Can someone explain me why when i POST RAW Data for example "test.txt" in the below script
<?php
echo file_get_contents("php://input");
?>
it only prints the text "test.txt" instead of the file contents of that file?
Thank you
2 Answers
Your code reads the contents of the raw POST data and echoes it back.
Whereas what you want is this:
// retrieve the requested filename
$fileName = file_get_contents("php://input");
// echo the contents of the requested file
echo file_get_contents($fileName);
Depending on what you're trying to, you may wish to sanitize the $fileName input (not shown: too broad) and restrict access to a specific local directory:
$path = $myLocalDirectory . DIRECTORY_SEPARATOR . $fileName;
if (file_exists($path) {
echo file_get_conents($path);
}
6 Comments
Sander Visser
Note that this has major security issues, because everybody could read data from any file
bcmcfc
@SanderVisser duly amended. It answers the question: anything further is dependent on what the OP is trying to achieve.
user3393046
Yes i know that it has security issue. No worries :). Thanks for your answer
h2ooooooo
@bcmcfc A bit late, but please note that your sanitation doesn't limit you to that directory (
../../index.php). ltrim($fileName, './') would work wonders, but wouldn't work with hidden files (.htaccess).bcmcfc
@h2ooooooo well, yeah - there is no sanitation of the fileName, as mentioned in the answer.
|
Try like this ..
$input = "abc.txt";
echo file_get_contents($input);
It gives the content of the text file abc.txt
answered May 30, 2014 at 11:07
Deepu Sasidharan
5,32911 gold badges46 silver badges100 bronze badges
echo file_get_contents(file_get_contents("php://input"));?