I''ve got a regex validation on one of the inputs to my application, a file path. Now these only ever come from trusted users (administrators), but it would still be good to catch the most obvious attempts at directory traversal, etc. I''ve already got a regex that only allows \w then -, . and /. However, I want to stop two dots in a row, so I was wondering how to make the validation fail if it is matched, rather than pass. Is it possible to do this, or should I be worrying about some other regex kung foo? -- Posted via http://www.ruby-forum.com/.
On 4/12/06, David <null@example.com> wrote:> I''ve got a regex validation on one of the inputs to my application, a > file path. Now these only ever come from trusted users > (administrators), but it would still be good to catch the most obvious > attempts at directory traversal, etc. > > I''ve already got a regex that only allows \w then -, . and /. However, > I want to stop two dots in a row, so I was wondering how to make the > validation fail if it is matched, rather than pass. > > Is it possible to do this, or should I be worrying about some other > regex kung foo? >You can use a negative lookahead: (Untested, you''ll want to check the syntax.) ([\w\-\/]|(?!\.)\.)+ Which, unless I haven''t gotten enough sleep, should say "a word character, a hyphen, a forward slash, or a period that isn''t followed by another period, one or more times"
Wilson Bilkovich wrote:> On 4/12/06, David <null@example.com> wrote: >> regex kung foo? > You can use a negative lookahead: (Untested, you''ll want to check the > syntax.) > ([\w\-\/]|(?!\.)\.)+Thanks Wilson! It seems that the following works well: /^([\w\-\/ ]|\.(?!\.))+$/ I had completely forgotten about look-arounds. David -- Posted via http://www.ruby-forum.com/.