Types des ressources PHP
Dangerous stuff. Had php injection attacks like:
?-dallow_url_include%253don+-dauto_prepend_file%253dphp://input
due to this
Annexe M. Liste des protocoles supportés
Cette section recense une liste de protocoles gérant les URL, qui sont intégrés dans les fonctions d'accès aux fichiers, dans PHP. Par exemple, les fonctions fopen() et copy(). Ces fonctionnalités sont compilées comme des gestionnaires externes, et à partir de PHP 4.3.0, vous pouvez créer vos propres gestionnaires, avec la fonction stream_register_wrapper().
Système de fichiers
Toutes les versions de PHP. Explicitement avec le protocole file:// depuis PHP 4.3.0.
/path/to/file.ext
relative/path/to/file.ext
fileInCwd.ext
C:/path/to/winfile.ext
C:\path\to\winfile.ext
\\smbserver\share\path\to\winfile.ext
file:///path/to/file.ext
Filesystem est le gestionnaire par défaut de PHP et il représente les fichiers locaux. Lorsqu'un chemin relatif est spécifié (un chemin qui ne commence pas par /, \, \\, ou une lettre de lecteur Windows), le chemin sera calculé relativement à la position courante. Dans de nombreux cas, c'est le dossier de résidence du script, à moins qu'il n'ait été modifié. En utilisant la version CLI, le chemin sera calculé par rapport au dossier d'appel du script.
Avec certaines fonctions comme fopen() et file_get_contents(), include_path peut être scanné pour y trouver les fichiers, si un chemin relatif est fourni.
Tableau M-1. Liste des gestionnaires
| Attribut | Supporté |
|---|---|
| Restreint par allow_url_fopen. | Non |
| Autorise les lectures | Oui |
| Autorise les écritures | Oui |
| Autorise l'ajout | Oui |
| Autorise simultanément les lectures et écritures | Oui |
| Supporte stat() | Oui |
| Supporte unlink() | Oui |
| Supporte rename() | Oui |
| Supporte mkdir() | Oui |
| Supporte rmdir() | Oui |
add a note
User Contributed Notes
Liste des protocoles supportés
Toby
18-May-2012 10:12
Anonymous
04-May-2012 07:00
For php://filter the /resource=foo part must come last. And foo needs no escaping at all.
php://filter/resource=foo/read=somefilter would try to open a file 'foo/read=somefilter' while php://filter/read=somefilter/resource=foo will open file 'foo' with the somefilter filter applied.
Rakesh Verma [rakeshnsony at gmail dot com]
19-Mar-2012 10:18
/**********************************/
Example JSON Request:
{
"username" : "rakeshnsony",
"password" : "abcdefg"
}
/**********************************/
<?php
//To access json format data
$requestBody = file_get_contents('php://input');
$requestBody = json_decode($requestBody);
echo "username is: ".$requestBody->username;
echo "<br /><br />";
echo "password is: ".$requestBody->password;
leonid at shagabutdinov dot com
22-Jul-2011 09:45
For https for windows enable this extension:
extension=php_openssl.dll
kwedeth at gmail dot com
24-May-2011 06:04
When daisy-chaining wrappers, I've found that the stream context only applies to the outside wrapper. For example, the following code will not work:
<?php
$options = array('http'=>array('header'=>"Accept-Encoding: gzip\r\n"));
$context = stream_context_create($options);
$html = file_get_contents('compress.zlib://http://example.com/resource.gz', 0, $context);
?>
The context in this case is useless for the compress.zlib:// wrapper but it does not get applied to http:// and the header will not be sent.
sebastian dot krebs at kingcrunch dot de
04-Feb-2011 04:49
The stream php://temp/maxmemory:$limit stores the data in memory unless the limit is reached. Then it will write the whole content the a temporary file and frees the memory. I didnt found a way to get at least some of the data back to memory.
gjaman at gmail dot com
15-May-2008 02:15
You can decompress (gzip) a input stream by combining wrappers:
eg: $x = file_get_contents("compress.zlib://php://input");
I used this method to decompress a gzip stream that was pushed to my webserver
jerry at gii dot co dot jp
17-Aug-2007 10:11
Not only are STDIN, STDOUT, and STDERR only allowed for CLI programs, but they are not allowed for programs that are read from STDIN. That can confuse you if you try to type in a simple test program.
sander at medicore dot nl
14-Jun-2007 04:25
to create a raw tcp listener system i use the following:
xinetd daemon with config like:
service test
{
disable = no
type = UNLISTED
socket_type = stream
protocol = tcp
bind = 127.0.0.1
port = 12345
wait = no
user = apache
group = apache
instances = 10
server = /usr/local/bin/php
server_args = -n [your php file here]
only_from = 127.0.0.1 #gotta love the security#
log_type = FILE /var/log/phperrors.log
log_on_success += DURATION
}
now use fgets(STDIN) to read the input. Creates connections pretty quick, works like a charm.Writing can be done using the STDOUT, or just echo. Be aware that you're completely bypassing the webserver and thus certain variables will not be available.
