What's the best way to open a URL feed in codeigniter? I'm assuming I can't put the URL in a file upload input, so should I use a normal text input and then validate that the URL is not malicious? If so, what validation tests should I perform on the user inputted string? Would checking the file extension be enough or can this easily be manipulated?
+2
A:
- Use a
<input type="text" />to let users submit URLs - Check that it is a valid URL using regular expressions (and ignore the extension)
- e.g.
preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url);
- e.g.
- Consider validating the feed with a feed validator (note that many legit feeds may not be "valid")
- Try accessing and parsing it
Dolph
2010-02-17 14:47:36
That's great - thanks. One more thing though... I think my using the word "feed" was misleading because it's actually a google cal ics file that I'm wanting to access, not an rss feed. Once I've checked the URL string against a regex, are there any other ways to validate the file before I open it?
musoNic80
2010-02-17 15:13:50
There's not much you can do without accessing the URL. You could check the MIME type for "text/calendar", but I wouldn't consider that a best practice (or very reliable). I would also look into ICS/iCal validators / parsers (ical4j); perhaps you could port something to PHP, or call it from PHP.
Dolph
2010-02-17 15:42:06