TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Absolute Beginners » Is this a propert URL regex?
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 04-16-2008, 05:26 AM   #1 (permalink)
The Frequenter
 
Join Date: Dec 2007
Location: In my basement
Posts: 386
Thanks: 47
Aaron is on a distinguished road
Default Is this a propert URL regex?
Okay, so I needed to make sure that I couldn't get XSSed through a get variable... needless to day I didn't remember what to do and I resorted to using regex to check it.

this is the code:
PHP Code:
if (preg_match($_GET["report"],'^http://*.com(/)?$') )
  mew(); 
__________________
Signatures are nothing but incriminating.
Last edited by Aaron : 04-16-2008 at 05:47 AM.
Send a message via MSN to Aaron
Aaron is offline   		Reply With Quote
Old 04-16-2008, 12:43 PM   #2 (permalink)
Moderateur
RegEx Guru PHP Guru Top Contributor Advanced Programmer 
 
Salathe's Avatar
 
Join Date: Apr 2007
Posts: 1,393
Thanks: 5
Salathe is on a distinguished road
Default
Firstly, the arguments for preg_match should be the other way around if you want this to be of any use at all. The regular expression pattern is the first argument, followed by the subject string.

Secondly, the pattern itself won't behave as I think you want it to. Take a thorough read through the PHP Manual for details of how the pattern should be constructed. Points of note are that the * is a zero or more quantifier applied to the second forward slash (/) character; the dot (.) matches any character except newline (by default); the parentheses wrap a capturing subpattern (which in this case isn't necessary).

Hopefully that's a start.
Salathe is offline   		Reply With Quote
Old 04-16-2008, 05:18 PM   #3 (permalink)
The Frequenter
 
Join Date: Dec 2007
Location: In my basement
Posts: 386
Thanks: 47
Aaron is on a distinguished road
Default
PHP Code:
if (preg_match('^https?://.+\.com/?$',$_GET["report"]) )
  mew(); 
How about that?
__________________
Signatures are nothing but incriminating.
Send a message via MSN to Aaron
Aaron is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 09:22 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design