Re: [php-list] Regex for valid link

Wed, 07 Nov 2007 16:30:08 -0800 

----- Original Message ----- 
From: "Bob"

Hi,
I'd like to let a regular link through:
http://www.mysite.com/section/page2-name.php

What I was doing is denying characters etc
if (preg_match('/[?&%=;]/', $addr)) exit;

But, the recommended way is to allow characters you want through
[a-zA-Z0-9 / : _ .-] thus blocking the rest.

I know some may need escaping, and the dash is awkward,
but I just can't seem to get it correct.
Thanks, Bob.
--------------------------------
Hello Bob,
                You didn't mention what you want to do with this url. There 
are security issues that are diffferent on different platforms, different 
configurations and different versions of PHP. What platform and version of 
PHP are you running and is PHP running in a cgi shell or wrapper?

See the following for a quick review of what may be helpful.

http://php.net/manual/en/function.parse-url.php
http://php.net/manual/en/function.dirname.php
http://php.net/manual/en/function.basename.php
http://php.net/manual/en/function.pathinfo.php
http://php.net/manual/en/function.realpath.php

If you are just parsing the user submitted url to output as a link or src in 
HTML then there are no real issues except that it may not be valid and 
result in an error404. If your script is accessing a file on the server then 
you have huge security issues especially if your script is running with your 
user ownership rights. For example Apache will not server the file 
".htaccess" to a browser but will offer it to a PHP script running with your 
ownership permissions. Also consider this url 
http://yourdomasin.com//../../.htaccess

Thanks Rob. 



Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/php-list/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to