First regex

Any questions involving matching text strings to patterns - the pattern is called a "regular expression."

Moderator: General Moderators

Post Reply
duveit
Forum Newbie
Posts: 4
Joined: Wed Jul 02, 2008 1:14 pm

First regex

Post by duveit »

This is a complete newb question, I've studied the reference at http://www.regular-expressions.info/reference.html for a bit. As I want to make a check on user input on filetypes using the filename, so that no scripts etc, may not be uploaded.

Code: Select all

 
<?php
$fileName = "mein.jpg";
$regex = '[color=#FF0000](\.(jpg|png|gif))$[/color]';
 
if(!eregi($regex,$fileName)) echo "Not accepted: ".$fileName." - ".$regex ;
else echo "Accepted: ".$fileName." - ".$regex ;
?>
 
This seems to work when I test it, however I'd like to ask you pro's if there is some flaw to it, seeing how this bit is critical for safety.
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: First regex

Post by prometheuzz »

duveit wrote:This is a complete newb question, I've studied the reference at http://www.regular-expressions.info/reference.html for a bit. As I want to make a check on user input on filetypes using the filename, so that no scripts etc, may not be uploaded.

Code: Select all

 
<?php
$fileName = "mein.jpg";
$regex = '[color=#FF0000](\.(jpg|png|gif))$[/color]';
 
if(!eregi($regex,$fileName)) echo "Not accepted: ".$fileName." - ".$regex ;
else echo "Accepted: ".$fileName." - ".$regex ;
?>
 
If you are only interested in files whose names end with ".jpg", ".png" or ".gif" (case insensitive), then yes, that is correct.
duveit wrote:This seems to work when I test it, however I'd like to ask you pro's if there is some flaw to it, seeing how this bit is critical for safety.
Of course, one can rename an arbitrary file with one of those extensions "jpg", "png" or "gif". Just because a file ends with ".jpg", it doesn't mean it really is a JPG image.
duveit
Forum Newbie
Posts: 4
Joined: Wed Jul 02, 2008 1:14 pm

Re: First regex

Post by duveit »

prometheuzz wrote:Of course, one can rename a file that in neither of the type you accept by changing the file-name. Just because a file ends with ".jpg", it doesn't mean it really is a JPG image.
That's true enough, but having i.e. a php script named image.jpg , wouldnt be a issue as it wouldnt go through the php or any other script-interpretor. (I'd think). Although, checking file type with php::finfo_file() function for the mimetype, is something I should add I reckon.

Thanks for feedback!
User avatar
prometheuzz
Forum Regular
Posts: 779
Joined: Fri Apr 04, 2008 5:51 am

Re: First regex

Post by prometheuzz »

duveit wrote:...

Thanks for feedback!
You're welcome.
Post Reply