PHP: Converting non-unix compatible chars to underscores

kukyfrope

Senior member
Mar 21, 2005
344
0
0
I'm wanting to write protection into my file upload script that takes $_FILES['uploaded_file']['name'] and converts non-unix characters (anything not alphanumeric, period, dash, or underscore) and replace the invalid character with an underscore. What is the best way to go about doing this?
 

kukyfrope

Senior member
Mar 21, 2005
344
0
0
I ended up figuring it out a few min ago, below is the code I used. preg_replace with \W (non-word characters) would be just fine if I didn't need to keep the period for the file extension. So I exploded the string by period, so if more than 1 period exists in the string, we can get to the last one with count($array)-1 which will be our file extension. That is then checked against what images I want to allow. I'm using getimagesize($_FILES['image_upload']) elsewhere in the script to help filter out files disguised as images. Here is the code:

 

stndn

Golden Member
Mar 10, 2001
1,886
0
0
If you're certain that you only want to keep a-z, 0-9, and period, you can do the following:

$filename = preg_replace ("/[^0-9a-z\.]/i", "_", $filename);

Basically, it will replace all that is not (denoted by ^ at the beginning of [ ... ] block) number, letter, and period.
The 'i' modifier tells PHP to treat the string as case insensitive.

And I noticed that you also want to do a check for file extension. So, here's some code:

<?php
$filename = "abcde$#!#%+^**)23_.4.jpg";

print "<p>original filename is: {$filename}</p>";

$filename = preg_replace ("/[^_0-9a-z\.]/i", "_", $filename);

print "<p>final filename is: {$filename}</p>";

# Get the file extension:
if (strpos ($filename, '.') !== false)
{
# Get the string after the last 'period'.
$extension = preg_replace ("/^.*?\.([^\.]*)$/", "$1", $filename);
}
else
{
$extension = '';
}

$extension = trim ($extension);

print "<p>file extension is: '{$extension}'</p>";

?>