[RESOLVED] Paring any number of / down to one

schwim

Hi there folks!

I've got an issue. A popular method of getting by the filename matches on blacklists is for bots scanning for common applications to use multiple slashes. For instance:

http://domain.com//////////wp-login.php

because it borks the parse_url function, returning a null result, which then causes the filecheck to fail.

I've seen anywhere from two to 6 slashes by the bots. Initially, when I was seeing just two or three, I handled it by looking for the grouping and then replacing it with a single slash:

$url = str_replace('///', '/', $url);
	$url = str_replace('//', '/', $url);

But I'm tired of screwing with them. If they use 137 slashes, I want to replace it with a single, so the parse_url function doesn't choke up. Could someone help me figure out how I might do that?

Thanks for your time!

Derokorian

Use [man]preg_replace[/man] like this:

$s='domain.com//////////wp-login.php';
echo preg_replace('#/+#','/',$s);

NogDog

In case you need to preserve the double-slash before the domain, maybe try this as the regex:

'#(?<!:)/+#'  // negative look-behind assertion on ":"

Weedpacket

And since you only need to make any changes if there is more than one consecutive slash, using [font=monospace]//+[/font] won't waste time on slashes are are already single.

schwim

Thanks very much for all your help! I combined the three suggestions and it seems to be working fantastically.

Thanks again!