> -----Original Message-----
> From: Frank Stanovcak [mailto:blindspot...@comcast.net]
> Sent: Wednesday, January 28, 2009 11:08 AM
> To: php-general@lists.php.net
> Subject: [PHP] validating directory and file name with preg_match
>
> I'm limiting access to certain proceedures based on the file trying to
> use
> them, and the directory they are located in on my server. Right now I
> am
> using two preg_match statments as you will see. What I want to know
is
> this. Is there a way to write a single regex for this that will
supply
> the
> file name as a match, and only return if the directory is valid?
>
> ------------
> //make sure we are calling from the propper directory, and get the
file
> name
> that included to determine
> //database access needs
>
preg_match('#^C:\\\\Inetpub\\\\wwwroot\\\\folder\\\\(entry|edit)\\\\(\w
> *\\.(php|pdf))#i',
> $included_files[0], $check1);
>
preg_match('#^C:\\\\Inetpub\\\\wwwroot\\\\folder\\\\(\w*\\.(php|pdf))#i
> ',
> $included_files[0], $check2);
> if(isset($check1)){
> if(is_array($check1)){
> $matches[4] = $check1[2];
> };
> unset($check1);
> };
> if(isset($check2)){
> if(is_array($check2)){
> $matches[4] = $check2[1];
> };
> unset($check2);
> };
> if(isset($matches[4]){
> more code here
> };
I don't see why you're double-escaping the backslashes like that. If you
want a period, \. will do it for you. \\. Will match a backslash and
then any character (or delimiter).
As for failing if the directory isn't valid, read up on regex
look-arounds [1]. You could do a look-ahead to ensure that the directory
matches before continuing with the file portion of the pattern.
But, seriously... why are you double-escaping? Why not just C:\\Inetpub
instead of C:\\\\Inetpub? I would think that C:\\\\Inetpub would turn
into C:\\Inetpub, which is not a valid FAT/NTFS/etc. locator.
Try this:
/^c:\\inetpub\\wwwroot\\folder\\(?=entry|edit)\\(\w+\.(?:php|pdf))$/i
The (?=entry|edit) group is the look-ahead. If folder\\ isn't followed
by entry or edit, the look-ahead fails. The (?:php|pdf) group uses the
?: syntax to tell the regex engine not to save this capture group. You
could just as easily remove the ?: and ignore the extra capture in your
code (as you have done).
1. http://www.regular-expressions.info/lookaround.html
HTH,
// Todd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
