Module shouldn't use file_get_contents to fetch URLs

[madmatt]

See cross-post issue on silverstripe/fulltextsearch: silverstripe/silverstripe-fulltextsearch#264

This module uses file_get_contents() to post/retrieve data from Solr in some instances. It shouldn't do so, as some servers may have allow_url_fopen disabled in php.ini.

Instead, use of Guzzle (or raw curl) is encouraged for security reasons, mainly to prevent accidental remote code execution/remote file inclusion bugs.

Note that this module explicitly isn't susceptible to RFI vulnerabilities as far as I can tell, but if you're trying to use the module on a hardened server this config value is likely disabled.

edit: Also, renaming the variable from $targetDir would help avoid doubt about whether or not it's a URL. Suggested name: $targetUrl

[madmatt]

See search results: https://github.com/silverstripe/cwp-search/search?q=file_get_contents&unscoped_q=file_get_contents

[sminnee]

Should title be "Module shouldn't use file_get_contents to fetch URLs"?

[madmatt]

Thanks for changing that @brynwhyman!