PHP - Copy Image From Another URL

Question

Alright I have a simple question that I can't figure out How can I make

$image = file_get_contents('http://www.url.com/image.jpg');
file_put_contents('/images/image.jpg', $image); //Where to save the image on your server

To where I can set the $image variable using a html form where people can submit a link using the $_GET[""] method instead of having to change the link in the php file manually?

@abrad1212, `$image = file_get_contents($_GET['url']);`, but only after you sanitize `$_GET['url']` to avoid problem with people that submit `?url=index.php` or similar — Federkun, Mar 28 '16 at 17:26
If the image is larger it is going to cause memory problems. — Jay Blanchard, Mar 28 '16 at 17:27
Have a look at this: http://stackoverflow.com/questions/724391/saving-image-from-php-url — Andreas, Mar 28 '16 at 17:27
@Federico What do you mean about Sanitize $_GET["url"] can you give me a example or something? — abrad1212, Mar 28 '16 at 17:38
abrad1212, I don't think that you want people to choose `../../../../etc/passwd` as an url. Maybe you want check that the url start always with `http(s)://` — Federkun, Mar 28 '16 at 17:42
@Federico Ok but how would I go about sanitizing this can you give me a link or a example (sorry complete noob right here) -EDIT-is this a good tutorial http://code.tutsplus.com/tutorials/sanitize-and-validate-data-with-php-filters--net-2595 — abrad1212, Mar 28 '16 at 17:46

score 0 · Accepted Answer · answered Mar 28 '16 at 18:12

You've a form like this:

<form>
    URL: <input name="url">
    <input type="submit">
</form>

Then you can retrieve the url submitted with $_GET['url']:

$image = file_get_contents($_GET['url']);
file_put_contents('/images/image.jpg', $image);

Anyhow, you must be careful on Local File Inclusion, because without further checks the users can choose path like /etc/passwd, ../configuration.php, etc, and if /images/image.jpg can be view by the users, they can read file that shouldn't see.

A thing that you may want do is check if the $_GET['url]` is a valid url. You can do that with:

if (!filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
    throw new \InvalidArgumentException('The url is not valid.');
}

but that's not enough since file:///etc/passwd is a valid url. So, instead, just be sure that the url start with http:// or https://.

$isValid = false;
foreach(['http://', 'https://'] as $schema) {
    if (strpos($_GET['url'], $schema) === 0) {
        $isValid = true;
        break;
    }
}

if ($isValid && filter_var($_GET['url'], FILTER_VALIDATE_URL)) {
    $image = file_get_contents($_GET['url']);
    file_put_contents('/images/image.jpg', $image); //Where to save the image on your server
}

score 0 · Answer 2 · answered Mar 28 '16 at 18:37

0

@Federico

Sorry I don't have a lot of time to format the code I'm on my phone uploading everything to my FTP server as I'm traveling So sorry if everything is to cramped

EDIT: I see the ! on the second pic and removed it so don't worry

answered Mar 28 '16 at 18:37

abrad1212

232
2
9

don't submit an answer, just write a comment. have you a question/problem? – Federkun Mar 28 '16 at 19:06
Sorry Im new to this, the sanitizing worked but the image IS NOT SAVING at all, any help is needed – abrad1212 Mar 28 '16 at 19:09
1

`/images/image.jpg` is the absolute path. you may want replace it with `__DIR__ . '/images/image.jpg'` – Federkun Mar 28 '16 at 19:11
Nope still not working ;( Damn this is giving me a damn headache, the URL will be sanitized but it is still not saving the image ;( Take a careful look at my code see if I would have messed anything else other than what you said I fixed!!! – abrad1212 Mar 28 '16 at 19:45
1

you may don't have the write permission in `/images/`. Enable you php error, put `error_reporting(-1); ini_set('display_errors', true);` on top of the file. – Federkun Mar 28 '16 at 19:48
@Federico On the Index.php file? – abrad1212 Mar 28 '16 at 19:50
yup. check if you see an error when you submit the form – Federkun Mar 28 '16 at 19:51
I'm getting this Warning: file_put_contents(C:\Bitnami\wampstack-5.6.18-0\apache2\htdocs\Experimental\SaveImages\External Testing/imgs/): failed to open stream: No such file or directory in C:\Bitnami\wampstack-5.6.18-0\apache2\htdocs\Experimental\SaveImages\External Testing\test.php on line 25 – abrad1212 Mar 28 '16 at 19:55
It's giving me the error here: if ($isValid && filter_var($_GET['URL'], FILTER_VALIDATE_URL)) { $image = file_get_contents($_GET['URL']); file_put_contents(__DIR__.'/imgs/', $image); //Where to save the image on your server } ?> – abrad1212 Mar 28 '16 at 19:56
1

change `file_put_contents(__DIR__.'/imgs/', $image);` to `file_put_contents(__DIR__.'/imgs/somefilename.jpg', $image);` – Federkun Mar 28 '16 at 19:58
@Federico YES THANK YOU.... I don't have enough reputation to upvote your comment soooo crap but THANK YOU – abrad1212 Mar 28 '16 at 20:02
You can test it here http://abrad1212.ddns.net/Experimental/SaveImages/External%20Testing/test.php/ If you want thanks – abrad1212 Mar 28 '16 at 20:05

PHP - Copy Image From Another URL

2 Answers2