Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m not moving the tmp file to a ‘live’ (web-accessible) directory at all, simply doing a file_get_contents on the tmp file and running a few regexes against it (the code is never executed/run).
Could this be dangerous or pose any risks?
Since you’re not executing it, the file is nothing more than a plain text file. Check the file size and type as you would with any other data file and you should be safe.
If you later decide to make it web accessible (for whatever reason), make sure you set permissions on it (in a Linux environment) or change the file extension (under Windows) so that it cannot be executed.