构建一个“简单"的 php url 代理 [英] building a 'simple' php url proxy

问题描述

我需要在我正在构建的 Web 应用程序中实现一个简单的 PHP 代理(它基于 Flash 并且目标服务提供商不允许编辑他们的 crossdomain.xml 文件)

I need to implement a simple PHP proxy in a web application I am building (Its flash based and the destination service provider doesn't allow edits to their crossdomain.xml file)

任何 php 专家都可以就以下 2 个选项提供建议吗?此外，我认为，但我不确定，我还需要包含一些标题信息.

Can any php gurus offer advice on the following 2 options? Also, I think, but am not sure, that I need to include some header info as well.

感谢您的任何反馈！

选项 1

$url = $_GET['path'];
readfile($path);

选项 2

 $content .= file_get_contents($_GET['path']);

 if ($content !== false) 
 {  

      echo($content);
 } 
 else 
 {  
      // there was an error
 }

推荐答案

首先，永远不要包含仅基于用户输入的文件.想象一下，如果有人像这样调用您的脚本会发生什么:

First of all, never ever ever include a file based only on user input. Imagine what would happen if someone would call your script like this:

http://example.com/proxy.php?path=/etc/passwd

那么问题来了:你代理什么样的数据?如果有任何类型，那么您需要从内容中检测内容类型，并将其传递，以便接收端知道它得到了什么.我建议使用类似 HTTP_Request2 或类似 Pear 的东西(请参阅:http://pear.php.net/package/HTTP_Request2) 如果可能的话.如果您有权访问它，那么您可以执行以下操作:

Then onto the issue: what kind of data are you proxying? If any kind at all, then you need to detect the content type from the content, and pass it on so the receiving end knows what it's getting. I would suggest using something like HTTP_Request2 or something similar from Pear (see: http://pear.php.net/package/HTTP_Request2) if at all possible. If you have access to it, then you could do something like this:

// First validate that the request is to an actual web address
if(!preg_match("#^https?://#", $_GET['path']) {
        header("HTTP/1.1 404 Not found");
        echo "Content not found, bad URL!";
        exit();
}

// Make the request
$req = new HTTP_Request2($_GET['path']);
$response = $req->send();
// Output the content-type header and use the content-type of the original file
header("Content-type: " . $response->getHeader("Content-type"));
// And provide the file body
echo $response->getBody();

请注意，此代码尚未经过测试，这只是给您一个起点.

Note that this code hasn't been tested, this is just to give you a starting point.

这篇关于构建一个“简单"的 php url 代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！