REGEX Posix question

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
remyx187
Forum Newbie
Posts: 8
Joined: Tue Apr 29, 2008 11:49 am

REGEX Posix question

Post by remyx187 »

Hi,

I am trying to code in a validator for an upload and i need to check for a text file extension (since word 2007 docs are read as in apps i will use the name of the file itself). I want specified text files to go through while throwing everything else out

This is my code so far:

Code: Select all

 
if(eregi("(^.*)([(\.doc\)(\.docx\)(\.txt\)(\.rtf\)])$", $_FILES['application_essay']['name']) == FALSE)
$notype = 'wrong_type';
 
I checked over many extensions and it seems to catch files effeciently except, what I caught, a .pdf extension that got through.

Can anybody advise me on how to properly secure that expression or make it more effecient.

thanks in advance.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: REGEX Posix question

Post by Mordred »

Don't try, it's impossible.
viewtopic.php?f=1&t=82057
Post Reply