CGI Scripts preg_match

[Mr.Shawn]

Hello guys, I'm trying to do a checking of the filename provided such that it is not a CGI scripts. How do I check it with preg_match? Currently I do have the following for checking php but I wonder how can I check for other extensions such as .js, .html, etc.

 

if (preg_match('/php/i', substr($file, -3))) {
die("PHP file not downloadable");
exit;
}

[dsaba]

preg_match('~\.cgi$~im', $string);

 

 

Really I would check the mime type or file type with some other php function, or check the headers of the file itself by reading it, people can still change their extensions to whatever they want, but the content (headers) of the file never lies.

[Mr.Shawn]

preg_match('~\.cgi$~im', $string);

 

Hi dsaba, the regex doesn't works tho. It still allows php file to be downloaded.

[dsaba]

I hope you realize I don't know what you mean when you say "doesn't work".

[Mr.Shawn]

It means that the code you provided is not working and it does not validate CGI scripts?

[lordfrikk]

What about:

 

<?php
$p = pathinfo($file);
if ($p['extension'] == 'cgi'):
die("PHP file not downloadable");
exit;
endif;
?>

[Mr.Shawn]

Looks like that's the only way. Thanks lordfrikk.