1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Strip or preg_replace .zip, .exe, .rar, .rpm, .xz, etc. etc.

Discussion in 'PHP' started by qwikad.com, Jun 10, 2016.

  1. #1
    I'd like to have a strip function (or preg_replace) that strips all extensions that can be unzipped / installed. Searching the web didn't give me anything that would allow me to do that. Of course I can come up with something on my own, but I was wondering if a thing like that already exists.


     
    qwikad.com, Jun 10, 2016 IP
  2. Anveto

    Anveto Well-Known Member

    Messages:
    697
    Likes Received:
    40
    Best Answers:
    19
    Trophy Points:
    195
    #2
    There are so many extensions that can be extracted or installed that it seems kind of pointless to have a blacklist. You could simply strip any extension with 3 or 4 characters.

    preg_replace('/\\.[^.\\s]{3,4}$/','', $filename);
    PHP:
    Otherwise you might make an array of extensions you want to match and use rtrim.

    $filename = rtrim($filename, ".exe");
    PHP:
    But as I said, you are better off making a list of allowed extensions rather than trying to block every malicious extension. Whitelist is better than blacklist in this case.
     
    Anveto, Jun 10, 2016 IP
    qwikad.com likes this.
  3. sarahk

    sarahk iTamer Staff

    Messages:
    28,513
    Likes Received:
    4,461
    Best Answers:
    123
    Trophy Points:
    665
    #3
    Can you give us a context of how it's going to be used?
    • to reject file uploads?
    • to list folder contents?
    I've done a thing in the past like this

    function checkFileExtension($name){
    $blocked = array('zip','exe','rar','rpm'); // extend as necessary
    
    $test = strrev($name);
    $bits = explode('.',$test);
    $ext = strrev($bits[0]);
    
    return in_array($ext, $blocked);
    }
    Code (markup):
    but you could also just do

    function checkFileExtension($name){
    $blocked = array('zip','exe','rar','rpm'); // extend as necessary
    
    $bits = explode('.',$name);
    $ext = $bits[count($bits)-1];
    
    return in_array($ext, $blocked);
    }
    Code (markup):
    There will be a more elegant way but this is readable and easy to extend in the future.
     
    sarahk, Jun 10, 2016 IP
    qwikad.com likes this.
  4. qwikad.com

    qwikad.com Illustrious Member Affiliate Manager

    Messages:
    7,158
    Likes Received:
    1,664
    Best Answers:
    29
    Trophy Points:
    475
    #4
    I ended up using something similar to what @sarahk has suggested. Realistically speaking there are only so many extensions out there, so I just included the commonly used ones into the array.
     
    qwikad.com, Jun 12, 2016 IP