What should I do with the file_put_contents function in PHP?

This time to bring you how to use the PHP file_put_contents function, PHP in the use of the file_put_contents function of the attention of what, the following is the actual case, together to see.

Recently encountered a file upload on the EIS, found filtering the <, so the basic many positions are invalid, think for a long time did not do out of this problem, after the game only know is to use the array to bypass, here to analyze the principle, words do not say, come together to see the detailed introduction bar.

Take a look at the File_put_contents function The second parameter of Data's official website definition:

Data to be written to. The type can be a string,array or a stream resource (as mentioned above). If data is specified as a stream resource, the cached data stored in the stream is written to the specified file, which is similar to using the Stream_copy_to_stream () function. The parameter data can be an array (but not a multidimensional array), which is equivalent to File_put_contents ($filename, Join (", $array)).

As you can see, the data parameter can be an array, which is automatically join('',$array) converted to a string

When the function accesses a file, the following rules apply:

• If File_use_include_path is set, the built-in path of the *filename* copy is checked

• If the file does not exist, a file is created

• Open File

• If LOCK_EX is set, the file will be locked

• If File_append is set, it is moved to the end of the file. Otherwise, the contents of the file will be purged

• Writing data to a file

• Close the file and unlock all files

• If successful, the function returns the number of characters written to the file. If it fails, it returns FALSE.

But our string filter functions are generally filtered using the Preg_match function, such as:

if (Preg_match ('/\</', $data)) {die (' hack ');}

We know that many functions that deal with string literals return NULL if an error is passed in the array, such as STRCMP,STRLEN,MD5, but the Preg_match function returns false, which we can verify here, var_dump(preg_match('/</',$data)); so that Preg_match The regular filter will fail.

So, guess the file upload code is written like this.

<?php  if (isset ($_post[' content ')) && isset ($_post[' ext ')) {$data = $_post[' content ']; $ext = $_post[' Ext '];  Var_dump (Preg_match ('/\</', $data)); if (Preg_match ('/\</', $data)) {die  (' hack '),} $filename = time (); File_put_contents ($filename. $ext, $data);}? >

So I can pass in content[]=<?php phpinfo();?>&ext=php like this to bypass

Repair method

The fix is to use the Fwrite function instead of the dangerous file_put_contents function, the fwrite function can only pass in the string, and if it is an array error returns false

<?php  if (isset ($_post[' content ')) && isset ($_post[' ext ')) {$data = $_post[' content ']; $ext = $_post[' Ext '];  Var_dump (Preg_match ('/\</', $data)); if (Preg_match ('/\</', $data)) {die  (' hack ');} $filename = time ();//File_put_contents ($filename. $ext, $data); $ f = fopen ($filename. $ext); Var_dump (Fwrite ($f, $data));} ?>

Believe that you have read the case of this article you have mastered the method, more exciting please pay attention to the PHP Chinese network other related articles!

Recommended reading: