CGI Scripts preg_match

Mr.Shawn · March 30, 2008

Hello guys, I'm trying to do a checking of the filename provided such that it is not a CGI scripts. How do I check it with preg_match? Currently I do have the following for checking php but I wonder how can I check for other extensions such as .js, .html, etc.

if (preg_match('/php/i', substr($file, -3))) {
die("PHP file not downloadable");
exit;
}

dsaba · March 31, 2008

preg_match('~\.cgi$~im', $string);

Really I would check the mime type or file type with some other php function, or check the headers of the file itself by reading it, people can still change their extensions to whatever they want, but the content (headers) of the file never lies.

Mr.Shawn · April 1, 2008

preg_match('~\.cgi$~im', $string);

Hi dsaba, the regex doesn't works tho. It still allows php file to be downloaded.

dsaba · April 1, 2008

I hope you realize I don't know what you mean when you say "doesn't work".

Mr.Shawn · April 2, 2008

It means that the code you provided is not working and it does not validate CGI scripts?

lordfrikk · April 2, 2008

What about:

<?php
$p = pathinfo($file);
if ($p['extension'] == 'cgi'):
die("PHP file not downloadable");
exit;
endif;
?>

Mr.Shawn · April 2, 2008

Looks like that's the only way. Thanks lordfrikk.

Sign In

CGI Scripts preg_match

Recommended Posts

Mr.Shawn

Link to comment

Share on other sites

dsaba

Link to comment

Share on other sites

Mr.Shawn

Link to comment

Share on other sites

dsaba

Link to comment

Share on other sites

Mr.Shawn

Link to comment

Share on other sites

lordfrikk

Link to comment

Share on other sites

Mr.Shawn

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information