Download the PHP package padraic/humbug_get_contents without Composer
On this page you can find all versions of the php package padraic/humbug_get_contents. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download padraic/humbug_get_contents
More information about padraic/humbug_get_contents
Files in padraic/humbug_get_contents
Package humbug_get_contents
Short Description Secure wrapper for accessing HTTPS resources with file_get_contents for PHP 5.3+
License BSD-3-Clause
Homepage https://github.com/padraic/file_get_contents
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package humbug_get_contents
humbug_get_contents
Defines a Humbug\get_contents() function that will transparently call file_get_contents(),
except for HTTPS URIs where it will inject a context configured to enable secure
SSL/TLS requests on all versions of PHP 5.3+.
All versions of PHP below 5.6 not only disable SSL/TLS protections by default, but
have most other default options set insecurely. This has led to
the spread of insecure uses of file_get_contents() to retrieve HTTPS resources. For example,
PHAR files or API requests. Without SSL/TLS protections, all such requests are vulnerable
to Man-In-The-Middle attacks where a hacker can inject a fake response, e.g. a tailored php
file or json response.
Installation
Usage
You can use this function as an immediate alternative to file_get_contents() in any code
location where HTTP requests are probable.
This solution was originally implemented within the Composer Installer, so this is a straightforward extraction of that code into a standalone package with just the one function. It borrows functions from both Composer and Sslurp.
In rare cases, this function will complain when attempting to retrieve HTTPS URIs. This is actually the point ;). An error should have two causes:
- A valid cafile could not be located, i.e. your server is misconfigured or missing a package
- The URI requested could not be verified, i.e. in a browser this would be a red page warning.
Neither is, in any way, a justification for disabling SSL/TLS and leaving end users vulnerable to getting hacked. Resolve such errors; don't ignore or workaround them.
Headers
You can set request headers, and get response headers, using the following functions. This support is based around stream contexts, but is offered in some limited form here as a convenience. If your needs are going to extend this, you should use a more complete solution and double check that it fully enables and supports TLS.
Request headers are emptied when used, so you would need to reset on each
Humbug\get_contents() call.
To retrieve an array of the last response headers:
Upgrade
Upgrade Guide
Contributing
Contribution Guide
All versions of humbug_get_contents with dependencies
ext-openssl Version *
composer/ca-bundle Version ^1.0