under CXS (ConfigServer eXploit Scanner) I can add directories to ignore during a virus scan on a cpanel server.
my problem is that when a user has more than 1 website in his cpanel account the dir look like this:
/home/username/domain1.com/public_html/dir1/dir2
/home/username/domain2.com/public_html/dir1/dir2
could you please tell me the correct regex code to include any directory name where /domain1.com/ could be any directory name.
I tried /home/username/*/public_html/dir1/dir2 but it's not working.
thanks
You need to backslash all the forward slashes and exclude the possibility that a directory has a / or a NULL (0x00) char in its name:
\/home\/username\/[^\/\x00]+\/public_html\/dir1\/dir2
You can try this:
/home/username/[^/]+/public_html/dir1/dir2
Note that character set: [^/] allows the directory name to consist of anything except a forward-slash.
So you may want to lock that down to a more specific character set, and be less permissive.
Related
I needed to do use "one dot before the slash" to make this PHP header redirect instruction work:
header("Location: ./retrieve.php?hash=$hash");
I understand that ./ means current directory.
So then why didn't plain header("Location: retrieve.php?hash=$hash");, without the "single dot slash," work?
Is it due to the query fragment ?hash=$hash ?
Update: In a different project, I see that I did this: header('Location:page2.html'); and it worked. Any thoughts on why I may not have had to precede with ./ there?
I need to pass filenames via the url, e.g.:
http://example.com/images/niceplace.jpg
The problem I'm having is when the file name contains a blank character, e.g.:
http://example.com/images/nice place.jpg
or
http://example.com/images/nice%20place.jpg
For these two URLs, codeigniter complains about the blank char: "The URI you submitted has disallowed characters."
How should I go about fixing this?
I know I can add the blank character to the permitted_uri_chars in config.php but I'm looking for a better solution as there might be other disallowed characters in a filename.
I figured out a solution.
The URL is generated using rawurlencode().
Then, within the images controller, the filename is decoded using rawurldecode(html_entity_decode($filename)).
I successfully tested this solution with a few special characters I can think of and with UTF-8 characters.
You can use this method:
http://php.net/urlencode
Actually, you will run into another issues, when a filename would contain & character, and a few others. urlencode would get rid of all the possible issues.
This configuration option is created to avoid some characters being passed in URI and you want to walkaround it in some cases. I think most appropriate solutions are:
Pass file name as a parameter - http://domain.com/images/?image=test.jpg
Remove all non alfanumeric characters and may be some other (dash, underscore, etc) from file name when you save it. In my opinion, it is better, because you can face other problems with some character in other cases.
One of the better way to work with url's for specified condition is to encode/encrypt your url parameters using encryption/security class in order to maintain URL security:
$encrypt=$this->encrypt->encode($param1) & $this->encrypt->decode($encrypt)
Alternatively if you want special chars to be allowed in the URL then change your config settings in config.php file.
File Location: application/config/config.php
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
Add all characters in right side that you want to be allowed with your application.
I have PHP script from here http://css-tricks.com/snippets/php/display-styled-directory-contents/ , everything works fine except when I have file or folder with #,",' sign it can't be display in web browsers. So I must rename that file or folder to get it works. How to fix this?
You have to escape those characters, with a backslash \. I don't know why you would have folders with special characters in the name anyways.
For example if you have a folder named #Folder you would need to escape the # but doing \#Folder.
I want to create a file with a name containing backslash(/), e.g. 2013/2014.txt .
However, I found that php will regard it as a directory and create directory 2013 and put the content into a file 2014.txt.
How to escape the following situation?
The example you use is a forwardslash.
/ - forward
\ - back
Both of these are not valid in any system as file names because they are used for addresses of directories.
I suggest you use a hypen. Eg. 2013-2014.txt or underscore 2013_2014.txt
I accidentally have created some folders on server with a function and instead of using "/" I used this "\". Now the folders are like this : "folder\MartonMihaiBusinessCard" .
I cannot delete them anymore. What can I do about this ?
Because you used PHP to create them, they're likely owned by some funky user like "nobody" or "apache". So, you'll have to use PHP to delete them, too.
This doesn't work out of the box with filenames containing backslashes, as you've found. This is because the backslash is treated as an "escape" character in PHP. Something like "my\new\file" will actually contain a linebreak and a carriage feed.
However, if you escape the backslash-- with another backslash!-- you'll be able to point PHP at the file.
rmdir("/path/to/the/folder\\MartonMihaiBusinessCard");
(or unlink() if it's actually a file, I wasn't clear on that) should do what you seek.