PHP detailed analysis of phar
This article brings you relevant knowledge about PHP, which mainly introduces the relevant content about phar. The full name of phar is PHP Archive. The phar extension provides a way to integrate the entire PHP application. Let’s take a look at the method of putting it into a phar file to facilitate moving and installation. I hope it will be helpful to everyone.
Recommended study: "PHP Video Tutorial"
1 What is a phar file
Jar (Java Archive) file, an application, including all executable and accessible files, are packaged into a JAR file, making the deployment process very simple.
Similar to JAR. The full name of phar is PHP Archive. The phar extension provides a way to put the entire PHP application into a .phar file to facilitate movement and installation. The biggest feature of phar files is a convenient way to combine several files into one file. .phar files provide a way to distribute a complete PHP program in a single file and run it from that file.
Unlike JAR, Phar can be processed by PHP itself, so there is no need to use additional tools to create or use it. It can be created or extracted using a PHP script.
.
2 Creation of phar
1 Modify the php.ini configuration file
The default status of the PHAR file is read-only , using Phar files does not require any configuration. Deployment is very easy. Because we now need to create our own Phar file, we need to allow writing to the Phar file. This needs to be modified php.ini
In my php.ini file, phar.readonly = On.
[Phar] ; http://php.net/phar.readonly ;phar.readonly = On
First, modify the phar.readonly option in php.ini, remove the preceding semicolon, and change the value to off. Due to security reasons, this option defaults to on. If it is disabled in php.ini (The value is 0 or off), then it can be turned on or off in the user script. If it is turned on in php.ini, the user script cannot be turned off, so it is set to off here to show the example.
Now, we can package the PHP application into a Phar file.
2 Create our own PHP file project
Here I copied directly from other people’s blog projects and did not demonstrate because my original intention of organizing this blog was To understand the phar:// vulnerability, use ctf. Therefore, the file names will not be modified according to the original author's. Reference articles will be added at the end.
First of all, I need to create the directory structure of the application according to a rule. The root directory is project, and the directory under project is as follows:
file -yunek.js -yunke.css lib -lib_a.php template -msg.html index.php Lib.php
There are two file folders JS and CSS files with empty content, only the demonstration phar can contain multiple file formats
lib_a.php content is as follows:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:23
*/
function show(){
echo "l am show()";
}msg.html content is as follows:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>phar</title> </head> <body> <?=$str; ?> </body> </html>
The content of index.php is as follows:
<?php /** * Created by yunke. * User: yunke * Date: 2017/2/10 * Time: 9:17 */ require "lib/lib_a.php"; show(); $str = isset($_GET["str"]) ? $_GET["str"] : "hello world"; include "template/msg.html";
Lib.php content is as follows:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:20
*/
function yunke()
{
echo "l am yunke()";
}3 Create phar file
The project file is ready, now it is in the same directory as the project folder Create a yunkeBuild.php to generate a phar format file with the following content:
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/10
* Time: 9:36
*/
//产生一个yunke.phar文件
$phar = new Phar('yunke.phar', 0, 'yunke.phar');
// 添加project里面的所有文件到yunke.phar归档文件
$phar->buildFromDirectory(dirname(__FILE__) . '/project');
//设置执行时的入口文件,第一个用于命令行,第二个用于浏览器访问,这里都设置为index.php
$phar->setDefaultStub('index.php', 'index.php');Then access the yunkeBuild.php file in the browser and a yunke.phar file will be generated. At this time, the server root directory structure is as follows :
project
yunkeBuild.php
yunke.phar
This is the simplest process to generate a phar archive file.
Here I will make some other additions to facilitate better understanding:
1) The phar file is generated by accessing yunkeBuild.php, which is quite for execution. Therefore, you can execute the following code in the terminal to generate
aabouzekry@platinum:~/myapp$ php yunkeBuild.php
and then the yunke.phar file is generated.
2)new phar() generates phar object. Let’s interpret the parameters.
