Is fopen safe to use in public software?
I am creating a web application that I hope to release to the public for downloading and installing on anyone's own web server, however I just was informed that some webhosts disable the use of fopen
in php due to "security issue开发者_开发知识库s", particularly on shared hosts. I use fopen
during the installation process of the application, should I be concerned about this? Is this a common practice in shared hosts? If so, is there another way I can write to a file? I have heard of cURL, but this would require more advanced knowledge on the part of the end user, no? If so, this can obviously not be expected. Thanks very much!
fopen() is never disabled. The php.ini setting "allow_url_fopen" however is. So if you only access local files, not http:// URLs via fopen() this is not really a concern.
If you need URL support you should otherwise include a HTTP request class, like the one in PEAR. This way you avoid the user-unfriendly dependency on the cURL extension module.
In my limited experience, fopen()
is seldom disabled. Writing to a local file with curl is nonsense, so this wouldn't be an alternative. As all writing to a local file kind of depends on fopen, the most usual route for normal packages is:
- Trying to set the content in a file on installation (possibly a file already there with a decent default in the normal packages files).
- On failure, present to user with the content you'd like to set, and offer him the option to either copy/paste that content manually, or to retry to set the content (for instance, when the user sets the file permissions correctly, which you of course explain how to do).
using cURL:
function GET($url,$header = null,$post = 0,$cookie = null){
$handle = curl_init();
curl_setopt($handle, CURLOPT_URL, $url);
curl_setopt($handle, CURLOPT_HEADER, $header);
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
if($post) {
curl_setopt($handle, CURLOPT_POST, true);
curl_setopt($handle, CURLOPT_CUSTOMREQUEST,($post)?"POST":"GET");
curl_setopt($handle, CURLOPT_POSTFIELDS, $post);
}
curl_setopt($handle, CURLOPT_COOKIE, $cookie);
if(preg_match('/https/',$url)) {
curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
}
return($buffer = @curl_exec($handle)) ? $buffer : 0;
}
//A basic example of the requisition process :
echo GET('http://google.com',1)
//post data:
GET('/test.php',1,
array('Name' => 'Jet',
'id' => 12,
'foo' => 'abc'));
returns:
successfully : source-code;
0 : Request failed
//send cookies :
GET('http://example.com/send.php',1,
array('Name' => 'Jet',
'id' => 12,
'foo' => 'abc'),"cookies");
file_put_contents : http://php.net/file_put_contents
精彩评论