Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts

    Regular Expression for file extension

    The mounds of RegExp data will take me days to sift through can someone help me create a regular expression to find a file extension? (all characters after a period) I have already gotten this far: .+\. to find everything before and including the period; and I was hoping to integrate the caret to say everything but .+\. But I just can't get it to work...

    Note:
    I will be writing a file to the server with JScript ASP. The file name will be passed to the script that writes the file, and I want to make sure that in addition to removing any possible code from the line being written, that I also prevent an executable file from being created. I will be searching for certain extensions and returning if anything else is found.
    Last edited by blaze4218; 09-27-2011 at 04:56 PM. Reason: Note

  • #2
    Senior Coder xelawho's Avatar
    Join Date
    Nov 2010
    Posts
    2,899
    Thanks
    56
    Thanked 542 Times in 539 Posts
    the dodgy method if you know that the extension is only going to have 3 letters? I got your back...

    Code:
    str="pic.jpg";
    ext=str.slice(str.length-3);
    alert (ext);
    anything fancier I am obviously not the person to ask...

  • #3
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    Does this help you?
    Code:
    <!DOCTYPE HTML>
    <html>
    <head>
    <script>
    var fileExtValidate = function(txt){
      var allowedExtensions = '|png|gif|';
      var fileNames = txt.match(/\S{1,}\.(\w{1,})/gi);
      var info = [];
      for(var i = 0; i < fileNames.length; i++){
        info.push({
          filename: fileNames[i],
          extension: fileNames[i].substring(fileNames[i].lastIndexOf('.')+1).toLowerCase()
        });
        info[i].allowed = allowedExtensions.indexOf('|' + info[i].extension + '|') >= 0;
      };
      return info;
    };
    
    var testValidate = function(txt){
      document.body.innerHTML += 'Validation result:<br/>'
        +JSON.stringify(fileExtValidate(txt),'','\t')
        .split('\n').join('<br/>').split('\t').join('&nbsp;&nbsp;');
    };
    
    </script>
    </head>
    <body>
    <form onsubmit="testValidate(this.elements[0].value);return false">
    <textarea style="width:400px;height:200px">
    I  would like you to run sneaky.png.EXE. It's perfectly safe a no more dangerous than clicking on frog.png that I've hidden under transp.gif
    </textarea>
    <br/>
    <input type="submit" value="submit">
    </form>
    </body>
    </html>
    Last edited by ironboy; 09-27-2011 at 06:12 PM.

  • #4
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    @xelawho I'm afraid not, a sneaky hacker could still inject an exe with "filename.exe.js" it really should be a regExp I believe...
    @ironboy still working on what yours means I don't know JSON or JQuery, only JScript ...

    But I think I've come up with a solution based on the two responses... it's a little dirty, but it will do for now:
    Code:
    myFile = inputFromForm;
    myTest = myFile.replace(/,+\./g,'');
    if(myTest=='js'||myTest=='txt'){
     // Do your thing
     }
    else return;
    Thanx for the help all!

  • #5
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    Doesn't use Jquery and JSON.stringify is there just to show you the result on the browser page.

    Paste the code into a html-file and open in a browser and you will see what it does.

  • #6
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    well since I don't have/use jquery, it just gives me an error

  • #7
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    Sorry, there was a script include of jquery there... (Leftover by mistake).
    Gone now.

  • #8
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    When given the text:
    "I would like you to run sneaky.png.EXE. It's perfectly safe a no more dangerous than clicking on frog.png that I've hidden under transp.gif"

    The validator will return
    [
    {
    "filename": "sneaky.png.EXE",
    "extension": "exe",
    "allowed": false
    },
    {
    "filename": "frog.png",
    "extension": "png",
    "allowed": true
    },
    {
    "filename": "transp.gif",
    "extension": "gif",
    "allowed": true
    }
    ]

  • #9
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    Webpage error details

    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
    Timestamp: Tue, 27 Sep 2011 17:01:11 UTC


    Message: 'JSON' is undefined
    Line: 19
    Char: 3
    Code: 0
    URI: file:///U:/test.html

  • #10
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    You are using IE7. Or rather a IE8 or IE9 in IE7 mode since you are on Windows7... (Could it be because I was sloppy and just gave you an <html> start tag... Might get IE to go into some "quirks mode"?)
    IE7 was last webbrowser ever made that doesn't include the JSON object natively.
    Doesn't matter though.The JSON object is only used to show the result of the validator on screen in a human readable manner...
    Should you ever need the JSON object in IE7 then include this script:
    https://github.com/douglascrockford/...aster/json2.js

    The main function fileExtValidate will work without the JSON object (and in serverside code as well): What it does:
    It will give you an array as a return, with an item for each filename/extension found, each item as an object with the properties filename (string), extension (string) and allowed (boolean)
    Last edited by ironboy; 09-27-2011 at 06:09 PM.

  • #11
    Senior Coder xelawho's Avatar
    Join Date
    Nov 2010
    Posts
    2,899
    Thanks
    56
    Thanked 542 Times in 539 Posts
    one more dodgy shot...

    Code:
    str="filename.exe.js"
    num=str.indexOf(".")
    ext=str.slice(num+1)
    alert (ext)

  • #12
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    I'm using IE9, I don't know why it returned IE7

  • #13
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    @xelawho closer... and frankly about as good as my solution(if not identical). kudos!

  • #14
    Regular Coder
    Join Date
    Sep 2011
    Location
    Sweden
    Posts
    154
    Thanks
    1
    Thanked 22 Times in 22 Posts
    Well I suppose it will go into "quirks mode" (IE7-like because of missing a doctype - I've amended a doctype to my code...)

  • #15
    Regular Coder
    Join Date
    Apr 2005
    Location
    Texas
    Posts
    448
    Thanks
    24
    Thanked 63 Times in 63 Posts
    nevermind all that jazz, I just ran it in chrome


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •