09-07-2011, 10:05 PM
on a internal system, it would be a company inhouse tool so not for the public masses but def an inhouse only tool for management so will only be used by those that have an interest in protecting their own data, they wont sabotage their own stuff im sure lol..
is there any reason to sanitize file_get_contents, and if so how to do it? Cant use real escape as it totally distorts the file view. It will also be viewed to the screen as well as stored.
mostly php and html files and some text docs
I read the docs on file_get_contents and didnt see anywhere they sanitized it, so im going to play around with this a bit and check the view results but i wanted to see what you all thought here as well.
09-08-2011, 04:10 AM
Best to make your code secure even if this is for an in-house tool.
Can you clarify what you would sanitize? The file path? The output?
09-08-2011, 03:08 PM
hi thanks, it is the actual file content, it is a file revision tool and so the actual contents of the php file will be displayed on the screen as well as saved in the db under revision keys, and also able to use a diff tool on it.
And that is the issue, with it being the actual file being displayed it really gets funky using the escape, (or specialchars or strip_tags which i didnt plan on using, just testing the output) . I even tried addslashes because of my global settings and its still funky lol
without any sanitation at all its perfect, right from the db to to the screen. But it would be nice to sanitize it somehow, its just prob not gonna happen ya know.
09-08-2011, 03:38 PM
You only really need to sanitize it for insertion into the DB not for displaying on screen.
09-08-2011, 03:58 PM
Thanks for the input tango, i hope you have a great day bud. :thumbsup:
09-08-2011, 04:13 PM
09-09-2011, 07:10 PM