Hello everyone, I decided to put Ulogin (authorization widget through social networks). Here, I have a question, is it worth somehow filtering what comes through file_get_contents?

$s = file_get_contents('http://ulogin.ru/token.php?token=' . $_POST['token'] . '&host=' . $_SERVER['HTTP_HOST']); $user = json_decode($s, true);
  • one
    everything that does not come from you should always be filtered, even from banks and government organizations (more precisely, especially from banks, etc.). - zb '
  • one
    And own what is there to filter: $ user ['network'] - social. The network through which the user $ user ['identity'] has logged in is a unique string that identifies a specific user of the social network. networks $ user ['first_name'] - username $ user ['last_name'] - user’s surname. Here comes only identification, and you are already doing everything else. - binliz


1 answer 1

Everything comes with ulogin, but it's better to filter everything!