<?php
$phar = new Phar("/yunke.phar",
FilesystemIterator::CURRENT_AS_FILEINFO |
FilesystemIterator::KEY_AS_FILENAME, "yunke.phar");Explanation:
The creation of a new Phar object usually requires three parameters.
The first parameter is the path to the Phar file. Not only can you create Phar files through it, but you can also operate on existing Phar files.
The second parameter is to set how the Phar object handles files. Phar The object inherits the PHP RecursiveDirectoryIterator object, and this parameter is passed directly to the parent class. The value provided here is the default value of RecursiveDirectoryIterator, which can meet the current requirements.
The third parameter is the alias of the Phar file. This alias must be used when referencing this Phar file internally.
Usually just pass in the file name. That is the third parameter.
3) Add files to phar. There are several ways to add files:
- 手动添加已有文件
调用类方法Phar::addFile($filepath,$localpath=?)添加文件,参数是文件绝对路径和(可选)存储到phar的相对路径
<?php
$phar = new Phar('yunke.phar');
$phar->addFile('test.php');
include('phar://yunke.phar/test.php') // in test.php
?>这里出现的phar://就是访问phar文件的一种方法,所以不需要太在意。
以字符串添加文件内容
调用类方法Phar::addFromString($localpath,$contents)以字符串形式添加文件
<?php
$phar = new Phar('yunke.phar');
$phar->addFromString('test.php','<?php echo \'in test.php\'?>');
include('phar://yunke.phar/test.php'); // in test.php
?>- 添加空目录
调用类方法Phar::addEmptyDir($dirname)添加空目录,使用方法Phar::getContent()获取文件结构
<?php
$phar = new Phar('yunke.phar');
$phar->addEmptyDir('test'); // yunke.phar/test/
?>- 手动选择添加已有目录
调用类方法Phar::buildFromDirectory($dir,$pattern = "")添加整个目录
<?php
$phar = new Phar('yunke.phar');
$phar->buildFromDirectory('test'); // test.php in test/
include('phar://yunke.phar/test/test.php'); // in test/test.php
?>4) 存根文件Stub,理解这个很重要。
归档文件中有一个存根文件stub,其实就是一段php执行代码,在制作归档时可以设置,直接执行归档文件时,其实就是执行它,所以它是启动文件;在脚本中包含归档文件时就像包含普通php文件一样包含它并运行,但直接以phar://的方式包含归档中某一个文件时不会执行存根代码, 往往在存根文件里面require包含要运行的其他文件,对存根文件的限制仅为以__HALT_COMPILER(); 结束,默认的存根设计是为在没有phar扩展时能够运行,它提取phar文件内容到一个临时目录再执行,不过从php5.3开始该扩展默认内置启用了。
stub是phar文件的文件头,格式为...<?php ...;__HALT_COMPILER();?>,…可以是任意字符,包括留空,且php闭合符与最后一个分号之间不能有多于一个的空格符。另外php闭合符也可省略。最短省略闭合符的stub是__HALT_COMPILER();?></p>
<p>运行Phar文件时,stub文件被当做一个meta文件来初始化Phar, 并告诉Phar文件在被调用时该做什么。</p>
<p>在我们的例子中,使用的是 <code>createDefaultStub() 方法。
其他的方式如下:
方法一:调用类方法Phar::setStub($string)为实例创建自定义stub
<?php
$phar = new Phar('yunke.phar');
$phar->setStub('<?php echo \'in stub!\';__HALT_COMPILER();?>');
include('phar://yunke.phar'); // in stub!
