Wow, there are some long and curly ways to use RegExp-s aren't there? I'm not very
good at them (and I hear that
they can be expensively inefficient) so I tend to look elsewhere.
Check out pathinfo -- Returns information about a file path
array pathinfo (string path)
pathinfo() returns an associative array containing information about path. The
following array elements are
returned: dirname, basename and extension.
- the basename result appears to give what you have requested: "with all entered
directory names but NOT
assigned their names to file name"
However you then go on to talk about "qwert.txt.ru => qwert.txt.ru".
I'm not sure what pathinfo() does in this situation with regard to its "extension"
result. Perhaps you will test
and advise!? Nor can I be sure that the previous contribution will address that part
of the problem. Does having
a filename containing multiple dots (placed in the appropriate directory) contravene
the specification?
=dn
----- Original Message -----
From: "Christian Reiniger" <[EMAIL PROTECTED]>
To: "Galkov Vladimir" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: 01 November 2001 11:50
Subject: Re: [PHP] regular expression
On Thursday 01 November 2001 10:39, Galkov Vladimir wrote:
> Need to remove all "../" "/.." from user inputing string to prevent
> him walking and creating files&directories where I don't whant see
> them/him...
>
> The string:
>
> $path =
> eregi_replace('([..]{2,})|([./]{2})|([../]{3,})|([/.]{2})|([/..]{3})',
> '', $path);
>
> works good with any combinations ( ../../..qwert.txt => qwert.txt)
> untill somth like "/../asd/../qwert.txt" will be entered ...
> (/../asd/../qwert.txt => asdqwert.txt).
> So the qwestion is how upgrade regular expression to remove all this
> correctly (with all entered directory names but NOT assigned their
> names to file name...
Here's what I use (take out the parts useful to you):
function FixSrcURI ($SrcURI)
{
// remove script name
$SrcURI = preg_replace ('#^/*{{$ Page.Source }}/*#', '', $SrcURI);
// remove potentially harmful parts
$SrcURI = preg_replace ('#/?\.\./?#', '/', $SrcURI);
$SrcURI = preg_replace ('#/\./#', '/', $SrcURI);
$SrcURI = preg_replace ('#/\.$#', '/', $SrcURI);
$SrcURI = preg_replace ('#/{2,}#', '/', $SrcURI);
$SrcURI = preg_replace ('#^/#', '', $SrcURI);
if (preg_match ('#(\A|/)\.#', $SrcURI) ||
preg_match ('#CVS#', $SrcURI))
{
pbHTTP_404 ();
}
if ($SrcURI == '') {
return array ($SrcURI, -1, 'src');
}
else {
$matches = array ();
if (preg_match ('#^[^/]+$#', $SrcURI))
{
return array ($SrcURI, '', $SrcURI);
}
elseif (preg_match ('#^(.*)/([^/]*)$#', $SrcURI, $matches))
{
return array ($SrcURI, $matches [1], $matches [2]);
}
else
{
pbHTTP_404 ();
return false;
}
}
}
--
Christian Reiniger
LGDC Webmaster (http://lgdc.sunsite.dk/)
/* you are not expected to understand this */
- from the UNIX V6 kernel source
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
