Jump to content

Banning symbols.


spookztar

Recommended Posts

Hi guys,

 

I trying to create at piece of regex to validate filenames of users' multimedia files. What symbols do I need to ban to be on the safe side? So far, I have:

 

preg_match('/^.{1,80}(\.[[:alpha:]]{1,5})$/', $filename)

 

I need to somehow implement banning of spaces and slashes, but how, and what else? I assume it's at least something like this...

 

[^[:blank:]|/]

 

Bye,

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/
Share on other sites

In that case I would use Unicode properties, unless you're going to be exclusive rather than inclusive (which is probably the case).

 

What symbols do I need to ban to be on the safe side?

 

I would assume whichever characters your operating system deems as improper: Filenames.

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/#findComment-371523
Share on other sites

Actually, anything is valid except a /, but using certain characters may make working in the shell a cumbersome task.

 

According to "The Complete Unix Reference" (1999), the following should be avoided:

 

! # & ( ) ' " ; | < > @ $ ^ { } * ? \ (space) (tab) (backspace)

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/#findComment-372472
Share on other sites

Not quite. PREG does not support the [[:...:]] syntax. Also, when you're within a character class, OR is implied.

 

<pre>
<?php
$chars = array(
	'!', '#', '&', '(', ')', "'", '"', ';', '|',
	'<', '>', '@', '$', '^', '{', '}', '*', '?',
	'\\', ' ', "\t", pack('C', 0x08)
);
foreach ($chars as $char) {
	echo "$char => ", preg_match('~[\s\b/!#&()\'";|<>@$^{}*?\\\]~', $char) ? 'Bad' : 'OK' ;
	echo '<br>';
}
?>
</pre>

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/#findComment-372701
Share on other sites

Why not just do it backwards? Search for everything except what's allowed.

 

IE:

$pattern = "/[^a-zA-Z0-9]*/"

 

If that pattern matches any part of it, it contains unacceptable characters :-D (matches everything except a-zA-Z0-9)

 

If that makes sense? This way, you don't have to worry about unicode settings as if you're just allowing alphanumeric characters only (which I prefer, you could also allow the underscore I believe)

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/#findComment-372929
Share on other sites

I think doing a check with an IF such as this;

if (!preg_match('/[A-Za-z0-9-_]{1,80}(\.[A-Za-z]{1,5})/', $filename)) Die('your filename contains forbidden characters');

- Just might have to do then...

 

I'm also considering banning certain extensions by using substr(). Apart from .js and .jse, what other extensions would be wise to ban on a Linux server?

 

 

Link to comment
https://forums.phpfreaks.com/topic/73544-banning-symbols/#findComment-373484
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.