I've got a variable which contains a string which can contain html.

I'm trying to find a way to check the string if it contains a <img>-tag, and if so..validate that it has a valid file.exstension. (jpg | png | gif).

If an img tag is located and HAS a valid extension, then display it as usual, if it doesn't have a valid extension (for example just linking to another html page or whatever) do not parse it...

We have a few functions on our site which are linked towards pageviews of certain pages..and this can currently be exploited by just linking an img tag to this certain page.

Member Avatar

use preg_match()

The pattern I came up with is this:

/(<img (\s*\S*\s)*src\s*=\s*("|')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)("|')(\s*\S*\s*)*/*>)/

It should match an image tag that has src with one of the above extensions. It also takes into account that the surrounding quotes could be " or '
In addition other attributes could be included before and after the src attribute
The end of the tag can be /> or just >

I'm sure somebody out there can make a nicer one though. Or even use some other nifty function.

This could be simplified if there is a standard format to the html tag.

use preg_match()

The pattern I came up with is this:

/(<img (\s*\S*\s)*src\s*=\s*("|')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)("|')(\s*\S*\s*)*/*>)/

It should match an image tag that has src with one of the above extensions. It also takes into account that the surrounding quotes could be " or '
In addition other attributes could be included before and after the src attribute
The end of the tag can be /> or just >

I'm sure somebody out there can make a nicer one though. Or even use some other nifty function.

This could be simplified if there is a standard format to the html tag.

Hi :)

Thanks for the quick reply!

When I use the following function:

function cleanImgTags($text){
	if(preg_match('<img', $text)){ // let's first check if there's really any imagetags inside the string
		
		if(!preg_match('/(<img (\s*\S*\s)*src\s*=\s*(\"|\')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)(\"|\')(\s*\S*\s*)*/*>)/', $text))
		{
			$tekst= 'Img tag has an invalid extension!';
			
		}
		
	}
	return $tekst;
}

I keep getting the following error:

Warning: preg_match() [function.preg-match]: No ending matching delimiter '>' found

Any clue what's wrong? :)

Member Avatar
if(preg_match('/<img/', $text)
if(preg_match('/<img/', $text)

Easy as that..problem solved.

Thanks a million ! :)

Easy as that..problem solved.

Thanks a million ! :)

Hmm...this seems to be triggered also if a user has an 'alt' text or 'title' to the img tag :/

Member Avatar

what do you mean triggered?

the code takes into account that alt or title attributes could be included before or after the src attribute. *I think*

I'll have a look.

Perhaps it's just me not sure about the expression hehe..I'm really new to using regexp..but when I use the following code:

if(!preg_match('/(<img (\s*\S*\s)*src\s*=\s*(\"|\')\S*\.(jpg|jpeg|JPEG|JPG|png|PNG|gif|GIF)(\"|\')(\s*\S*\s*)*/*>)/', $string))
		{
			$string= 'Img tag has an invalid extension!';
 
		}

Isn't that suppose to display the 'Img tag has an invalid extension!' only when the img ..well got some bad extension not mentioned? :)

I tried applying it and the text echoed when an img with alt text was inserted :)

Member Avatar
if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text))

OK tried loads of different stuff, but can't help thinking that this is a really inelegant regex. Yuk! But it works for me

if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text))

OK tried loads of different stuff, but can't help thinking that this is a really inelegant regex. Yuk! But it works for me

Damn....weird..still gets caught up in the check here it seems with an alt text applied to the img tag :(

One of my users has the following code and it gets caught in the filter apparantly:

<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>
Member Avatar

Strange, works fine for me:

$text = '<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>';

if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text)){
    echo 'Img tag has an invalid extension!';
}else{
    echo "ok";	
}

Wait on. Didn't expect more than one img tag in the html.

For this, pehaps best to split "<img and first following ">" into an array and then apply the preg. In which case, you just search for the

/src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')/i inside each array item.

Strange, works fine for me:

$text = '<div class="heilbak">
<img src="http://i56.tinypic.com/30sh6rq.jpg" alt="Bakgrundsbildet" />
</div>
<div class="bunnlogo">
<a href="index.php?option=com_community&amp;view=groups&amp;task=viewgroup&amp;groupid=17&amp;Itemid=8">
<img src="http://i43.tinypic.com/2cgdfsw.jpg" alt="topplogo" />
</a>
</div>';

if(!preg_match("/(<img(\s*\S*\s*=\s*\S*\s*)*\s*src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')(\s*\S*\s*=\s*\S*\s*)*\/*)/i", $text)){
    echo 'Img tag has an invalid extension!';
}else{
    echo "ok";	
}

Wait on. Didn't expect more than one img tag in the html.

For this, pehaps best to split "<img and first following ">" into an array and then apply the preg. In which case, you just search for the

/src\s*=\s*(\"|')\S*\.(jpg|jpeg|png|gif)(\"|')/i inside each array item.

Don't mind me..I just noticed a silly typo on my behalf...*hides beneath a rock*.. Your code works just fine. Thank you very much, you've been VERY helpful! :)

Never mind te following, as you fixed your problem. Posted just too late... I do think your \s*\S* could be replace by .*? One issue you may have is that you want to check more img tags in the same string. Perhaps you should look into preg_match_all.

<img.*?/>

The above would match all img tags, and preg_match_all will put them in an array. I'd loop that array with a separate regex.

Member Avatar

A Pritaeas - to the rescue! I got so far up my own derriere with that regex, I thought I was going blind!