2007. 12. 29, szombat keltezéssel 13.39-kor AmirBehzad Eslami ezt írta:
> I want to write a function to check
> whether string $A is a prefix for string $B or not.
if (strpos($B, $A) === 0) {
echo '$B begins with $A';
} else {
echo '$B does not begin with $A';
}
greets
Zoltán Németh
>
> I writing this function in order to prevent directory traversal
> during a download request. (e.g., download.php?file=..\index.php)
>
> I want to make sure that the realpath() of the requested file is
> within the realpath() of the download-directory. Trying to make
> sure that the the $download_dir is a prefix for $filepath.
>
> @see: http://en.wikipedia.org/wiki/Directory_traversal
> **
> *TWO FUNCTIONS:*
>
> function is_prefix1($prefix, $str) {
> return (0 == strncasecmp($prefix, $str, strlen($prefix)));
> }
>
> function is_prefix2($prefix, $str) {
> return (0 === stripos($str, $prefix));
> }
> *USAGE:*
> if (is_prefix1('a', 'abcdef'))
> echo 'prefix1 returned True!', '<br />';
>
> if (is_prefix2('a', 'abcdef'))
> echo 'prefix2 returned True!', '<br />';
>
> ------------------------
> Do these functions do the same job?
> Which one provides better performance?
>
> -behzad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
