Reading source code and extracting json from a url
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token
, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test
i have a query string called token
that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token']
in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET is empty then $.. is = NULL, else $.. is = $_GET
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php
$endgroup$
add a comment |
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token
, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test
i have a query string called token
that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token']
in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET is empty then $.. is = NULL, else $.. is = $_GET
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php
$endgroup$
add a comment |
$begingroup$
I made a code to read the source code from a url, to reach this url i need to specify a token
, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test
i have a query string called token
that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token']
in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET is empty then $.. is = NULL, else $.. is = $_GET
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php
$endgroup$
I made a code to read the source code from a url, to reach this url i need to specify a token
, after read the source code i extract a url in json format, and i redirect my domain to this url. It's not relevant to what i'm asking, but want explain what i'm doing...
As you can see, on my domain http://localhost/test
i have a query string called token
that is used to read the souce code of a different domain, after this i redirect to a page.
I defined the domain which i will read the source code but i don't know if someone could pass a value to the $_GET['token']
in a way that this will go to a different domain, i'm reading the source code from a url and using the result on my website, so i don't know if someone could do some kind of attack to my server. I'm not sure how these kind of attacks works, and i felt that i should ask someone that has more knowledge than I.
What do you think about my code?
php:
//i use this condition to make sure that nobody can access the url directly,
//and later make sure that the request is from my domain
if(!empty($_SERVER['HTTP_REFERER'])){
//if $_GET is empty then $.. is = NULL, else $.. is = $_GET
$source = (empty($_GET['source']) ? NULL : $_GET['source']);
$token = (empty($_GET['token']) ? NULL : $_GET['token']);
if(!empty($source) && !empty($token)){
if($source == 'player'){
//check if the request is from the same domain
if(preg_match('/^http://localhost/test/', $_SERVER['HTTP_REFERER'])){
//inside this if() i read the source
//code from this url bellow
$urlPost = 'https://www.player.com/?token='.$token;
$url = file_get_contents($urlPost);
preg_match('/CONFIG = (.*)/', $url, $matches);
$jsn = json_decode($matches[1]);
$streams = $jsn->streams;
foreach($streams as $i){
//this variable will be used to redirect the src
//iframe to a url that contains a video
$vdUrl = $i->url;
}
//redirect to the url that i got from the source code
die(header('location:'.$vdUrl));
}else{
//if the request is not from the same domain then
//redirect to 404 Not Found
die(header('HTTP/1.1 404 Not Found'));
}
}else{
die(header('HTTP/1.1 404 Not Found'));
}
}
}
html:
<iframe src="http://localhost/test/?source=player&token=145215d1ww"></iframe>
php
php
asked 7 mins ago
111111111111111111111111
205
205
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f213936%2freading-source-code-and-extracting-json-from-a-url%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f213936%2freading-source-code-and-extracting-json-from-a-url%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown