am not sure, that I need to include some header info as well.

Thanks for any feedback!

option1

$url = $_GET['path'];
readfile($path);

option2

 $content .= file_get_contents($_GET['path']);

 if ($content !== false) 
 {  

      echo($content);
 } 
 else 
 {  
      // there was an error
 }

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

滿滿的愛 2024-08-25 08:38:40

首先，永远不要包含仅基于用户输入的文件。想象一下，如果有人像这样调用您的脚本，会发生什么：

http://example. com/proxy.php?path=/etc/passwd

然后进入问题：你代理什么样的数据？如果有任何类型，那么您需要从内容中检测内容类型，并将其传递，以便接收端知道它正在获取什么。我建议使用类似 HTTP_Request2 或 Pear 类似的东西（参见： http://pear.php.net /package/HTTP_Request2）如果可能的话。如果您有权访问它，那么您可以执行以下操作：

// First validate that the request is to an actual web address
if(!preg_match("#^https?://#", $_GET['path']) {
        header("HTTP/1.1 404 Not found");
        echo "Content not found, bad URL!";
        exit();
}

// Make the request
$req = new HTTP_Request2($_GET['path']);
$response = $req->send();
// Output the content-type header and use the content-type of the original file
header("Content-type: " . $response->getHeader("Content-type"));
// And provide the file body
echo $response->getBody();

请注意，此代码尚未经过测试，这只是为了给您一个起点。

First of all, never ever ever include a file based only on user input. Imagine what would happen if someone would call your script like this:

http://example.com/proxy.php?path=/etc/passwd

Then onto the issue: what kind of data are you proxying? If any kind at all, then you need to detect the content type from the content, and pass it on so the receiving end knows what it's getting. I would suggest using something like HTTP_Request2 or something similar from Pear (see: http://pear.php.net/package/HTTP_Request2) if at all possible. If you have access to it, then you could do something like this:

// First validate that the request is to an actual web address
if(!preg_match("#^https?://#", $_GET['path']) {
        header("HTTP/1.1 404 Not found");
        echo "Content not found, bad URL!";
        exit();
}

// Make the request
$req = new HTTP_Request2($_GET['path']);
$response = $req->send();
// Output the content-type header and use the content-type of the original file
header("Content-type: " . $response->getHeader("Content-type"));
// And provide the file body
echo $response->getBody();

Note that this code hasn't been tested, this is just to give you a starting point.

回复收藏 0 原文

脸赞 2024-08-25 08:38:40

这是使用curl的另一种解决方案
有人可以评论吗？？

$ch = curl_init();
$timeout = 30;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
curl_setopt($ch, CURLOPT_URL, $_REQUEST['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

$response = curl_exec($ch);    
if (curl_errno($ch)) {
    echo curl_error($ch);
} else {
curl_close($ch);
echo $response;
}

Here's another solution using curl
Can anyone comment??

$ch = curl_init();
$timeout = 30;
$userAgent = $_SERVER['HTTP_USER_AGENT'];
curl_setopt($ch, CURLOPT_URL, $_REQUEST['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);

$response = curl_exec($ch);    
if (curl_errno($ch)) {
    echo curl_error($ch);
} else {
curl_close($ch);
echo $response;
}

回复收藏 0 原文

~没有更多了~