I have a database of users, where the username is restricted to 50 characters, but that's about the only restriction there is on the username. Usernames can also be email addresses (yes, this is Links SQL with users imported from Links 2).
Now I want to build a file or directory for each user, and the file/directory will have the name username.html (or so). Obviously, in order for this to be secure, I have to take care that the file/directory is only built if the username fulfills certain criteria.
I am using the following regexes to strip out everything but alphanumeric characters, dots, @'s and leading dots.
$username =~ s,^\.+,,g;
Is this enough? Also, would usernames that pass through the above validation necessary make good filenames/directories on 'any' OS? They seem to be OK on Linux, but what about Windows? Anything else I should take care of?
Ivan
-----
Iyengar Yoga Resources / GT Plugins
Now I want to build a file or directory for each user, and the file/directory will have the name username.html (or so). Obviously, in order for this to be secure, I have to take care that the file/directory is only built if the username fulfills certain criteria.
I am using the following regexes to strip out everything but alphanumeric characters, dots, @'s and leading dots.
Code:
$username =~ s,[^\w\d\.\@],,g; $username =~ s,^\.+,,g;
Is this enough? Also, would usernames that pass through the above validation necessary make good filenames/directories on 'any' OS? They seem to be OK on Linux, but what about Windows? Anything else I should take care of?
Ivan
-----
Iyengar Yoga Resources / GT Plugins
