PHP ini file_get_contents 外部网址
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3488425/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP ini file_get_contents external url
提问by arik
I use following PHP function:
我使用以下 PHP 函数:
file_get_contents('http://example.com');
file_get_contents('http://example.com');
Whenever I do this on a certain server, the result is empty. When I do it anywhere else, the result is whatever the page's content may be. When I however, on the server where the result is empty, use the function locally - without accessing an external URL (file_get_contents('../simple/internal/path.html');), it doeswork.
每当我在某个服务器上执行此操作时,结果都是空的。当我在其他任何地方这样做时,结果就是页面的内容。但是,当我在结果为空的服务器上时,在本地使用该函数 - 无需访问外部 URL ( file_get_contents('../simple/internal/path.html');),它确实有效。
Now, I am pretty sure it has something to do with a certain php.ini configuration. What I am however not sure about is, whichone. Please help.
现在,我很确定它与某个 php.ini 配置有关。然而,我不确定的是,是哪一个。请帮忙。
采纳答案by Aillyn
The setting you are looking for is allow_url_fopen.
您正在寻找的设置是allow_url_fopen。
You have two ways of getting around it without changing php.ini, one of them is to use fsockopen(), and the other is to use cURL.
您有两种方法可以在不更改 php.ini 的情况下绕过它,一种是使用fsockopen(),另一种是使用cURL。
I recommend using cURL over file_get_contents()anyways, since it was built for this.
我建议file_get_contents()无论如何都使用 cURL ,因为它是为此而构建的。
回答by Pablo
Complementing Aillyn's answer, you could use a function like the one below to mimic the behavior of file_get_contents:
补充 Aillyn 的答案,您可以使用如下所示的函数来模拟 file_get_contents 的行为:
function get_content($URL){
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $URL);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
echo get_content('http://example.com');
回答by Artefacto
The is related to the ini configuration setting allow_url_fopen.
这与 ini 配置设置有关allow_url_fopen。
You should be aware that enable that option may make some bugs in your code exploitable.
您应该意识到启用该选项可能会使您的代码中的一些错误可被利用。
For instance, this failure to validate input may turn into a full-fledged remote code execution vulnerability:
例如,这种验证输入的失败可能会变成一个成熟的远程代码执行漏洞:
copy($_GET["file"], ".");
回答by Vikash
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
is best for http url, But how to open https url help me
最适合 http url,但是如何打开 https url 帮助我
回答by J-a-n-u-s
The answers provided above solve the problem but don't explain the strange behaviour the OP described. This explanation should help anyone testing communication between sites in a development environment where these sites all reside on the same host (and the same virtualhost; I'm working with apache 2.4 and php7.0).
上面提供的答案解决了问题,但没有解释 OP 描述的奇怪行为。这个解释应该可以帮助任何人在开发环境中测试站点之间的通信,这些站点都驻留在同一台主机上(和同一个虚拟主机;我正在使用 apache 2.4 和 php7.0)。
There's a subtlety with file_get_contents()I came across that is absolutely relevant here but unaddressed (probably because it's either barely documented or not documented from what I can tell or is documented in an obscure php security model whitepaper I can't find).
file_get_contents()我遇到了一个微妙之处,它在这里绝对相关但没有解决(可能是因为它几乎没有记录或没有记录,或者我无法找到的晦涩的 php 安全模型白皮书中记录)。
With allow_url_fopenset to Offin all relevant contexts (e.g. /etc/php/7.0/apache2/php.ini, /etc/php/7.0/fpm/php.ini, etc...) and allow_url_fopenset to Onin the command line context (i.e. /etc/php/7.0/cli/php.ini), calls to file_get_contents()for a local resource will be allowed and no warning will be logged such as:
随着allow_url_fopen设置为Off在所有有关方面(如/etc/php/7.0/apache2/php.ini,/etc/php/7.0/fpm/php.ini等...),并allow_url_fopen设置为On在命令行环境(即/etc/php/7.0/cli/php.ini),以电话file_get_contents()为本地资源将被允许的,没有警告会被记录,例如:
file_get_contents('php://input');
or
或者
// Path outside document root that webserver user agent has permission to read. e.g. for an apache2 webserver this user agent might be www-data so a file at /etc/php/7.0/filetoaccess would be successfully read if www-data had permission to read this file
file_get_contents('<file path to file on local machine user agent can access>');
or
或者
// Relative path in same document root
file_get_contents('data/filename.dat')
To conclude, the restriction allow_url_fopen = Offis analogous to an iptablesrule in the OUTPUTchain, where the restriction is only applied when an attempt to "exit the system" or "change contexts" is made.
总而言之,限制allow_url_fopen = Off类似于链中的iptables规则OUTPUT,其中限制仅在尝试“退出系统”或“更改上下文”时应用。
N.B. allow_url_fopenset to Onin the command line context (i.e. /etc/php/7.0/cli/php.ini) is what I had on my system but I suspect it would have no bearing on the explanation I provided even if it were set to Offunless of course you're testing by running your scripts from the command line itself. I did not test the behaviour with allow_url_fopenset to Offin the command line context.
NB在命令行上下文中allow_url_fopen设置为On(即/etc/php/7.0/cli/php.ini)是我在我的系统上所拥有的,但我怀疑它不会影响我提供的解释,即使它被设置为,Off除非你当然是通过运行你的脚本来测试命令行本身。我没有在命令行上下文中使用allow_url_fopenset to测试行为Off。
回答by Wayne Nort
This will also give external links an absolute path without having to use php.ini
这也将为外部链接提供绝对路径,而无需使用 php.ini
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.your_external_website.com");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$result = curl_exec($ch);
curl_close($ch);
$result = preg_replace("#(<\s*a\s+[^>]*href\s*=\s*[\"'])(?!http)([^\"'>]+)([\"'>]+)#",'http://www.your_external_website.com/', $result);
echo $result
?>
回答by Cheap PC Shop
Add:
添加:
allow_url_fopen=1
in your php.inifile. If you are using shared hosting, create one first.
在您的php.ini文件中。如果您使用共享主机,请先创建一个。
