On 28-Jan-2004 Joey Manley wrote:
> Here's another question, possibly easier. Possibly even bone-headed.
>
> What kind of checking/filtering/changing do I need to do on a
> user-submitted
> string before I can feel comfortable using it to name a new directory
> in the
> web root on Linux/Apache? Anybody have a quick Regular Expression
> they can
> toss at me? If so, I'd be muchly appreciative. Or is this just a
> Terrible
> Idea That Should Never Be Contemplated?
>
1. Please don't hijack threads.
2. Make everything dodgy into a directory delimiter and get the last bit
of the path (untested code ahead) :
// cleanup
$unsafe=preg_replace('[^\w]', '/', $unsafe);
// get trailing dirname (explode and pop would work also)
$dir = substr(strrchr($unsafe, "/"), 1);
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
