PHP input/output streams
PHP 3.0.13 and up, php://output and php://input since PHP 4.3.0, php://filter since PHP 5.0.0
php://stdin
php://stdout
php://stderr
php://output
php://input
php://filter
php://stdin, php://stdout and php://stderr allow access to the corresponding input or output stream of the PHP process.
php://output allows you to write to the output buffer mechanism in the same way as print() and echo().
php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives.
php://stdin and php://input are read-only, whereas php://stdout, php://stderr and php://output are write-only.
php://filter is a kind of meta-wrapper designed to permit the application of filters to a stream at the time of opening. This is useful with all-in-one file functions such as readfile(), file(), and file_get_contents() where there is otherwise no opportunity to apply a filter to the stream prior the contents being read.
The php://filter target takes the following 'parameters' as parts of its 'path'.
/resource=<stream to be filtered> (required) This parameter must be located at the end of your php://filter specification and should point to the stream which you want filtered.
/read=<filter list to apply to read chain> (optional) This parameter takes one or more filternames separated by the pipe character |.
<?php /* This will output the contents of www.example.com entirely in uppercase */ readfile("php://filter/read=string.toupper/resource=http://www.example.com"); /* This will do the same as above but will also ROT13 encode it */ readfile("php://filter/read=string.toupper|string.rot13/resource=http://www.example.com"); ?>
/write=<filter list to apply to write chain> (optional) This parameter takes one or more filternames separated by the pipe character |.
/<filter list to apply to both chains> (optional) Any filter lists which are not prefixed specifically by read= or write= will be applied to both the read and write chains (as appropriate).
Table I-5. Wrapper Summary (For php://filter, refer to summary of wrapper being filtered.)
Attribute | Supported |
---|---|
Restricted by allow_url_fopen. | No |
Allows Reading | php://stdin and php://input only. |
Allows Writing | php://stdout, php://stderr, and php://output only. |
Allows Appending | php://stdout, php://stderr, and php://output only. (Equivalent to writing) |
Allows Simultaneous Reading and Writing | No. These wrappers are unidirectional. |
Supports stat() | No |
Supports unlink() | No |