Home >Backend Development >PHP Tutorial >Detailed explanation of file_put_contents function in PHP

Detailed explanation of file_put_contents function in PHP

墨辰丷
墨辰丷Original
2018-05-17 13:50:423332browse

file_put_contents() function writes a string to a file. Recently, I discovered that the file_put_contents function has problems that I have never noticed, so the following article mainly introduces relevant information about the dangerous file_put_contents function in PHP. Friends in need can refer to it. Let’s take a look together.

Preface

Recently I encountered a file upload question on EIS and found that filtering 0ddcdd4e86a784d73f7c974165885ef6&ext=php This way To bypass

Fix method

The repair method is to use the fwrite function to replace the dangerous file_put_contents function. The fwrite function can only pass Enter a string. If it is an array, an error will occur and false will be returned.


<?php 
 
if(isset($_POST[&#39;content&#39;]) && isset($_POST[&#39;ext&#39;])){
 $data = $_POST[&#39;content&#39;];
 $ext = $_POST[&#39;ext&#39;];
 
 //var_dump(preg_match(&#39;/\</&#39;,$data));
 if(preg_match(&#39;/\</&#39;,$data)){
  die(&#39;hack&#39;);
 }
 $filename = time();
 // file_put_contents($filename.$ext, $data);
 $f = fopen($filename.$ext);
 var_dump(fwrite($f,$data));
}
 
?>


Related recommendations:

Detailed introduction and usage of file_put_contents function

How to use file_put_contents function in PHP

Detailed explanation of file_put_contents function in PHP


The above is the detailed content of Detailed explanation of file_put_contents function in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn