...

View Full Version : Regular Expression for file extension



blaze4218
09-27-2011, 05:51 PM
The mounds of RegExp data will take me days to sift through can someone help me create a regular expression to find a file extension? (all characters after a period) I have already gotten this far: .+\. to find everything before and including the period; and I was hoping to integrate the caret to say everything but .+\. But I just can't get it to work...

Note:
I will be writing a file to the server with JScript ASP. The file name will be passed to the script that writes the file, and I want to make sure that in addition to removing any possible code from the line being written, that I also prevent an executable file from being created. I will be searching for certain extensions and returning if anything else is found.

xelawho
09-27-2011, 06:31 PM
the dodgy method if you know that the extension is only going to have 3 letters? I got your back...



str="pic.jpg";
ext=str.slice(str.length-3);
alert (ext);


anything fancier I am obviously not the person to ask... :D

ironboy
09-27-2011, 06:33 PM
Does this help you?

<!DOCTYPE HTML>
<html>
<head>
<script>
var fileExtValidate = function(txt){
var allowedExtensions = '|png|gif|';
var fileNames = txt.match(/\S{1,}\.(\w{1,})/gi);
var info = [];
for(var i = 0; i < fileNames.length; i++){
info.push({
filename: fileNames[i],
extension: fileNames[i].substring(fileNames[i].lastIndexOf('.')+1).toLowerCase()
});
info[i].allowed = allowedExtensions.indexOf('|' + info[i].extension + '|') >= 0;
};
return info;
};

var testValidate = function(txt){
document.body.innerHTML += 'Validation result:<br/>'
+JSON.stringify(fileExtValidate(txt),'','\t')
.split('\n').join('<br/>').split('\t').join('&nbsp;&nbsp;');
};

</script>
</head>
<body>
<form onsubmit="testValidate(this.elements[0].value);return false">
<textarea style="width:400px;height:200px">
I would like you to run sneaky.png.EXE. It's perfectly safe a no more dangerous than clicking on frog.png that I've hidden under transp.gif
</textarea>
<br/>
<input type="submit" value="submit">
</form>
</body>
</html>

blaze4218
09-27-2011, 06:44 PM
@xelawho I'm afraid not, a sneaky hacker could still inject an exe with "filename.exe.js" it really should be a regExp I believe...
@ironboy still working on what yours means I don't know JSON or JQuery, only JScript :( ...

But I think I've come up with a solution based on the two responses... it's a little dirty, but it will do for now:


myFile = inputFromForm;
myTest = myFile.replace(/,+\./g,'');
if(myTest=='js'||myTest=='txt'){
// Do your thing
}
else return;

Thanx for the help all!

ironboy
09-27-2011, 06:52 PM
Doesn't use Jquery and JSON.stringify is there just to show you the result on the browser page.

Paste the code into a html-file and open in a browser and you will see what it does. :)

blaze4218
09-27-2011, 06:55 PM
well since I don't have/use jquery, it just gives me an error :(

ironboy
09-27-2011, 06:57 PM
Sorry, there was a script include of jquery there... (Leftover by mistake).
Gone now.

ironboy
09-27-2011, 06:59 PM
When given the text:
"I would like you to run sneaky.png.EXE. It's perfectly safe a no more dangerous than clicking on frog.png that I've hidden under transp.gif"

The validator will return
[
{
"filename": "sneaky.png.EXE",
"extension": "exe",
"allowed": false
},
{
"filename": "frog.png",
"extension": "png",
"allowed": true
},
{
"filename": "transp.gif",
"extension": "gif",
"allowed": true
}
]

blaze4218
09-27-2011, 06:59 PM
Webpage error details

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Timestamp: Tue, 27 Sep 2011 17:01:11 UTC


Message: 'JSON' is undefined
Line: 19
Char: 3
Code: 0
URI: file:///U:/test.html

ironboy
09-27-2011, 07:05 PM
:) You are using IE7. Or rather a IE8 or IE9 in IE7 mode since you are on Windows7... (Could it be because I was sloppy and just gave you an <html> start tag... Might get IE to go into some "quirks mode"?)
IE7 was last webbrowser ever made that doesn't include the JSON object natively.
Doesn't matter though.The JSON object is only used to show the result of the validator on screen in a human readable manner...
Should you ever need the JSON object in IE7 then include this script:
https://github.com/douglascrockford/JSON-js/blob/master/json2.js

The main function fileExtValidate will work without the JSON object (and in serverside code as well): What it does:
It will give you an array as a return, with an item for each filename/extension found, each item as an object with the properties filename (string), extension (string) and allowed (boolean)

xelawho
09-27-2011, 07:08 PM
one more dodgy shot...



str="filename.exe.js"
num=str.indexOf(".")
ext=str.slice(num+1)
alert (ext)

blaze4218
09-27-2011, 07:08 PM
I'm using IE9, I don't know why it returned IE7 :confused:

blaze4218
09-27-2011, 07:11 PM
@xelawho closer... and frankly about as good as my solution(if not identical). kudos!

ironboy
09-27-2011, 07:12 PM
Well I suppose it will go into "quirks mode" (IE7-like because of missing a doctype - I've amended a doctype to my code...)

blaze4218
09-27-2011, 07:14 PM
nevermind all that jazz, I just ran it in chrome :D

blaze4218
09-27-2011, 07:18 PM
@ironboy thanx for the tidbit, but I think I'll stick with my regExp being that it's crossbrowser compatible, and ECMAScript compliant (so i can run it on the client and server for 2x the error check)

ironboy
09-27-2011, 07:20 PM
Do as you like :)
What I wanted to show you was actually just this function:

var fileExtValidate = function(txt){
var allowedExtensions = '|png|gif|';
var fileNames = txt.match(/\S{1,}\.(\w{1,})/gi);
var info = [];
for(var i = 0; i < fileNames.length; i++){
info.push({
filename: fileNames[i],
extension: fileNames[i].substring(fileNames[i].lastIndexOf('.')+1).toLowerCase()
});
info[i].allowed = allowedExtensions.indexOf('|' + info[i].extension + '|') >= 0;
};
return info
}

which is perfectly ECMA262-compliant and can be run on a server...

blaze4218
09-27-2011, 07:22 PM
ohhhh, well that I can dig :)

(Why didn't you just say so? :p )

ironboy
09-27-2011, 07:25 PM
I was trying to... but my communication skills must be seriously hampered :p



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum