PHP input/output streams

  • php://stdin
  • php://stdout
  • php://stderr
  • php://output
  • php://input
  • php://filter (available since PHP 5.0.0)
  • php://memory (available since PHP 5.1.0)
  • php://temp (available since PHP 5.1.0)

php://stdin, php://stdout and php://stderr allow access to the corresponding input or output stream of the PHP process. The stream references a duplicate file descriptor, so if you open php://stdin and later close it, you close only your copy of the descriptor--the actual stream referenced by STDIN is unaffected. Note that PHP exhibited buggy behavior in this regard until PHP 5.2.1. It is recommended that you simply use the constants STDIN, STDOUT and STDERR instead of manually opening streams using these wrappers.

php://output allows you to write to the output buffer mechanism in the same way as print() and echo().

php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype="multipart/form-data".

php://stdin and php://input are read-only, whereas php://stdout, php://stderr and php://output are write-only.

php://filter is a kind of meta-wrapper designed to permit the application of filters to a stream at the time of opening. This is useful with all-in-one file functions such as readfile(), file(), and file_get_contents() where there is otherwise no opportunity to apply a filter to the stream prior the contents being read.

The php://filter target takes the following 'parameters' as parts of its 'path'.

  • /resource=<stream to be filtered> (required) This parameter must be located at the end of your php://filter specification and should point to the stream which you want filtered.

    <?php
    /* This is equivalent to simply:
       readfile("http://www.example.com");
       since no filters are actually specified */

    readfile("php://filter/resource=http://www.example.com");
    ?>

  • /read=<filter list to apply to read chain> (optional) This parameter takes one or more filternames separated by the pipe character |.

    <?php
    /* This will output the contents of
       www.example.com entirely in uppercase */
    readfile("php://filter/read=string.toupper/resource=http://www.example.com");

    /* This will do the same as above
       but will also ROT13 encode it */
    readfile("php://filter/read=string.toupper|string.rot13/resource=http://www.example.com");
    ?>

  • /write=<filter list to apply to write chain> (optional) This parameter takes one or more filternames separated by the pipe character |.

    <?php
    /* This will filter the string "Hello World"
       through the rot13 filter, then write to
       example.txt in the current directory */
    file_put_contents("php://filter/write=string.rot13/resource=example.txt","Hello World");
    ?>

  • /<filter list to apply to both chains> (optional) Any filter lists which are not prefixed specifically by read= or write= will be applied to both the read and write chains (as appropriate).

The php://memory wrapper stores the data in the memory. php://temp behaves similarly, but uses a temporary file for storing the data when a certain memory limit is reached (the default is 2 MB).

The php://temp wrapper takes the following 'parameters' as parts of its 'path':

  • /maxmemory:<number of bytes> (optional). This parameter allows changing the default value for the memory limit (when the data is moved to a temporary file).

    <?php
    $fiveMBs 
    1024 1024;
    $fp fopen("php://temp/maxmemory:$fiveMBs"'r+');

    fputs($fp"hello\n");

    // read what we have written
    rewind($fp);
    echo 
    stream_get_contents($fp);
    ?>

Wrapper Summary (For php://filter, refer to summary of wrapper being filtered.)
Attribute Supported
Restricted by allow_url_fopen No
Restricted by allow_url_include php://input, php://stdin, php://memory and php://temp only.
Allows Reading php://stdin, php://input, php://memory and php://temp only.
Allows Writing php://stdout, php://stderr, php://output, php://memory and php://temp only.
Allows Appending php://stdout, php://stderr, php://output, php://memory and php://temp only. (Equivalent to writing)
Allows Simultaneous Reading and Writing php://memory and php://temp only.
Supports stat() php://memory and php://temp only.
Supports unlink() No
Supports rename() No
Supports mkdir() No
Supports rmdir() No

Коментарии

404 Not Found

404 Not Found


nginx

    Поддержать сайт на родительском проекте КГБ