2

I've just come across this problem related to the upload class on Colin Verot's upload script.

/^([\.-\w]+)\/([\.-\w]+)(.*)$/i

I have escaped it as below but my knowledge of preg_match/preg_replace is a bit limited and just wanted to confirm the correct 'fix'.

/^([\.\-\w]+)\/([\.\-\w]+)(.*)$/i

Line numbers throwing issues are between 2899 and 3012

kero
  • 10,647
  • 5
  • 41
  • 51
Mike Wells
  • 414
  • 4
  • 14
  • What's your input and expected output? – Avinash Raj Sep 29 '14 at 15:42
  • The code is this: if (preg_match("/^([\.-\w]+)\/([\.-\w]+)(.*)$/i", $this->file_src_mime)) { $this->file_src_mime = preg_replace("/^([\.-\w]+)\/([\.-\w]+)(.*)$/i", '$1/$2', $this->file_src_mime); $this->log .= '- MIME validated as ' . $this->file_src_mime . '
    '; } else { $this->file_src_mime = null; } Looks like its checking for mime types?     – Mike Wells Sep 29 '14 at 15:50

1 Answers1

2

Your fix is correct. [\.-\w] is a character class and the hyphen attempts to do a range (i.e. [0-9] or [a-z]). \w is already shorthand for [a-zA-Z0-9_] so you can't say the range from . to \w. However, I would make the character classes look like this:

[\w.-]

The period does not need to be escaped because it does not have a special meaning inside character classes (outside it needs to be escaped because it means "any character"). The hyphen also does not need to be escaped as long as it is the first or last character of a character class (i.e. not a range).

Sam
  • 20,096
  • 2
  • 45
  • 71
  • 1
    I've just been through and replaced those preg's and all seems to be fine, thanks for your pointers Sam, greatly appreciated!! – Mike Wells Sep 29 '14 at 16:04