[nycphp-talk] Filtering input to be appended inside email
Daniel Convissor
danielc at analysisandsolutions.com
Thu Sep 15 08:42:34 EDT 2005
On Thu, Sep 15, 2005 at 12:04:16PM +0300, Mikko Rantalainen wrote:
> Daniel Convissor wrote:
> >
> > $value = preg_replace("/[\r\n]+/", "\r\n ", trim($value));
>
> Yeah, that can be done in one call, but let's include the 'g' so
> that we are safe even if the input includes multiple lines of text.
A few things.
"g" isn't an official pattern modifier (aka "Internal option letter")
(http://www.php.net/manual/en/reference.pcre.pattern.syntax.php).
Perhaps you mean for it to be greedy, but PHP's preg is greedy by default.
The "U" modifier makes things un-greedy.
The pattern I presented replaces any \r, \n or combination thereof in any
order and of any length. So, since those ARE the characters that define
line breaks, there's no need for the multi-line modifier, "m".
> $value = preg_replace("#\r*\n#g", "\r\n ", trim($value));
That pattern isn't 100% effective. For example, you won't catch a
plain \r on it's own. OH, I see below that's your intention...
> Note that this version still allows invalid input such as
> "word1\rword2".
While that may be allowed, I wouldn't trust that _at_ _all_. Most mail
programs are forgiving and might consider "word2" a header.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list