Re: is_prefix() - checking wheather $A is prefix for $B

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2007. 12. 29, szombat keltezéssel 13.39-kor AmirBehzad Eslami ezt írta:
> I want to write a function to check
> whether string $A is a prefix for string $B or not.

if (strpos($B, $A) === 0) {
  echo '$B begins with $A';
} else {
  echo '$B does not begin with $A';
}

greets
Zoltán Németh

> 
> I writing this function in order to prevent directory traversal
> during a download request. (e.g., download.php?file=..\index.php)
> 
> I want to make sure that the realpath() of the requested file is
> within the realpath() of the download-directory. Trying to make
> sure that the the $download_dir is a prefix for $filepath.
> 
> @see: http://en.wikipedia.org/wiki/Directory_traversal
> **
> *TWO FUNCTIONS:*
> 
> function is_prefix1($prefix, $str) {
>     return (0 == strncasecmp($prefix, $str, strlen($prefix)));
> }
> 
> function is_prefix2($prefix, $str) {
>     return (0 === stripos($str, $prefix));
> }
> *USAGE:*
> if (is_prefix1('a', 'abcdef'))
>  echo 'prefix1 returned True!', '<br />';
> 
> if (is_prefix2('a', 'abcdef'))
>  echo 'prefix2 returned True!', '<br />';
> 
> ------------------------
> Do these functions do the same job?
> Which one provides better performance?
> 
> -behzad

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux