TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Absolute Beginners » Problems with arrays
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 04-09-2008, 05:41 PM   #1 (permalink)
The Visitor
 
Join Date: Apr 2008
Posts: 2
Thanks: 1
mikka23 is on a distinguished road
Default Problems with arrays
Well first off I'm an absolute PHP novice but have managed to combine numerous php snippets and free scripts/plugins to create my own sort of cms. Im having a problem with the dUnzip class. I have made my script so a user can fill out a form, upload a zip which is then extracted autmatically to the server.

For security reason I need to check the files in the archive zip before extracting. If there are php files, exe or other file extensions which are not safe the zip is not extracted. I was told by the creator of the dUnzip class to use:
PHP Code:
print_r($zip->getList()); 
This displays the array of each file in the zip. My problem is how do I manage to explode the array, select file_name then use ereg to find disallowed file extension? I'm not sure if thats the right thing to do anyways but I can't think how to do it regardless.

Output from above snippet is in the form:
Code:
Array
(
[ecofriendly/] => Array
(
[file_name] => ecofriendly/
[compression_method] => 0
[version_needed] => 10
[lastmod_datetime] => 1207025649
[crc-32] => 00000000
[compressed_size] => 0
[uncompressed_size] => 0
[extra_field] =>
[contents-startOffset] => 42
)

[ecofriendly/background.jpg] => Array
(
[file_name] => ecofriendly/background.jpg
[compression_method] => 8
[version_needed] => 20
[lastmod_datetime] => 1207024042
[crc-32] => b6ccb00f
[compressed_size] => 6454
[uncompressed_size] => 14542
[extra_field] =>
[contents-startOffset] => 98
)

[ecofriendly/banner.jpg] => Array
(
[file_name] => ecofriendly/banner.jpg
[compression_method] => 8
[version_needed] => 20
[lastmod_datetime] => 1207024042
[crc-32] => d552573d
[compressed_size] => 5310
[uncompressed_size] => 13408
[extra_field] =>
[contents-startOffset] => 6604
)
This is actually the last remaining problem until my cms is complete and I can launch my website so help is really, really appreciated.

Advertising spot can be arranged for someone who helps :) 125x125 above fold on PR6 decent traffic website.
mikka23 is offline   		Reply With Quote
Old 04-09-2008, 06:59 PM   #2 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
It looks like the file information is stored in an associative array (but that's not particularly important here). To get at the file names you can use the file_name key on each of the main array items.

For example:
PHP Code:
$bad_file_found  FALSE;
$blacklist       = array('php''exe');
$blacklist_regex '/\.(?:'
                 implode('|'array_map('preg_quote'$blacklist))
                 . ')$/iD';

foreach ($zip->getList() as $file)
{
    if (preg_match($blacklist_regex$file['file_name']))
    {
        $bad_file_found TRUE;
        break; // no need to continue foreach
    }
}

if ($bad_file_found)
{
    die('Hey, please do not include invalid file types in your ZIP.');
}

die('No invalid files found, woohoo!'); 
Salathe is offline   		Reply With Quote
The Following User Says Thank You to Salathe For This Useful Post:
mikka23 (04-09-2008)
Old 04-09-2008, 08:05 PM   #3 (permalink)
The Visitor
 
Join Date: Apr 2008
Posts: 2
Thanks: 1
mikka23 is on a distinguished road
Default
You are my new best friend All implemented and working dandy.
mikka23 is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 12:48 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design