Re: Uploading files with an apostrophe in the filename — All PHP

You are here: Re: Uploading files with an apostrophe in the filename « All PHP « IT news, forums, messages

Posted by shimmyshack on 05/14/07 18:13

On May 14, 7:09 pm, Good Man <h...@letsgo.com> wrote:
> "Beauregard T. Shagnasty" <a.nony.m...@example.invalid> wrote innews:0KM1i.15246$yM2.5488@bgtnsc04-news.ops.worldnet.att.net:
>
> > Though it would likely be much easier if you were to strip out all
> > characters except alpha, numeric, and the underscore prior to storage
> > (file and database entry). Perhaps replace spaces with underscores.
>
> I agree. Here's what I use to "clean" the filenames of all uploaded
> files:
>
> function cleanFile ($filename) { //clean up the file name
>
> $filename = str_replace(" ","_",$filename);
> $filename = str_replace("\\","",$filename);
> $filename = str_replace("/","",$filename);
> $filename = str_replace("|","_",$filename);
> $filename = str_replace("'","",$filename);
> $filename = str_replace("\"","",$filename);
> $filename = str_replace("","",$filename);
> $filename = str_replace("`","",$filename);
> $filename = str_replace("*","",$filename);
> $filename = str_replace("$","",$filename);
> $filename = str_replace("%","percent",$filename);
> $filename = str_replace("^","",$filename);
> $filename = str_replace("!","",$filename);
> $filename = str_replace("@","",$filename);
> $filename = str_replace("?","",$filename);
> $filename = str_replace(":","",$filename);
> $filename = str_replace(";","",$filename);
> $filename = str_replace(",","",$filename);
> $filename = str_replace("<","",$filename);
> $filename = str_replace(">","",$filename);
>
> $filename = strtolower($filename);
> return $filename;
>
> }

the trouble with this kind of blacklist banning is that it allows
encoding and otherforms of clever attack.
better to use a whitelist.

Navigation:

Next in forum: Re: phpbb
Prev in forum: Re: Uploading files with an apostrophe in the filename
Thread view: Re: Uploading files with an apostrophe in the filename

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация