views:

40

answers:

1

I will have an app where I will prompt users for a URL (with proper regex url validation) and return the page with cURL and run some checks on it.

What would be the most secure way of returning a remote webpage securely with cURL? As I understand even cURL has some vulnerabilities, like 'safe mode' Security Bypass (http://www.securityfocus.com/bid/27413).

A: 

SecurityFocus claims this has been fixed in PHP 5.2.6 . If you can't upgrade to that, you need to manually check for that attack vector. Perhaps check in your user input if the url definitely has "http" in front of it, with if (substr($url, 0, 7) == 'http://'))

Furthermore, according to the comments on this php bug report curl gives you the option to disable specific protocls, including local file access, but only when you configure and compile from source. According to the cURL install manual it must be something like this (untested):

./configure --disable-file
Fanis