Code: Select all
<?php
$fileName = "mein.jpg";
$regex = '[color=#FF0000](\.(jpg|png|gif))$[/color]';
if(!eregi($regex,$fileName)) echo "Not accepted: ".$fileName." - ".$regex ;
else echo "Accepted: ".$fileName." - ".$regex ;
?>
Moderator: General Moderators
Code: Select all
<?php
$fileName = "mein.jpg";
$regex = '[color=#FF0000](\.(jpg|png|gif))$[/color]';
if(!eregi($regex,$fileName)) echo "Not accepted: ".$fileName." - ".$regex ;
else echo "Accepted: ".$fileName." - ".$regex ;
?>
If you are only interested in files whose names end with ".jpg", ".png" or ".gif" (case insensitive), then yes, that is correct.duveit wrote:This is a complete newb question, I've studied the reference at http://www.regular-expressions.info/reference.html for a bit. As I want to make a check on user input on filetypes using the filename, so that no scripts etc, may not be uploaded.
Code: Select all
<?php $fileName = "mein.jpg"; $regex = '[color=#FF0000](\.(jpg|png|gif))$[/color]'; if(!eregi($regex,$fileName)) echo "Not accepted: ".$fileName." - ".$regex ; else echo "Accepted: ".$fileName." - ".$regex ; ?>
Of course, one can rename an arbitrary file with one of those extensions "jpg", "png" or "gif". Just because a file ends with ".jpg", it doesn't mean it really is a JPG image.duveit wrote:This seems to work when I test it, however I'd like to ask you pro's if there is some flaw to it, seeing how this bit is critical for safety.
That's true enough, but having i.e. a php script named image.jpg , wouldnt be a issue as it wouldnt go through the php or any other script-interpretor. (I'd think). Although, checking file type with php::finfo_file() function for the mimetype, is something I should add I reckon.prometheuzz wrote:Of course, one can rename a file that in neither of the type you accept by changing the file-name. Just because a file ends with ".jpg", it doesn't mean it really is a JPG image.
You're welcome.duveit wrote:...
Thanks for feedback!