>Here's another question, possibly easier. Possibly even bone-headed. > >What kind of checking/filtering/changing do I need to do on a >user-submitted string before I can feel comfortable using it to name a >new directory in the web root on Linux/Apache? Anybody have a quick >Regular Expression they can toss at me? If so, I'd be muchly >appreciative. Or is this just a Terrible Idea That Should Never Be >Contemplated?
A file or directory name in Unix can contain any character, except a slash. On mac OS, you also can't use a colon because that was the old mac way of delimiting directories. I imagine windows has a similar restriction on the backslash. I think it has to be less than 256 characters as well, but I may be remembering that incorrectly... Permissively, you could try: substr(preg_replace('/[\/\:\\]/', '_', $dirname), 0, 256) Though you may also want to be strict, and remove all non-word characters, i.e. letters, digits, slash and underscore: substr(preg_replace('/\W/', '_', $dirname), 0, 256) ...that will eliminate special case checks for ".", "..", and ".*". --------------------------------------------------------------------- michal migurski- contact info and pgp key: sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php