ben dot johansen at gmail dot com
25-Oct-2006 02:57
followup:
I found that if I added this line to the AJAX call, the values would show up in the $_POST
xhttp.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded');
ben dot johansen at gmail dot com
29-Aug-2006 11:02
Example of how to use the php://input to get raw post data
//read the raw data in
$roughHTTPPOST = file_get_contents("php://input");
//parse it into vars
parse_str($roughHTTPPOST);
if you do readfile("php://input") you will get the length of the post data
ben dot johansen at gmail dot com
29-Aug-2006 12:33
In trying to do AJAX with PHP and Javascript, I came upon an issue where the POST argument from the following javascript could not be read in via PHP 5 using the $_REQUEST or $_POST. I finally figured out how to read in the raw data using the php://input directive.
Javascript code:
=============
//create request instance
xhttp = new XMLHttpRequest();
// set the event handler
xhttp.onreadystatechange = serviceReturn;
// prep the call, http method=POST, true=asynchronous call
var Args = 'number='+NbrValue;
xhttp.open("POST", "http://<?php echo $_SERVER['SERVER_NAME'] ?>/webservices/ws_service.php", true);
// send the call with args
xhttp.send(Args);
PHP Code:
//read the raw data in
$roughHTTPPOST = file_get_contents("php://input");
//parse it into vars
parse_str($roughHTTPPOST);
heitorsiller at uol dot com dot br
07-Jul-2006 07:55
For reading a XML stream, this will work just fine:
<?php
$arq = file_get_contents('php://input');
?>
Then you can parse the XML like this:
<?php
$xml = xml_parser_create();
xml_parse_into_struct($xml, $arq, $vs);
xml_parser_free($xml);
$data = "";
foreach($vs as $v){
if($v['level'] == 3 && $v['type'] == 'complete')
$data .= "\n".$v['tag']." -> ".$v['value'];
}
echo $data;
?>
PS.: This is particularly useful for receiving mobile originated (MO) SMS messages from cellular phone companies.
opedroso at NOSPAMswoptimizer dot com
12-Apr-2006 11:07
php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives.
Example use:
$httprawpostdata = file_get_contents("php://input");
When reading a base64 encoded stream using php://input, be aware that you do not need to decode it, it will automatically be done for you.
nyvsld at gmail dot com
27-Nov-2005 10:28
php://stdin supports fseek() and fstat() function call,
while php://input doesn't.
drewish at katherinehouse dot com
24-Sep-2005 11:50
Be aware that contrary to the way this makes it sound, under Apache, php://output and php://stdout don't point to the same place.
<?php
$fo = fopen('php://output', 'w');
$fs = fopen('php://stdout', 'w');
fputs($fo, "You can see this with the CLI and Apache.\n");
fputs($fs, "This only shows up on the CLI...\n");
fclose($fo);
fclose($fs);
?>
Using the CLI you'll see:
You can see this with the CLI and Apache.
This only shows up on the CLI...
Using the Apache SAPI you'll see:
You can see this with the CLI and Apache.
chris at free-source dot com
26-Apr-2005 12:52
If you're looking for a unix based smb wrapper there isn't one built in, but I've had luck with http://www.zevils.com/cgi-bin/viewcvs.cgi/libsmbclient-php/ (tarball link at the end).
nargy at yahoo dot com
24-Sep-2004 03:16
When opening php://output in append mode you get an error, the way to do it:
$fp=fopen("php://output","w");
fwrite($fp,"Hello, world !<BR>\n");
fclose($fp);
aidan at php dot net
27-May-2004 03:34
The contants:
* STDIN
* STDOUT
* STDERR
Were introduced in PHP 4.3.0 and are synomous with the fopen('php://stdx') result resource.
lupti at yahoo dot com
29-Nov-2003 02:04
I find using file_get_contents with php://input is very handy and efficient. Here is the code:
$request = "";
$request = file_get_contents("php://input");
I don't need to declare the URL filr string as "r". It automatically handles open the file with read.
I can then use this $request string to your XMLparser as data.
sam at bigwig dot net
15-Aug-2003 08:02
[ Editor's Note: There is a way to know. All response headers (from both the final responding server and intermediate redirecters) can be found in $http_response_header or stream_get_meta_data() as described above. ]
If you open an HTTP url and the server issues a Location style redirect, the redirected contents will be read but you can't find out that this has happened.
So if you then parse the returned html and try and rationalise relative URLs you could get it wrong.