0

I've got a variable which contains a string which can contain html.

I'm trying to find a way to check the string if it contains a <img>-tag, and if so..validate that it has a valid file.exstension. (jpg | png | gif).

If an img tag is located and HAS a valid extension, then display it as usual, if it doesn't have a valid extension (for example just linking to another html page or whatever) do not parse it...

We have a few functions on our site which are linked towards pageviews of certain pages..and this can currently be exploited by just linking an img tag to this certain page.

3
Contributors
13
Replies
14
Views
6 Years
Discussion Span
Last Post by diafol
Featured Replies
  • 1
    diafol 3,720   6 Years Ago

    Strange, works fine for me: [CODE] $text = '<div class="heilbak"> <img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" /> </div> <div class="bunnlogo"> <a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8"> <img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" /> </a> </div>'; if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text)){ echo 'Img tag has an invalid extension!'; }else{ echo "ok"; }[/CODE] Wait on. Didn't expect more than one img tag in the html. … Read More

0

use preg_match()

The pattern I came up with is this:

/(<img (\s*\S*\s)*src\s*=\s*("|')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)("|')(\s*\S*\s*)*/*>)/

It should match an image tag that has src with one of the above extensions. It also takes into account that the surrounding quotes could be " or '
In addition other attributes could be included before and after the src attribute
The end of the tag can be /> or just >

I'm sure somebody out there can make a nicer one though. Or even use some other nifty function.

This could be simplified if there is a standard format to the html tag.

Edited by diafol: n/a

0

use preg_match()

The pattern I came up with is this:

/(<img (\s*\S*\s)*src\s*=\s*("|')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)("|')(\s*\S*\s*)*/*>)/

It should match an image tag that has src with one of the above extensions. It also takes into account that the surrounding quotes could be " or '
In addition other attributes could be included before and after the src attribute
The end of the tag can be /> or just >

I'm sure somebody out there can make a nicer one though. Or even use some other nifty function.

This could be simplified if there is a standard format to the html tag.

Hi :)

Thanks for the quick reply!

When I use the following function:

function cleanImgTags($text){
	if(preg_match('<img', $text)){ // let's first check if there's really any imagetags inside the string
		
		if(!preg_match('/(<img (\s*\S*\s)*src\s*=\s*(\"|\')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)(\"|\')(\s*\S*\s*)*/*>)/', $text))
		{
			$tekst= 'Img tag has an invalid extension!';
			
		}
		
	}
	return $tekst;
}

I keep getting the following error:

Warning: preg_match() [function.preg-match]: No ending matching delimiter '>' found

Any clue what's wrong? :)

Edited by Aksel: Typo

0
if(preg_match('/<img/', $text)

Easy as that..problem solved.

Thanks a million ! :)

0

Easy as that..problem solved.

Thanks a million ! :)

Hmm...this seems to be triggered also if a user has an 'alt' text or 'title' to the img tag :/

0

what do you mean triggered?

the code takes into account that alt or title attributes could be included before or after the src attribute. *I think*

I'll have a look.

Edited by diafol: n/a

0

Perhaps it's just me not sure about the expression hehe..I'm really new to using regexp..but when I use the following code:

if(!preg_match('/(<img (\s*\S*\s)*src\s*=\s*(\"|\')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)(\"|\')(\s*\S*\s*)*/*>)/', $string))
		{
			$string= 'Img tag has an invalid extension!';
 
		}

Isn't that suppose to display the 'Img tag has an invalid extension!' only when the img ..well got some bad extension not mentioned? :)

I tried applying it and the text echoed when an img with alt text was inserted :)

0
if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text))

OK tried loads of different stuff, but can't help thinking that this is a really inelegant regex. Yuk! But it works for me

Edited by diafol: n/a

0
if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text))

OK tried loads of different stuff, but can't help thinking that this is a really inelegant regex. Yuk! But it works for me

Damn....weird..still gets caught up in the check here it seems with an alt text applied to the img tag :(

One of my users has the following code and it gets caught in the filter apparantly:

<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>
1

Strange, works fine for me:

$text = '<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>';

if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text)){
    echo 'Img tag has an invalid extension!';
}else{
    echo "ok";	
}

Wait on. Didn't expect more than one img tag in the html.

For this, pehaps best to split "<img and first following ">" into an array and then apply the preg. In which case, you just search for the

/src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')/i inside each array item.

Edited by diafol: n/a

0

Strange, works fine for me:

$text = '<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>';

if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text)){
    echo 'Img tag has an invalid extension!';
}else{
    echo "ok";	
}

Wait on. Didn't expect more than one img tag in the html.

For this, pehaps best to split "<img and first following ">" into an array and then apply the preg. In which case, you just search for the

/src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')/i inside each array item.

Don't mind me..I just noticed a silly typo on my behalf...*hides beneath a rock*.. Your code works just fine. Thank you very much, you've been VERY helpful! :)

0

Never mind te following, as you fixed your problem. Posted just too late... I do think your \s*\S* could be replace by .*? One issue you may have is that you want to check more img tags in the same string. Perhaps you should look into preg_match_all.

<img.*?/>

The above would match all img tags, and preg_match_all will put them in an array. I'd loop that array with a separate regex.

Edited by pritaeas: n/a

0

A Pritaeas - to the rescue! I got so far up my own derriere with that regex, I thought I was going blind!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.