On Thu, May 23, 2002 at 11:23:42AM -0400, Analysis & Solutions wrote:
> On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
> > dir=../../../../ it will show you the root dir of the server , how can i
>
> Before passing the $Dir variable to the file functions, clean it up...
>
> $Dir = preg_replace('/..\//', '', $Dir);
------------------------------------------------
The initial poster just wrote me off list with a follow up question.
Here's my reply....
Hi:
> $dir = preg_replace('/..\//', '', $dir);
Hmm. I must have been tired when I wrote that. "." matches
any character. Thus "..\/" will match any two characters before a "/".
I should have escaped the periods. That should have been
$dir = preg_replace('/\.\.\//', '', $dir);
Sorry.
Now, you are also attempting to strip ".." via a whole separate regex.
> $dir = preg_replace('..', '', $dir);
First, that expression isn't encapsulated in the "/" delimiters, thus
it's an invalid preg expression. Second, as in my first regex, you
didn't escape the "." Third, you can do it in the initial expression.
$dir = preg_replace('/\.\.\/?/', '', $dir);
That translates to find any string that has two periods and maybe one
forward slash.
Enjoy,
--Dan
--
PHP classes that make web design easier
SQL Solution | Layout Solution | Form Solution
sqlsolution.info | layoutsolution.info | formsolution.info
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