?>也可以
$phar->setStub($phar->createDefaultStub("index.php"));生成的缺省stub文件包含如下的代码:
<?php Phar::mapPhar(); include "phar://yunke.phar/index.php"; __HALT_COMPILER();
createDefaultStub() 方法缺省创建的stub文件的内容很简单。 Phar::mapPhar() 用来分析Phar文件的元数据,并初始化它。stub文件的结尾处需要调用 __HALT_COMPILER() 方法,这个方法后不能留空格。__HALT_COMPILER() 会立即终止PHP的运行,防止include的文件在此方法后仍然执行。这是Phar必须的,没有它Phar将不能正常运行。
除此之外,我们还可以创建自己的stub文件来执行自定义的初始化过程,像这样加载自定义文件
<?php
$phar->setStub(file_get_contents("stub.php"));方法二:使用默认stub,调用类方法Phar::setDefaultStub()为实例设置默认stub,使用方法Phar::getStub()获取实例的stub
<?php
$phar = new Phar('yunke.phar');
$phar->setDefaultStub();
print_r($phar->getStub()); // 2, 'c' => 'text/plain', 'cc' => 'text/plain', ...
?>如果缺省创建stub,PHP会使用默认stub
<?php $phar = new Phar('yunke.phar'); $phar['demo.txt'] = 'demo'; print_r($phar->getStub()); // 2, 'c' => 'text/plain', 'cc' => 'text/plain', ... ?>
4 phar文件的运行
我们在服务器根目录建立一个index.php文件来演示如何使用上面创建的phar文件,内容如下:
<?php /** * Created by yunke. * User: yunke * Date: 2017/2/8 * Time: 9:33 */ require "yunke.phar"; require "phar://yunke.phar/Lib.php"; yunke();
如果index.php文件中只有第一行,那么和不使用归档文件时,添加如下代码完全相同:
require "project/index.php";
如果没有第二行,那么第三行的yunke()将提示未定义,所以可见require一个phar文件时并不是导入了里面所有的文件,而只是导入了入口执行文件而已,但在实际项目中往往在这个入口文件里导入其他需要使用的文件,在本例中入口执行文件为project/index.php。
补充:
可以为归档设置别名,别名保存在归档文件中永久保存,它可以用一个简短的名字引用归档,而不管归档文件在文件系统中存储在那里,设置别名:
$phar = new Phar('lib/yunke.phar', 0); $phar->setAlias ( "yun.phar");
设置别名后可以如下使用:
<?php require "lib/yunke.phar"; require "phar://yun.phar/Lib.php"; //使用别名访问归档文件 require "phar://lib/yunke.phar/Lib.php"; //当然仍然可以使用这样的方式去引用
如果在制作phar文件时没有指定别名,也可以在存根文件里面使用Phar::mapPhar('yunke.phar');指定。
5 phar文件的提取还原
我们有时候会好奇phar里面包含的文件源码,这个时候就需要将phar文件还原,如果只是看一看的话可以使用一些ide工具,比如phpstorm 10就能直接打开它,如果需要修改那么就需要提取操作了,为了演示,我们下载一个composer.phar放在服务器目录,在根目录建立一个get.php文件,内容如下
<?php
/**
* Created by yunke.
* User: yunke
* Date: 2017/2/9
* Time: 19:02
*/
$phar = new Phar('composer.phar');
$phar->extractTo('composer'); //提取一份原项目文件
$phar->convertToData(Phar::ZIP); //另外再提取一份,和上行二选一即可用浏览器访问这个文件,即可提取出来,以上列子展示了两种提取方式:
The second line will create a composer directory and put the extracted content into it;
The third line will generate a composer.zip file, which can be extracted and restored by decompressing it.
As for the server verification bypass caused by the phar:// pseudo-protocol:
Recommended learning: "PHP Video Tutorial"
The above is the detailed content of PHP detailed analysis of phar. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1377
52
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
Discuss CakePHP
Sep 10, 2024 pm 05:28 PM
CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu
CakePHP File upload
Sep 10, 2024 pm 05:27 PM
To work on file upload we are going to use the form helper. Here, is an example for file upload.
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
CakePHP Quick Guide
Sep 10, 2024 pm 05:27 PM
CakePHP is an open source MVC framework. It makes developing, deploying and maintaining applications much easier. CakePHP has a number of libraries to reduce the overload of most common tasks.
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
