[TYPO3-core] RFC: allow .. in names -> check for ../ (#3364)
Martin Kutschker
Martin.Kutschker at blackbox.net
Wed May 3 16:13:28 CEST 2006
Karsten Dambekalns <karsten at typo3.org> writes on
Wed, 03 May 2006 16:07:03 +0200 (METDST):
> Hi.
>
> On Saturday 29 April 2006 20:22, Martin Kutschker wrote:
>
> > I mean the check currently denies any .. within the path.
> >
> > So "foo..bar" is invalid without any real reason. What should be
> > forbidden is "../foo/bar" or "fo/../bar":
> >
> > preg_match('|(?:^\.\.|/\.\./|',$path)
>
> Fine with me if that check is used. But just to educate me: what is
> the ?: needed for?
If you use a bracket you capture a reference (for $1 etc). If you don't need or want it you can disable this with the option "?". Perl docs said it's faster to capture only when needed.
Masi
More information about the TYPO3-team-core
mailing list