Page 1 of 1

preg_replace() not dealing well with "http://"

Posted: Mon Jun 26, 2006 5:37 am
by pedrotuga

Code: Select all

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
the goal was to take away the "http://" from the referer... not working....

any sugestions?

Posted: Mon Jun 26, 2006 5:47 am
by JayBird
Might help to show the code you currently have

Posted: Mon Jun 26, 2006 6:12 am
by pedrotuga
ops... forgot it...

Code: Select all

$referer = strip_tags($_SERVER["HTTP_REFERER"]);
			
$aux = preg_replace("http://","",$referer);

Posted: Mon Jun 26, 2006 6:14 am
by Weirdan
preg_replace requires a delimiter around the pattern, like this:

Code: Select all

$aux = preg_replace("#http://#","",$referer);

Posted: Mon Jun 26, 2006 6:17 am
by pedrotuga
thx weirdan, that was fast

Posted: Mon Jun 26, 2006 7:30 am
by Verminox
In response to the code that you posted above, why do you use strip_tags() on $_SERVER['HTTP_REFERER'] ? I find it highlty unlikely that the referer will contain HTML tags :?

Posted: Mon Jun 26, 2006 7:41 am
by Weirdan
HTTP_REFERER is user-supplied data, thus it needs filtering. strip_tags could be enough, depending on the further usage of $aux variable.

Posted: Mon Jun 26, 2006 1:14 pm
by pedrotuga
yes... is due to security reasons...
one could set up an evil server and send some malicious html through the headers... just in case.