On Thu, May 23, 2002 at 11:23:42AM -0400, Analysis & Solutions wrote:
> On Thu, May 23, 2002 at 11:22:28PM +1000, daniel wrote:
> > dir=../../../../ it will show you the root dir of the server , how can i
> Before passing the $Dir variable to the file functions, clean it up...
>    $Dir = preg_replace('/..\//', '', $Dir);

The initial poster just wrote me off list with a follow up question.  
Here's my reply....


> $dir = preg_replace('/..\//', '', $dir);

Hmm.  I must have been tired when I wrote that.  "." matches 
any character.  Thus "..\/" will match any two characters before a "/".  
I should have escaped the periods.  That should have been

   $dir = preg_replace('/\.\.\//', '', $dir);


Now, you are also attempting to strip ".." via a whole separate regex.  

> $dir = preg_replace('..', '', $dir);

First, that expression isn't encapsulated in the "/" delimiters, thus
it's an invalid preg expression.  Second, as in my first regex, you
didn't escape the "."  Third, you can do it in the initial expression.

   $dir = preg_replace('/\.\.\/?/', '', $dir);

That translates to find any string that has two periods and maybe one
forward slash.



               PHP classes that make web design easier
        SQL Solution  |   Layout Solution   |  Form Solution
    sqlsolution.info  | layoutsolution.info |  formsolution.info
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7 Av #4AJ, Brooklyn NY     v: 718-854-0335     f: 718-854-0409

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to