CODEWITHSUNDEEP
phpiframe
user906379
user906379

Reputation: 107

php won't work for some reason

Well, I'm trying to get an iframe from a URL of this sort: http://mydomain.com/frame.php?q=http://someotherdomain.com

For some reason I am getting a server error with this code and cannot figure out why. Does anyone see something wrong?

Thanks!

<?php

$q = $_GET('q');

function getTitle($Url){
        $str = file_get_contents($Url);
        if(strlen($str)>0){
                preg_match("/\<title\>(.*)\<\/title\>/",$str,$title);
                return $title[1];
        }
};

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo getTitle($q) ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>

<?php echo "<iframe src='".$q."' style='width:100%;height:100%;border:0;'></iframe>" ?>

</body>
</html>

Upvotes: 0

Views: 145

Answers (3)

chevy372
chevy372

Reputation: 11

Try this:

<?php

$URL = parse_url($_SERVER['REQUEST_URI'];

/* make sure the title is the first parameter and only param passed, otherwise include a ltrim to get rid of everything starting with & */
$q = rtrim('=', $URL['query']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php=$q?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body style="margin: 0;">

<?php='<iframe src="' . $whateverURL . '" style="width: 100%; height: 100%; border: 0px;" />'?>

</body>
</html>

Upvotes: 1

sberry
sberry

Reputation: 132018

Well, for starters, this

$q = $_GET('q');

should be

$q = $_GET['q'];

PLEASE NOTE
This method you are using is highly insecure. Consider a malicious person making the following request.

http://mydomain.com/frame.php?q=..%2F..%2F..%2F..%2Fetc%2Fapache2%2Fhttpd.conf

By providing different values of q, the attacker can potentially read any file readable by the webserver's user.

Upvotes: 3

Germ&#225;n Rodr&#237;guez
Germ&#225;n Rodr&#237;guez

Reputation: 4288

take a look at your apache log error it is usually at:

tail -f /var/log/apache2/error.log

Upvotes: 0

Related Questions