Detailed explanation of file_put_contents function in PHP

This article mainly shares with you the detailed explanation of the file_put_contents function in PHP. I recently encountered a file upload question on EIS and found that filtering < basically made many gestures invalid. I have been thinking about it for a long time and haven’t figured it out yet. I found out after the game that I could use an array to get around this question. The principle is analyzed here. Without further ado, let’s take a look at the detailed introduction.

Let’s take a look at the official website definition of the second parameter data of the file_put_contents function:

data
要写入的数据。类型可以是 string，array 或者是 stream 资源（如上面所说的那样）。
 
如果 data 指定为 stream 资源，这里 stream 中所保存的缓存数据将被写入到指定文件中，这种用法就相似于使用 stream_copy_to_stream() 函数。
 
参数 data 可以是数组（但不能为多维数组），这就相当于 file_put_contents($filename, join('', $array))。

As you can see, the data parameter can be an array, which will be automatically converted into a string by join('',$array)

When this function accesses files, it follows the following rules:

• If FILE_USE_INCLUDE_PATH is set, then the built-in path for a copy of *filename* will be checked

• 
  

• If the file does not exist, a file will be created

• 
  

• open a file

• 
  

• If LOCK_EX is set, the file will be locked

• 
  

• If FILE_APPEND is set, moves to the end of the file. Otherwise, the contents of the file will be cleared

• 
  

• Write data to the file

• 
  

• Close files and unlock all files

• 
  

• If successful, the function returns the number of characters written to the file. On failure, False is returned.

But our string filtering function generally uses the preg_match function to filter, such as:

if(preg_match(&#39;/\</&#39;,$data)){
 die(&#39;hack&#39;);
}

We know that many functions that process strings will return NULL if an array is passed in, such as strcmp, strlen, md5, etc. But the preg_match function returns false if an error occurs. Here we can pass var_dump(preg_match('/

Therefore, I guess the file upload code is written like this

<?php 
 
if(isset($_POST[&#39;content&#39;]) && isset($_POST[&#39;ext&#39;])){
 $data = $_POST[&#39;content&#39;];
 $ext = $_POST[&#39;ext&#39;];
 
 //var_dump(preg_match(&#39;/\</&#39;,$data));
 if(preg_match(&#39;/\</&#39;,$data)){
  die(&#39;hack&#39;);
 }
 $filename = time();
 file_put_contents($filename.$ext, $data);
}
 
?></p>
<p>
So we can pass in content[]=<?php phpinfo();?>&ext=php to bypass</p>
<p>
Repair method<br></p>
<p>
The fix is ​​to use the fwrite function instead of the dangerous file_put_contents function. The fwrite function can only pass in strings. If it is an array, it will error and return false</p><pre class="brush:php;toolbar:false"><?php 
 
if(isset($_POST[&#39;content&#39;]) && isset($_POST[&#39;ext&#39;])){
 $data = $_POST[&#39;content&#39;];
 $ext = $_POST[&#39;ext&#39;];
 
 //var_dump(preg_match(&#39;/\</&#39;,$data));
 if(preg_match(&#39;/\</&#39;,$data)){
  die(&#39;hack&#39;);
 }
 $filename = time();
 // file_put_contents($filename.$ext, $data);
 $f = fopen($filename.$ext);
 var_dump(fwrite($f,$data));
}
 
?>

Related recommendations:

Recommended 10 articles about php file_put_contents() function

How to implement file_put_contents appending and line wrapping in php?

The difference between fwrite and file_put_contents in PHP

The above is the detailed content of Detailed explanation of file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!