Detailed explanation of filter protocol in PHP

This article mainly shares with you the detailed explanation of the filter protocol in PHP, hoping to help everyone.

php:// — 访问各个输入/输出流（I/O streams）php://input 是个可以访问请求的原始数据的只读流。
php://filter 是一种设计用来允许过滤器程序在打开时成为流的封装协议。这对于单独具有完整功能的文件函数非常有用，否则就没有机会在读取内容之前将过滤器应用于流之上。
该协议语法为：php://filter:/<action>=<name>
比如 php://filter:/resource=http://www.baidu.com

Use php://filter to obtain web page content:

<?php$url = &#39;http://www.phpfamily.cn&#39;;$data = file_get_contents(&#39;php://filter/resource=&#39; . $url);
echo $data;  //输出结果我http://www.phpfamily.cn页面的内容

Parameter list of php://filter

##ParameterFunctionreadReadwriteWriteresourceData source##read parameter value can be

string.strip_tags: Clear all html tags in the data stream

string.toupper: Convert the content in the data stream to uppercase

string.tolower: Convert the content in the data stream to lowercase
convert. base64-encode: Convert the content in the data stream to base64 encoding convert.base64-decode: The corresponding decoding
above is a typical file inclusion vulnerability. We can view the code we want to see by constructing a statement containing the vulnerability: file=php://filter/convert.base64-encode/resource=index.php. Then decode the resulting base64 code.

The above is the detailed content of Detailed explanation of filter protocol in PHP. For more information, please follow other related articles on the PHP Chinese website!