here is the situation. I'm building a small site and no file is confidential in it. In many pages, I needed to isolate and print an image for the user. So, I made a small script this way:
<?php
echo '<img src="'. $_GET['src'] .'" />';
?>
And I like the image source in the URL so it's easy for me to reuse. I am wondering if somebody could try to access other file in the server (for example mysite.com?src=../../SECRET_FILE.txt). I tried to break it myself and couldn't do anything dangerous with this but I'm wondering if it has any flaw? (In the perspective that no image is secret in this website, they are all public and it wouldn't bother me at all if they would find any of these)
Note that the code is not saved in anyway, here is the full script of this page (really just used to save time for user that wants to print an image on the website)
<?php
echo '<img src="'. $_GET['src'] .'" />';
?>
<script>
window.print();
</script>
