GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Prevent and Profit from VIDEO hotlinking.

Brujah · 02-28-2006, 05:28 PM

Smokey, just some info to pass along, in case you're interested.

You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already.

www.php.net/preg_match

Code:

So then: page.php?test=filename.mpg would pass
but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail.

Code:

if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) {
        print '<span style="color:red">Test Failed. Not Allowing.</span>';
} else {            
        print '<span style="color:blue">Passed</span>: '.$m[0];            
}

02-28-2006, 05:28 PM
Brujah Beer Money Baron Industry Role: Join Date: Jan 2001 Location: brujah / gmail Posts: 22,157	Smokey, just some info to pass along, in case you're interested. You can look into preg_match to clean variables or test them also. Will come in especially handy if you learn regex's or know a little about them already. www.php.net/preg_match Code: So then: page.php?test=filename.mpg would pass but page.php?test=`cat /etc/passwd`;etc..whatever-movie.mpg would fail. Code: if( !preg_match('/^([A-Z0-9\ \-]+)\.mpg$/i',$_GET['test'],$m) ) { print '<span style="color:red">Test Failed. Not Allowing.</span>'; } else { print '<span style="color:blue">Passed</span>: '.$m[0]; } __________________ Free Premium Domain Lists and Tools at Clickmojo.com For Sale: Obscenity.com