Hey. Are there any security issues I should worry about when using the readfile method in PHP? I'd like to use the readfile method that takes in the URL of a file stored on various third party servers. I then serve the file to the user. Intuitively, it would seem that there would be a risk as the URL could point to any file. On the other hand, I'm only using the readfile method (after processing some file-independent data) and not sure if this would allow anything malicious to execute on my server. Also, according to the manual, it seems that if I want to use a URL with readfile, I need to enable fopen wrappers. Thanks.

readfile does not execute the code on your server so there is no issue there.

However, some strange folks could use your server to perform web requests in order to get your server into trouble by making unauthorized requests or cause overloading so you'll want to keep that in mind when coding this type of functionality.

according to the manual, it seems that if I want to use a URL with readfile, I need to enable fopen wrappers

Yes, you'll need to make sure that allow_url_fopen is on. if it isn't, you'll have to look into using cURL.

The biggest security risk is the injection of a malformed request to serve up files from your file. I.e., passing relative paths.

Allow_url_fopen is also a security risk if you do not be careful. It can allow requests served through readfile(), include(), etc to interpret PHP code if that's what the request served back.

I think you just need to focus on two things:

1) Do not allow your users to specify which file is read by readfile. (Potential for directory traversal attacks, etc.)

2) Do not allow the users to modify the file that is read by readfile. (Potential for all kinds of mischief!)

Off the top of my head, those strike me as the two most likely attack vectors you'll encounter regarding readfile.