In my application I am loading product info from a supplier:
$start_url = "http://www.example.com/product/product_code";
These URLs are usually redirected by the supplier's website, and I have written a function that successfully finds the destination URL, like so:
$end_url = destination( $start_url );
echo "<a href=\"$start_url\">start url</a>"; // link get redirected to correct page
echo "<a href=\"$end_url\">end url</a>"; // links straight to correct page, no redirection
However, if I want to get the HTML from the page...
echo file_get_contents( $start_url ); // 404
echo file_get_contents( $end_url ); // 404
...I just get the supplier's 404 page (not a generic one but their custom one).
I have allow_url_fopen enabled; file_get_contents( "http://www.example.com/" ) works fine.
I can use either URL to load the expected content in an iframe client-side, but XSS security prevents me extracting the data I need.
The only thing I can think of is if the site is using an URL rewriter, could this mess things up?
The PHP is running on my local machine, so it should appear no different from me looking at the website via a browser as far as I'm aware.
