>Here's another question, possibly easier. Possibly even bone-headed.
>
>What kind of checking/filtering/changing do I need to do on a
>user-submitted string before I can feel comfortable using it to name a
>new directory in the web root on Linux/Apache? Anybody have a quick
>Regular Expression they can toss at me? If so, I'd be muchly
>appreciative. Or is this just a Terrible Idea That Should Never Be
>Contemplated?
A file or directory name in Unix can contain any character, except a
slash. On mac OS, you also can't use a colon because that was the old mac
way of delimiting directories. I imagine windows has a similar restriction
on the backslash. I think it has to be less than 256 characters as well,
but I may be remembering that incorrectly...
Permissively, you could try:
substr(preg_replace('/[\/\:\\]/', '_', $dirname), 0, 256)
Though you may also want to be strict, and remove all non-word
characters, i.e. letters, digits, slash and underscore:
substr(preg_replace('/\W/', '_', $dirname), 0, 256)
...that will eliminate special case checks for ".", "..", and ".*".
---------------------------------------------------------------------
michal migurski- contact info and pgp key:
sf/ca http://mike.teczno.com/contact.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
