当前位置: 文江博客话题详情

PHP ini file_get_contents 外部 url

发布于 2024-09-14 06:41:37 字数 321 浏览 13 评论 0原文

我使用以下 PHP 函数:

file_get_contents('http://example.com');

每当我在某个服务器上执行此操作时,结果都是空的。当我在其他地方执行此操作时,结果就是页面的内容是什么。然而,当我在结果为空的服务器上本地使用该函数时 - 无需访问外部 URL (file_get_contents('../simple/internal/path.html');),它确实有效。

现在,我很确定它与某个 php.ini 配置有关。但我不确定的是,是哪一个。请帮忙。

原文

I use following PHP function:

file_get_contents('http://example.com');

Whenever I do this on a certain server, the result is empty. When I do it anywhere else, the result is whatever the page's content may be. When I however, on the server where the result is empty, use the function locally - without accessing an external URL (file_get_contents('../simple/internal/path.html');), it does work.

Now, I am pretty sure it has something to do with a certain php.ini configuration. What I am however not sure about is, which one. Please help.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(8

夏了南城 2024-09-21 06:41:37

补充 Aillyn 的答案,您可以使用如下所示的函数来模仿 file_get_contents 的行为:

function get_content($URL){
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($ch, CURLOPT_URL, $URL);
      $data = curl_exec($ch);
      curl_close($ch);
      return $data;
}

echo get_content('http://example.com');

Complementing Aillyn's answer, you could use a function like the one below to mimic the behavior of file_get_contents:

function get_content($URL){
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($ch, CURLOPT_URL, $URL);
      $data = curl_exec($ch);
      curl_close($ch);
      return $data;
}

echo get_content('http://example.com');
回复 原文
毁梦 2024-09-21 06:41:37

您要查找的设置是 allow_url_fopen

您有两种方法可以在不更改 php.ini 的情况下解决这个问题,其中之一是使用 < code>fsockopen(),另一种是使用 cURL

无论如何,我建议使用 cURL 而不是 file_get_contents(),因为它是为此构建的。

The setting you are looking for is allow_url_fopen.

You have two ways of getting around it without changing php.ini, one of them is to use fsockopen(), and the other is to use cURL.

I recommend using cURL over file_get_contents() anyways, since it was built for this.

回复 原文
心碎的声音 2024-09-21 06:41:37
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);

最适合 http url,
但如何打开 https url 帮助我

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);

is best for http url,
But how to open https url help me

回复 原文
神回复 2024-09-21 06:41:37

与ini配置设置相关 allow_url_fopen

您应该意识到,启用该选项可能会使代码中的一些错误可被利用。

例如,验证输入失败可能会变成一个成熟的远程代码执行漏洞:

copy($_GET["file"], ".");

The is related to the ini configuration setting allow_url_fopen.

You should be aware that enable that option may make some bugs in your code exploitable.

For instance, this failure to validate input may turn into a full-fledged remote code execution vulnerability:

copy($_GET["file"], ".");
回复 原文
网白 2024-09-21 06:41:37

上面提供的答案解决了问题,但没有解释OP描述的奇怪行为。这个解释应该可以帮助任何人在开发环境中测试站点之间的通信,其中这些站点都驻留在同一主机上(和同一虚拟主机;我正在使用 apache 2.4 和 php7.0)。

我发现 file_get_contents() 有一个微妙之处,它在这里绝对相关,但没有得到解决(可能是因为它要么几乎没有记录,要么据我所知没有记录,或者记录在一个晦涩的 php 安全模型白皮书中)找不到)。

在所有相关上下文中将 allow_url_fopen 设置为 Off(例如 /etc/php/7.0/apache2/php.ini/etc /php/7.0/fpm/php.ini 等...)和 allow_url_fopen 在命令行上下文中设置为 On (即 / etc/php/7.0/cli/php.ini),将允许调用本地资源的 file_get_contents() 并且不会记录任何警告,例如:

file_get_contents('php://input');


// Path outside document root that webserver user agent has permission to read. e.g. for an apache2 webserver this user agent might be www-data so a file at /etc/php/7.0/filetoaccess would be successfully read if www-data had permission to read this file
file_get_contents('<file path to file on local machine user agent can access>');


// Relative path in same document root
file_get_contents('data/filename.dat')

最后,限制 allow_url_fopen = Off 类似于 OUTPUT 链中的 iptables 规则,其中仅当尝试“退出系统”或“更改上下文”被创建。

注意:我在命令行上下文中将 allow_url_fopen 设置为 On (即 /etc/php/7.0/cli/php.ini)在我的系统上,但我怀疑即使将其设置为“关闭”,它也不会与我提供的解释产生任何影响,除非您通过从命令行本身运行脚本来进行测试。我没有在命令行上下文中将 allow_url_fopen 设置为 Off 来测试行为。

The answers provided above solve the problem but don't explain the strange behaviour the OP described. This explanation should help anyone testing communication between sites in a development environment where these sites all reside on the same host (and the same virtualhost; I'm working with apache 2.4 and php7.0).

There's a subtlety with file_get_contents() I came across that is absolutely relevant here but unaddressed (probably because it's either barely documented or not documented from what I can tell or is documented in an obscure php security model whitepaper I can't find).

With allow_url_fopen set to Off in all relevant contexts (e.g. /etc/php/7.0/apache2/php.ini, /etc/php/7.0/fpm/php.ini, etc...) and allow_url_fopen set to On in the command line context (i.e. /etc/php/7.0/cli/php.ini), calls to file_get_contents() for a local resource will be allowed and no warning will be logged such as:

file_get_contents('php://input');

or

// Path outside document root that webserver user agent has permission to read. e.g. for an apache2 webserver this user agent might be www-data so a file at /etc/php/7.0/filetoaccess would be successfully read if www-data had permission to read this file
file_get_contents('<file path to file on local machine user agent can access>');

or

// Relative path in same document root
file_get_contents('data/filename.dat')

To conclude, the restriction allow_url_fopen = Off is analogous to an iptables rule in the OUTPUT chain, where the restriction is only applied when an attempt to "exit the system" or "change contexts" is made.

N.B. allow_url_fopen set to On in the command line context (i.e. /etc/php/7.0/cli/php.ini) is what I had on my system but I suspect it would have no bearing on the explanation I provided even if it were set to Off unless of course you're testing by running your scripts from the command line itself. I did not test the behaviour with allow_url_fopen set to Off in the command line context.

回复 原文
请恋爱 2024-09-21 06:41:37

这也将为外部链接提供绝对路径,而无需使用 php.ini

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
$result = preg_replace("#(<\s*a\s+[^>]*href\s*=\s*[\"'])(?!http)([^\"'>]+)([\"'>]+)#",'$1http://www.your_external_website.com/$2$3', $result);
echo $result
?>

This will also give external links an absolute path without having to use php.ini

<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
$result = preg_replace("#(<\s*a\s+[^>]*href\s*=\s*[\"'])(?!http)([^\"'>]+)([\"'>]+)#",'$1http://www.your_external_website.com/$2$3', $result);
echo $result
?>
回复 原文
夜声 2024-09-21 06:41:37

从 cPanel 或 PHP INI 部分中的 WHM 启用allow_url_fopen

Enable allow_url_fopen From cPanel Or WHM in PHP INI Section

回复 原文
昨迟人 2024-09-21 06:41:37

添加:

allow_url_fopen=1

在您的 php.ini 文件中。如果您使用共享主机,请先创建一个。

Add:

allow_url_fopen=1

in your php.ini file. If you are using shared hosting, create one first.

回复 原文
~没有更多了~

关于作者

¢蛋碎的人ぎ生

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文