Regular Expression objects

Discussion in 'OT Technology' started by johnnywallywallace, Jan 8, 2004.

  1. in any language really ... but PHP particularly ...

    do RegEx objects, when executing a search against a pattern with a switch parameter, check the target string recursively, until it finds zero results? or does it simply search the string once and check the original string only for the requested pattern?
     
  2. Nocera

    Nocera ...

    Joined:
    Aug 9, 2000
    Messages:
    1,307
    Likes Received:
    0
    Location:
    Long Island, NY
    Try it and see... :dunno:

    Search with pattern "hello" and switch of "llohe" against the string "hellohello." Then check if there's a "hello" in the resulting string.
     
  3. I don't have PHP deployed at home or anywhere I can post a script to actually ... and PHP is what I'm concerned with. and, currently, no machine available to put PHP on.
     
  4. Nocera

    Nocera ...

    Joined:
    Aug 9, 2000
    Messages:
    1,307
    Likes Received:
    0
    Location:
    Long Island, NY
    Well, I guess it would only make sense if it did a one time pass... Suppose the pattern is "hello" and the switch is "hellohello".
     
  5. then ... how does one fully validate text? say someone's trying to sneak code past your validated input field, and they write a collapsing string like you demonstrated above. does one simply hit the string 500 times to make certain there's nothing slipping through?
     
  6. Nocera

    Nocera ...

    Joined:
    Aug 9, 2000
    Messages:
    1,307
    Likes Received:
    0
    Location:
    Long Island, NY
    I guess you're looking at it from a security standpoint... If you find any malicious pattern, why would you just replace it with something else??? Just deny the entire request. If that's not feasible, a second check might be sufficient (how likely would it be for the pattern to reappear???). Other than that, I don't think there is a way to fully safeguard. It's similar to the packet overlapping problem in TCP. There just isn't a simple solution available that isn't repetitive checking.
     
    Last edited: Jan 8, 2004
  7. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    PHP has a couple regular expression options available. Check out the docs on ereg_match() and preg_match(). I'd recommend preg_match() - it uses Perl regular expression syntax (although I don't believe it 100% Perl friendly, but the functionality is there). Also, preg_match() is faster than ereg_match(). In the case of the haystack containing "hellohello" and the needle being "hello", preg_match will always find the first match "hello". To find the second match, you'd need to loop and use preg_match() again (I believe). There is also a way to dump all the matches to an array so you use preg_match() just once.

    If you have some examples of what you're trying to catch, we can put together some tests and such. With PHP's string handling, its very possible the problem could be solved from a different angle.
     
  8. Nocera

    Nocera ...

    Joined:
    Aug 9, 2000
    Messages:
    1,307
    Likes Received:
    0
    Location:
    Long Island, NY
    That's not taking into account the switch he's trying to do. He wants to be able to catch the pattern match even if it only appears as a result of the switch.
     
  9. precisely.
     
  10. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    PHP's Perl regular expressions supports recursive regular expressions. Use with care they say. Check the regex syntax docs towards the bottom (if I remember correctly). If possible, I wouldn't mind seeing an example of what you're trying to do...
     

Share This Page