You can do it with a single regexp if you want: "(^|[/\\])\s*\.+\s*($|[/\\])"
I am assuming that for the last one, you actually wanted "\.+$". If you really wanted "\.+", you can just drop the first three. I also added \s* to make sure there wasn't a dot and a space, because I didn't know how you treated it later. Pascal > -----Original Message----- > From: Rick Root [mailto:[EMAIL PROTECTED] > Sent: 08 December 2004 14:04 > To: CF-Talk > Subject: Re: CFFM almost finished > > Martin Parry wrote: > > Hey dude - modified the banner page for you.. > > Heh, thanks Martin! There was a bug in my regular expression code that > checked for such a security breach. > > Here is my new regex... > > <cfif > ReFind("^\.+[\\\/]",checkValue) gt 0 OR > ReFind("[\\\/]\.+$",checkValue) gt 0 OR > ReFind("[\\\/]\.+[\\\/]",checkValue) gt 0 OR > ReFind("\.+",checkValue) gt 0> > <cfreturn arguments.defaultValue> > <cfelse> > <cfreturn arguments.checkValue> > </cfif> > > It's intended to block the following: > > ../(something) > ./(something) > (something)/.. > (something)/. > (something)/../(something) > (something)/./(something) > . > .. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:186624 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
