Security implications of writing files using PHP
I'm currently trying to create a CMS using PHP, purely in the interest of education. I want the administrators to be able to create content, which will be parsed and saved on the server storage in pure HTML form to avoid the overhead that executing PHP script would incur. Unfortunately, I could only think of a few ways of doing so:
- Setting write permission on every directory where the CMS should want to write a file. This sounds like quite a bad idea.
- Setting write permissions on a single
cached
directory. A PHP script could theninclude
orfopen/fread/echo
the content from a file in thecached
directory at request-time. This could perhaps be carried out in a Mediawiki-esque fashion: something likeindex.php?page=xyz
could read and echo content fromcached/xyz.html
at runtime. However, I'll need to ensure the sanity of$_GET['page']
to prevent nasty variations likeindex.php?page=http://www.bad-site.org/malicious-script.js
.
I'm personally not too thrilled by the second idea, but the first one sounds very insecure. Could someone please suggest a good way of getting this done?
EDIT: I'm not in the favour of fetching data from the database. The only time I would want to fetch data from the database would be when the content is cached. Secondly, I do not have access to memcached or any PHP accelera开发者_如何学Ctor.
Since you're building a CMS, you'll have to accept that if the user wants to do evil things to visitors, they very likely can. That's true regardless of where you store your content.
If the public site is all static content, there's nothing wrong with letting the CMS write the files directly. However, you'll want to configure the web server to not execute anything in any directory writable by the CMS.
Even though you don't want to hit the database every time, you can set up a cache to minimize database reads. Zend_Cache works very nicely for this, and can be used quite effectively as a stand-alone component.
You should put your pages in a database and retrieve them using parameterized SQL queries.
I'd go with the second option but modify it so the files are retrieved using mod_rewrite rather than a custom php function.
精彩评论