I'd like to have a strip function (or preg_replace) that strips all extensions that can be unzipped / installed. Searching the web didn't give me anything that would allow me to do that. Of course I can come up with something on my own, but I was wondering if a thing like that already exists.
There are so many extensions that can be extracted or installed that it seems kind of pointless to have a blacklist. You could simply strip any extension with 3 or 4 characters. preg_replace('/\\.[^.\\s]{3,4}$/','', $filename); PHP: Otherwise you might make an array of extensions you want to match and use rtrim. $filename = rtrim($filename, ".exe"); PHP: But as I said, you are better off making a list of allowed extensions rather than trying to block every malicious extension. Whitelist is better than blacklist in this case.
Can you give us a context of how it's going to be used? to reject file uploads? to list folder contents? I've done a thing in the past like this function checkFileExtension($name){ $blocked = array('zip','exe','rar','rpm'); // extend as necessary $test = strrev($name); $bits = explode('.',$test); $ext = strrev($bits[0]); return in_array($ext, $blocked); } Code (markup): but you could also just do function checkFileExtension($name){ $blocked = array('zip','exe','rar','rpm'); // extend as necessary $bits = explode('.',$name); $ext = $bits[count($bits)-1]; return in_array($ext, $blocked); } Code (markup): There will be a more elegant way but this is readable and easy to extend in the future.
I ended up using something similar to what @sarahk has suggested. Realistically speaking there are only so many extensions out there, so I just included the commonly used ones into the array.