TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   Is this a propert URL regex? (http://www.talkphp.com/absolute-beginners/2640-propert-url-regex.html)

Aaron 04-16-2008 05:26 AM
Is this a propert URL regex?
 
Okay, so I needed to make sure that I couldn't get XSSed through a get variable... needless to day I didn't remember what to do and I resorted to using regex to check it.

this is the code:
PHP Code:
if (preg_match($_GET["report"],'^http://*.com(/)?$') )
  mew(); 

Salathe 04-16-2008 12:43 PM
Firstly, the arguments for preg_match should be the other way around if you want this to be of any use at all. The regular expression pattern is the first argument, followed by the subject string.

Secondly, the pattern itself won't behave as I think you want it to. Take a thorough read through the PHP Manual for details of how the pattern should be constructed. Points of note are that the * is a zero or more quantifier applied to the second forward slash (/) character; the dot (.) matches any character except newline (by default); the parentheses wrap a capturing subpattern (which in this case isn't necessary).

Hopefully that's a start. :-)

Aaron 04-16-2008 05:18 PM
PHP Code:
if (preg_match('^https?://.+\.com/?$',$_GET["report"]) )
  mew(); 
How about that?


All times are GMT. The time now is 12:13 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0