This time I will show you how to use the file_put_contents function in PHP. What are the precautions when using the file_put_contents function in PHP? Here are practical cases, let’s take a look.
Recently, I encountered a question on File Upload on EIS. I found that filtering < basically made many gestures invalid. I thought about it for a long time but didn’t solve this question. After the game, I found out that I was using arrays to solve the problem. However, the principle is analyzed here. Not much to say, let’s take a look at the detailed introduction.
Let’s take a look at the official website definition of the second parameter data of the file_put_contents function:
data 要写入的数据。类型可以是 string,array 或者是 stream 资源(如上面所说的那样)。 如果 data 指定为 stream 资源,这里 stream 中所保存的缓存数据将被写入到指定文件中,这种用法就相似于使用 stream_copy_to_stream() 函数。 参数 data 可以是数组(但不能为多维数组),这就相当于 file_put_contents($filename, join('', $array))。
As you can see, the data parameter can be an array, which will be automatically join('',$array)
converted into a string
When this function accesses files, it follows the following rules:
If FILE_USE_INCLUDE_PATH is set, then the built-in path for a copy of *filename* will be checked
But our string filtering function generally uses the preg_match function to filter, such as:
if(preg_match('/\</',$data)){ die('hack'); }
We know that many functions that process strings will return NULL if an array is passed in, such as strcmp, strlen, md5, etc. But the preg_match function returns false if an error occurs. Here we can pass var_dump(preg_match('/</' ,$data));
To verify, in this case, the regular filtering of preg_match will be invalid
Therefore, I guess the file upload code is written like this
<?php if(isset($_POST['content']) && isset($_POST['ext'])){ $data = $_POST['content']; $ext = $_POST['ext']; //var_dump(preg_match('/\</',$data)); if(preg_match('/\</',$data)){ die('hack'); } $filename = time(); file_put_contents($filename.$ext, $data); } ?></p> <p style="text-align: left;"> So we can pass in <code>content[]=<?php phpinfo();?>&ext=php </code> to bypass </p> <p style="text-align: left;"> <span style="color:#ff0000;"><strong>Repair method</strong></span></p> <p style="text-align: left;"> The fix is to use the fwrite function to replace the dangerous file_put_contents function. The fwrite function can only pass in strings. If it is an array, it will error and return false</p> <pre class="brush:php;toolbar:false"><?php if(isset($_POST['content']) && isset($_POST['ext'])){ $data = $_POST['content']; $ext = $_POST['ext']; //var_dump(preg_match('/\</',$data)); if(preg_match('/\</',$data)){ die('hack'); } $filename = time(); // file_put_contents($filename.$ext, $data); $f = fopen($filename.$ext); var_dump(fwrite($f,$data)); } ?>
I believe you have mastered the method after reading the case in this article. More exciting Please pay attention to other related articles on php Chinese website!
Recommended reading:
The above is the detailed content of How to use file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!