Summary of protocols and encapsulation protocols supported by PHP (recommended)

不言
Release: 2023-03-24 19:20:02
Original
2451 people have browsed it

This article mainly introduces you to the relevant information about the protocols and encapsulation protocols supported by PHP. The article introduces it in great detail through sample codes. It has certain reference learning value for everyone to learn or use PHP. Friends who need it can follow Let’s learn together with the editor.

Preface

Today's web program development technology is really a hundred schools of thought contending, ASP.NET, PHP, JSP, Perl, AJAX and so on. No matter how Web technology develops in the future, understanding the basic protocols for communication between Web programs is important because it allows us to understand the inner workings of Web applications.

PHP comes with many built-in URL-style wrapper protocols for file system functions like fopen(), copy(), file_exists(), and filesize(). In addition to these packaging protocols, custom packaging protocols can also be registered through stream_wrapper_register().

Note: The URL syntax used to describe an encapsulated protocol only supports scheme://... syntax. scheme:/ and scheme: syntax are not supported.

php protocol type

  • file:// — Access local file system

  • http:// — Access HTTP(s) URLs

  • ftp:// — Access FTP(s) URLs

  • php:// — Access various input/output streams (I/O streams)

  • zlib:// — Compressed streams

  • data: // — Data (RFC 2397)

  • ##glob:// — Find matching file path pattern

  • phar:// — PHP Archive

  • ssh2:// — Secure Shell 2

  • rar:// — RAR

  • ## ogg:// — Audio streaming
  • expect:// — Handling interactive streaming

PHP.ini

    allow_url_fopen: on By default, this option is turned on to activate the fopen encapsulation protocol in the form of a URL, allowing access to URL object files, etc.
  • allow_url_include: off is turned off by default. If this option is on, it allows the inclusion of URL object files, etc.

file: //Protocolfile:// — Access the local file system, not affected by allow_url_fopen and allow_url_include

Usagefile:// [absolute path and file name of the file]

http://127.0.0.1/code/1.php?file=file:///E:\phpStudy\WWW\code\phpinfo.php
Copy after login

php://protocolphp:// — Access various input/output streams (I/O streams)

There is no need to enable allow_url_fopen, only php://input, php://stdin, php://memory and php://temp need to enable allow_url_include.

php://stdin, php://stdout and php://stderr##php://stdin, php:/ /stdout and php://stderr allow direct access to the corresponding input or output streams of the PHP process.

php://stdin is read-only, php://stdout and php://stderr are write-only.

php://stdin

<?php
 while($line = fopen(&#39;php://stdin&#39;,&#39;r&#39;))
 {//open our file pointer to read from stdin
 echo $line."\n";
 echo fgets($line);//读取
 }
?>
Copy after login

##php: //stdout

<?php
 $fd = fopen(&#39;php://stdout&#39;, &#39;w&#39;);
 if ($fd) {
 echo $fd."\n";
 fwrite($fd, "test");
 fwrite($fd, "\n");
 fclose($fd);
 }
?>
Copy after login

##php://stderr

<?php
 $stderr = fopen( &#39;php://stderr&#39;, &#39;w&#39; );
 echo $stderr."\n";
 fwrite($stderr, "uknow" );
 fclose($stderr);
?>
Copy after login

##php://filter

Most commonly used A pseudo-protocol that can generally be used to read arbitrary files. php://filter is a meta-wrapper designed for filtering applications when a data stream is opened. This is useful for all-in-one file functions like readfile(), file(), and file_get_contents(), where there is no opportunity to apply additional filters before the stream contents are read.

parameter

##resource=This parameter is required. It specifies the data stream you want to filter. read=This parameter is optional. One or more filter names can be set, separated by pipe characters. write=This parameter is optional. One or more filter names can be set, separated by pipe characters. Any filter list not prefixed with read= or write= will be applied to read or write= as appropriate. Write chain.

<?php
	include($_GET[&#39;file&#39;])
?>
Copy after login

http://127.0.0.1/code/1.php?file=php://filter/read=convert.base64-encode/resource=./phpinfo.php
Copy after login

php://input

php://input 可以访问请求的原始数据的只读流, 将post请求中的数据作为PHP代码执行。

  • allow_url_fopen :off/on

  • allow_url_include:on

zip://, bzip2://, zlib://协议

zip://, bzip2://, zlib://协议在双off的情况下也可以正常使用;

zip://, bzip2://, zlib:// 均属于压缩流,可以访问压缩文件中的子文件,更重要的是不需要指定后缀名。

  • allow_url_fopen :off/on

  • allow_url_include:off/on

使用方法

zip://archive.zip#dir/file.txt

zip:// [压缩文件绝对路径]#[压缩文件内的子文件名]

测试

先将要执行的PHP代码写好文件名为phpcode.txt,将phpcode.txt进行zip压缩,压缩文件名为file.zip,如果可以上传zip文件便直接上传,若不能便将file.zip重命名为file.jpg后在上传,其他几种压缩格式也可以这样操作。

由于#在get请求中会将后面的参数忽略所以使用get请求时候应进行url编码为%23,且此处经过测试相对路径是不可行,所以只能用绝对路径。

http://127.0.0.1/code/1.php?file=zip://E:\phpStudy\WWW\code/1.zip%231.txt
Copy after login

data://协议

data://协议必须双在on才能正常使用;

  • allow_url_fopen :on

  • allow_url_include:on

http://127.0.0.1/code/1.php?file=data://text/plain,<?php phpinfo()?>
http://127.0.0.1/code/1.php?file=data://text/plain;base64,PD9waHAgcGhwaW5mbygpPz4=
Copy after login

glob://协议

glob:// — 查找匹配的文件路径模式

<?php
$it = new DirectoryIterator($_GET[&#39;file&#39;]);
foreach($it as $f) {
 printf("%s", $f->getFilename());
	echo&#39;</br>&#39;; 
}
?>
Copy after login

expect://协议

expect:// — 处理交互式的流

该封装协议默认未开启

为了使用 expect:// 封装器,你必须安装 » PECL 上的 » Expect 扩展。

用法

expect://command
Copy after login

附:HTTP协议是无状态的和Connection: keep-alive的区别

无状态是指协议对于事务处理没有记忆能力,服务器不知道客户端是什么状态。从另一方面讲,打开一个服务器上的网页和你之前打开这个服务器上的网页之间没有任何联系

HTTP是一个无状态的面向连接的协议,无状态不代表HTTP不能保持TCP连接,更不能代表HTTP使用的是UDP协议(无连接)

从HTTP/1.1起,默认都开启了Keep-Alive,保持连接特性,简单地说,当一个网页打开完成后,客户端和服务器之间用于传输HTTP数据的TCP连接不会关闭,如果客户端再次访问这个服务器上的网页,会继续使用这一条已经建立的连接

Keep-Alive不会永久保持连接,它有一个保持时间,可以在不同的服务器软件(如Apache)中设定这个时间

总结

Reference

  • PHP

  • php伪协议实现命令执行的七种姿势

The above is the detailed content of Summary of protocols and encapsulation protocols supported by PHP (recommended). For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
NameDescription