PHP 3.0.13 and up, php://output
and php://input since PHP 4.3.0,
php://filter since PHP 5.0.0.
php://stdin
php://stdout
php://stderr
php://output
php://input
php://filter
php://stdin, php://stdout
and php://stderr allow access to
the corresponding input or output stream of the PHP process.
php://output allows you to write to the
output buffer mechanism in the same way as
print() and echo().
php://input allows you to read raw POST data.
It is a less memory intensive alternative to
$HTTP_RAW_POST_DATA and does not need any
special php.ini directives.
php://input is not available with
enctype="multipart/form-data".
php://stdin and
php://input are read-only, whereas
php://stdout,
php://stderr and
php://output are write-only.
php://filter is a kind of meta-wrapper designed
to permit the application of filters to a stream at the time of
opening. This is useful with all-in-one file functions such as
readfile(), file(), and
file_get_contents() where there is otherwise
no opportunity to apply a filter to the stream prior the contents
being read.
The php://filter target takes the following
'parameters' as parts of its 'path'.
/resource=<stream to be filtered>
(required) This parameter must be located at
the end of your php://filter specification and
should point to the stream which you want filtered.
<?php
/* This is equivalent to simply:
readfile("http://www.example.com");
since no filters are actually specified */
readfile("php://filter/resource=http://www.example.com");
?>
|
/read=<filter list to apply to read chain>
(optional) This parameter takes one or more
filternames separated by the pipe character |.
<?php
/* This will output the contents of
www.example.com entirely in uppercase */
readfile("php://filter/read=string.toupper/resource=http://www.example.com");
/* This will do the same as above
but will also ROT13 encode it */
readfile("php://filter/read=string.toupper|string.rot13/resource=http://www.example.com");
?>
|
/write=<filter list to apply to write chain>
(optional) This parameter takes one or more
filternames separated by the pipe character |.
<?php
/* This will filter the string "Hello World"
through the rot13 filter, then write to
example.txt in the current directory */
file_put_contents("php://filter/write=string.rot13/resource=example.txt","Hello World");
?>
|
/<filter list to apply to both chains>
(optional) Any filter lists which are not
prefixed specifically by read= or
write= will be applied to both the read and
write chains (as appropriate).
Таблица M-6.
Wrapper Summary (For php://filter,
refer to summary of wrapper being filtered.)
| Attribute | Supported |
|---|
| Restricted by allow_url_fopen. | No |
| Allows Reading |
php://stdin and
php://input only.
|
| Allows Writing |
php://stdout,
php://stderr, and
php://output only.
|
| Allows Appending |
php://stdout,
php://stderr, and
php://output only. (Equivalent to writing)
|
| Allows Simultaneous Reading and Writing | No. These wrappers are unidirectional. |
| Supports stat() | No |
| Supports unlink() | No |
| Supports rename() | No |
| Supports mkdir() | No |
| Supports rmdir() | No |