Home > Article > Backend Development > Detailed explanation of file_put_contents function in PHP
Detailed explanation of file_put_contents function in PHP
- 墨辰丷Original
- 2018-05-17 13:50:423294browse
file_put_contents() function writes a string to a file. Recently, I discovered that the file_put_contents function has problems that I have never noticed, so the following article mainly introduces relevant information about the dangerous file_put_contents function in PHP. Friends in need can refer to it. Let’s take a look together.
Preface
Recently I encountered a file upload question on EIS and found that filtering 0ddcdd4e86a784d73f7c974165885ef6&ext=php This way To bypass
Fix method
The repair method is to use the fwrite function to replace the dangerous file_put_contents function. The fwrite function can only pass Enter a string. If it is an array, an error will occur and false will be returned.
<?php
if(isset($_POST['content']) && isset($_POST['ext'])){
$data = $_POST['content'];
$ext = $_POST['ext'];
//var_dump(preg_match('/\</',$data));
if(preg_match('/\</',$data)){
die('hack');
}
$filename = time();
// file_put_contents($filename.$ext, $data);
$f = fopen($filename.$ext);
var_dump(fwrite($f,$data));
}
?>Related recommendations:
Detailed introduction and usage of file_put_contents function
How to use file_put_contents function in PHP
Detailed explanation of file_put_contents function in PHP
The above is the detailed content of Detailed explanation of file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!