Martin Dimitrov - 2011-10-21 22:23:20
Hi guys,
There is another way to prevent a gif injection. That's the regex expression check. I'll give you short example of that and the thing you have to pay attention!
example:
<?php
// example one - with the symbols ^ and $ in the pattern, IMPORTANT!
$string = "someImage.gif.php";
if(preg_match("/^[\w\d]+\.(gif|jpg|JPG)$/",$string))
{
// will return FALSE
}
// example two - same pattern WITHOUT the symbols ^ and $
$string = "someImage.gif.php";
if(preg_match("/[\w\d]+\.(gif|jpg|JPG)/",$string))
{
// will return TRUE and that's bad...
}
?>
Did you see the difference in the patterns? If you decide to use this approach you have to pay attention for the ^ and $ symbols that meaning "from the beginning to the end of the string", and that checks if the string (file name) contains exactly these characters and symbols NOT else, otherwise return FALSE.
I hope was helpful.
p.s. I'm new in the site and I really like it!
