The phar extension provides the phar stream wrapper and the Phar class for manipulating self-contained PHP Archive (phar) files. The Phar class can be used to create and to extract contents of phar files as well as iterating over their contents.
PHP Archive files (Phars) are special collections of files that can be transparently run right out of the file, similar to Java's jar archive files. Using a phar archive, it is possible to distribute a complete PHP application in a single file that will run out of the file without modification or extraction. Phar archives can also be used to store files for extraction similar to tar or zip archive files. Phars support compression using gzip if the zlib extension is present, and using bzip2 if the bz2 extension is present. In addition, iteration and other features are available if the SPL extension is available. Phar signature verification using md5 or sha1 is natively supported if the hash extension is available.
The original implementation for Phar archives was in the PEAR package PHP_Archive, and the implementation details are very similar.
Phar requires PHP 5.2.1 or newer. Additional features require the SPL extension in order to take advantage of iteration and array access to a Phar's file contents. The phar stream does not require any additional extensions to function.
You may optionally wish to enable the zlib and bzip2 extensions to take advantage of compressed phar support. In addition, the hash extension can be used for signing phars and verifying integrity.
Windows binaries may be found at http://snaps.php.net/. To install, download php_phar.dll to the folder specified by your php.ini file's extension_dir directive. Enable it by adding extension=php_phar.dll to your php.ini and restarting your webserver.
extension_dir=c:/php5/exts/ extension=php_phar.dll |
Linux, BSD, and other *nix variants can be compiled using the following steps:
Either:
Run the pear installer for PECL/phar: pecl install phar
Copy phar.so from the directory indicated by the build process to the location specified in your php.ini file under extension_dir.
Add extension=phar.so to your php.ini
Or:
Set the path to your php.ini via:
pecl config-set php_ini /path/to/php.ini
Run the pear installer for PECL/phar: pecl install phar
Restart your webserver to reload your php.ini settings.
Development Versions: There are currently no stable versions of PECL/phar, to force installation of the alpha version of PECL/phar execute: pecl install phar-alpha
Compiling PECL/phar without using the PEAR command: Rather than using pecl install phar to automatically download and install PECL/phar, you may download the tarball from PECL. From the root of the unpacked tarball, run: phpize && ./configure --enable-phar && make to generate phar.so. Once built, continue the installation from step 4 above.
Information for installing this PECL extension may be found in the manual chapter titled Installation of PECL extensions. Additional information such as new releases, downloads, source files, maintainer information, and a CHANGELOG, can be located here: http://pecl.php.net/package/phar.
The behaviour of these functions is affected by settings in php.ini.
Table 1. Filesystem and Streams Configuration Options
Name | Default | Changeable | Changelog |
---|---|---|---|
phar.readonly | "1" | PHP_INI_SYSTEM | Available Since version 1.0.0 |
phar.require_hash | "0" | PHP_INI_SYSTEM disable/enable, PHP_INI_ALL enable | Available Since version 1.0.0 |
Here's a short explanation of the configuration directives.
phar.readonly
booleanThis option disables creation or modification of Phar archives using the phar stream or Phar object's write support. This setting should always be enabled on production machines, as the phar extension's convenient write support could allow straightforward creation of a php-based virus when coupled with other common security vulnerabilities.
Note: This setting can only be set in php.ini due to security reasons.
phar.require_hash
booleanThis option will force all opened Phar archives to contain some kind of signature (currently md5 and sha1 are supported), and will refuse to process any Phar archive that does not contain a signature.
Note: The option can be disabled in the system level only, but can be enabled using ini_set() in a user script regardless of the system setting.
The Phar extension provides the phar stream, which allows accessing files contained within a phar transparently. The file format of a Phar is described here
Phar |
PharFileInfo |
Phar archives are similar in concept to Java JAR archives, but are tailored to the needs and to the flexibility of PHP applications. A Phar archive is used to distribute a complete PHP application or library in a single file. Unlike Java's implementation of JAR archives, no external tool is required to process or run a PHP Phar archive. A Phar archive application is processed exactly like any other PHP application:
php coolapplication.phar |
Using a Phar archive library is identical to using any other PHP library:
<?php |
What makes Phar archives incredibly useful is the phar stream wrapper, which is explained in depth here. Using this stream wrapper, it is possible to access individual files within a phar as if the phar were its own filesystem. The phar stream wrapper supports all read/write operations on files, and opendir() on directories.
<?php |
Also provided with the Phar extension is the Phar class, which allows accessing the files of the Phar archive as if it were an associative array, and other functionality. The Phar class is explained here.
<?php |
The Phar stream wrapper fully supports fopen() for read, write or append, unlink(), stat(), fstat(), fseek(), rename() and directory stream operation opendir(). The Phar stream wrapper does not support creating or erasing a directory, as files are stored only as files, and the concept of an abstract directory does not exist.
