It supports the Google AMP page.
Write style amp-custom directly to the header
Automatically generating css files from the sass file
Write in gulp or in php file_get_contents
Load or use wordpress wp_remote_get to
I can't decide whether to load it or not.
File_get_contents May Cause Security Vulnerabilities
I've seen an article that says
How do I use it securely?
I found something unclear while looking into it.
1. A book contained a sample file_get_contents securely.
$clean=array();
$html = array();
/* Filter input ($_GET['filename']) */
$contents=file_get_contents($clean['filename']);
/* Filter input ($contents) */
$html['contents'] = htmlentities($clean['contents'], ENT_QUOTES, 'UTF-8');
echo$html ['contents'];
I didn't understand the meaning of the comment out section above.
In line 4, $contents=file_get_contents($clean['filename']); is
What was originally $contents=file_get_contents($_GET['filename']);
Why did you change it to secure via array()
Will it be secure if I read it?
Or
Write here the action to filter the input($_GET['filename'])
Is it a meaningful comment out?
The comment out in line 5 didn't make sense.
2. This time
the administrator generated the file on the same server (same domain) by himself
I have to load it, but even in these situations
File_get_contents, wp_remote_get running on the server
Are there any possible risks?
3. I would like to visit if there are people who touch various servers.
Some servers may not be able to use file_get_contents, but
If you compare file_get_contents to unavailable or usable, which one is more common?
I have summarized the above situation.
gGulp Benefits 】
·There is almost no need to worry about security risks.
·The program does not work on the server, so the server load can be reduced slightly.
[Gulp Disadvantages]
·Gulp tasks must be built (copied) for each site.
pphp Benefits br
·Source management is easy.
[Php Disadvantages]
·You must write the source for security considerations
·The server is a little bit of a burden.
This site is a small corporate site
Server relocation may occur, so
I'm thinking about using gulp, but
What kind of judgment would you make?
If you have a similar experience,
I would definitely like to use it as a reference.
If the vulnerability in the php file_get_contents() in question is a directory traversal, you do not need to consider security if you write actions without using an externally specified filename.
I think it would be better to read file_get_contents or use require based on wordpress slug etc.
My question is
1. I think $clean is a cytization process.If you want to site it, you can use html specialchars()
2.Externally specified filenames ($_GET, filename from $_PUT) may be given an unintended path. (There may be a vulnerability in the wordpress plug-in used lightly.)
3. I think file_get_contents can be used on almost any server.However, there are occasional servers (you cannot change the php option) that restrict the reading of files over HTTP.
© 2024 OneMinuteCode. All rights reserved.