php header content-type image/jpeg security question

Hi I was wondering if the following would pose any threats ? The url is take from the browser checks if its a picture and output it otherwise display "image does not exist". I haven't done the if statement yet. But should i put anymore header(); settings before outputting or any other suggestions that could make i开发者_C百科t a bit more secure if I have missed any.

header('content-type: image/jpeg');
$file = urlencode('http://domain.com/images/file.jpg');
ob_start();
require_once($file);
$out = ob_get_contents();
ob_end_flush();
echo $out;

Yes it's a huge security risk, as you're asking PHP to interprete a remote file. If a user may pass any URI to your script, he'll be able to make control of your server with ease.

You should use the cURL functions or a simple file_get_contents (or fopen) call, if the URL wrappers are available on your installation.

You definitely shouldn't be using require_once for that.

Use readfile().

header('content-type: image/jpeg');
$file = urlencode('http://domain.com/images/file.jpg');
readfile($file);
exit();