We help IT Professionals succeed at work.

Create PDF from JSON File - Security Issue

F Grace
F Grace asked
on
169 Views
Last Modified: 2017-04-14
Hi

I have completed a php form when once submitted it writes a json file to the "files/" folder, and the user can create a PDF file by clicking on the link (see code below)
I am concerned about security as the JSON files saved in the "files/" folder will contain sensitive information on the server.

Can anyone advise the best practice to manage/improve this situation?
Hope this makes sense :)

 <!-- Print Receipt to PDF, Write Form Values to JSON file and Create PDf on the Fly when link is clicked -->
<?php
$arr = ['pfn' => $pfirstname, 'pln' => $plastname, 'pa1' => $paddress1, 'pa2' => $paddress2, 'ptv' => $ptownvillage, 'pec' => $postcode, 'amo' => $amount];
$temp_name = uniqid(rand(), true) . '.json';
file_put_contents('/var/www/MyWebsite/files/' . $temp_name, json_encode($arr));        
?>        
<?php echo '<a href="https://mywebsite/pdf.php?q=files/' . $temp_name . '" target="_blank">Download PDF</a>'; ?>

Open in new window

Comment
Watch Question

CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Most Valuable Expert 2011
Author of the Year 2014
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Most Valuable Expert 2011
Author of the Year 2014

Commented:
stale question