Individual file compression and per-file metadata can also be manipulated in a Phar archive using stream contexts:
<?php |
The phar stream wrapper does not operate on remote files, and cannot operate on remote files, and so is allowed even when the allow_url_fopen INI option is disabled.
Although it is possible to create phar archives from scratch just using stream operations, it is best to use the functionality built into the Phar class. The stream wrapper is best used for read operations.
The Phar class supports reading and manipulation of Phar archives, as well as iteration through inherited functionality of the RecursiveDirectoryIterator class. With support for the ArrayAccess interface, files inside a Phar archive can be accessed as if they were part of an associative array.
Assuming that $p is a Phar object initialized as follows:
<?php |
$a = $p['file.php'] creates a PharFileInfo class that refers to the contents of phar://myphar.phar/file.php
$p['file.php'] = $v creates a new file (phar://myphar.phar/file.php), or overwrites an existing file within myphar.phar. $v can be either a string or an open file pointer, in which case the entire contents of the file will be used to create the new file.
isset($p['file.php']) can be used to determine whether phar://myphar.phar/file.php exists within myphar.phar.
unset($p['file.php']) erases phar://myphar.phar/file.php from myphar.phar.
In addition, the Phar object is the only way to access Phar-specific metadata, through Phar->getMetaData(), and the only way to set or retrieve a Phar archive's PHP loader stub through Phar->getStub() and Phar->commit(). Additionally, compression for the entire Phar archive at once can only be manipulated using the Phar class.
The full list of Phar object functionality is documented below.
The PharFileInfo class extends the SplFileInfo class, and adds several methods for manipulating Phar-specific details of a file contained within a Phar, such as manipulating compression and metadata.
All Phar files contain three to four sections:
a stub
a manifest describing the contents
the file contents
[optional] a signature for verifying Phar integrity
A Phar's stub is a simple PHP file. The smallest possible stub follows:
<?php __HALT_COMPILER();
|
A stub must contain as a minimum, the __HALT_COMPILER(); token at its conclusion. Typically, a stub will contain loader functionality like so:
<?php |
There are no restrictions on the contents of a Phar stub, except for the requirement that it conclude with __HALT_COMPILER();. The closing PHP tag ?> may be included or omitted, but there can be no more than 1 space between the ; and the close tag ?> or the phar extension will be unable to process the Phar archive.
The Phar manifest is a highly optimized format that allows per-file specification of file compression, file permissions, and even user-defined meta-data such as user or group. All values greater than 1 byte are stored in little-endian byte order, with the exception of the API version, which for historical reasons is stored as 3 nibbles in big-endian order.
All unused flags are reserved for future use, and must not be used to store custom information. Use the per-file meta-data facility to store customized information about particular files.
The basic file format of a Phar archive manifest is as follows:
Table 2. Global Phar manifest format
Size in bytes | Description |
---|---|
4 bytes | Length of manifest in bytes (1 MB limit) |
4 bytes | Number of files in the Phar |
2 bytes | API version of the Phar manifest (currently 0.9.0) |
4 bytes | Global Phar bitmapped flags |
4 bytes | Length of Phar alias |
?? | Phar alias (length based on previous) |
4 bytes | Length of Phar metadata (0 for none) |
?? | Serialized Phar Meta-data, stored in serialize() format |
at least 24 * number of entries bytes | entries for each file |
Here are the bitmapped flags currently recognized by the Phar extension for the global Phar flat bitmap:
Each file in the manifest contains the following information:
Table 4. Phar Manifest file entry
Size in bytes | Description |
---|---|
4 bytes | Filename length in bytes |
?? | Filename (length specified in previous) |
4 bytes | Un-compressed file size in bytes |
4 bytes | Unix timestamp of file |
4 bytes | Compressed file size in bytes |
4 bytes | CRC32 checksum of un-compressed file contents |
4 bytes | Bit-mapped File-specific flags |
4 bytes | Serialized File Meta-data length (0 for none) |
?? | Serialized File Meta-data, stored in serialize() format |
The File-specific bitmap values recognized are:
Table 5. Bitmap values recognized
Value | Description |
---|---|
0x000001FF | These bits are reserved for defining specific file permissions of a file. Permissions are used for fstat() and can be used to recreate desired permissions upon extraction. |
0x00001000 | If set, this Phar contains at least 1 file that is compressed with zlib compression |
0x00002000 | If set, this Phar contains at least 1 file that is compressed with bzip compression |
Phars containing a signature always have the signature
Table 6. Signature format
Length in bytes | Description |
---|---|
16 or 20 bytes | The actual signature, 20 bytes for an SHA1 signature, 16 bytes for an MD5 signature. |
4 bytes | Signature flags. 0x0001 is used to define an MD5 signature, and 0x0002 is used to define an SHA1 signature. |
4 bytes | Magic "GBMB" used to define the presence of a signature. |