How change de eregi to preg_match in this code?

Question

if (preg_match('^'.preg_quote($this->config_document_root), $filename)) {

     $AbsoluteFilename = $filename;

     $this->DebugMessage('ResolveFilenameToAbsolute() NOT prepending $this->config_document_root ('.$this->config_document_root.') to $filename ('.$filename.') resulting in ($AbsoluteFilename = "'.$AbsoluteFilename.'")', __FILE__, __LINE__);

    } else {

     $AbsoluteFilename = $this->config_document_root.$filename;

     $this->DebugMessage('ResolveFilenameToAbsolute() prepending $this->config_document_root ('.$this->config_document_root.') to $filename ('.$filename.') resulting in ($AbsoluteFilename = "'.$AbsoluteFilename.'")', __FILE__, __LINE__);

    }
}

This code has been resolved with instructions of the first answer, but how I can fix this code too?

if (!$this->config_allow_src_above_docroot && !preg_match('^'.preg_quote(str_replace(DIRECTORY_SEPARATOR, '/', realpath($this->config_document_root))), $AbsoluteFilename)) { 

Solved, thanks for all answers!

Answer 1

The question is a bit confusing because you don't actually seem to be using eregi within the posted code.

However, if you want to check if $filename starts with $this->config_document_root you don't need a regular expression. e.g. why not just use strpos?

if (strpos($filename, $this->config_document_root) === 0) {
...

In a regular expression the ^ is anchoring the pattern to the start of the text to be matched so if the rest of the pattern is just simple text then this is effectively just a starts with check, your second example could be written:

$docroot = str_replace(DIRECTORY_SEPARATOR, '/', realpath($this->config_document_root));
if (!$this->config_allow_src_above_docroot && strpos($filename, $docroot) !== 0) {
...

Answer 2

You already have preg_match in the code quoted, but I can see how it wouldn't work. I presume it's that first line that started as an eregi() and you need help with?

If that's the case, you need to change it as follows:

• Firstly, the match string needs to start and end with a regex marker character (typically / is used for this).
• Secondly, since you specified eregi(), you also need to add an i modifier to the preg_match to make it case insensitive.

So given an eregi() expression that looks like this:

'^matchthis'

You would need to change it to:

'/^matchthis/i'

Obviously replace matchthis with the match string (ie preg_quote($this->config_document_root) in your example).

I wrote a detailed explaination of the differences between ereg and preg in PHP here a few days ago. You may find that useful to read.

However, in your example, all you're checking is that the string starts with the contents of the variable $this->config_document_root. Assuming $this->config_document_root doesn't contain any regex patterns itself (and using preg_quote virtually guarantees that it doesn't), you don't actually need to be using regular expressions at all -- you could just use strpos() or one of several other normal PHP string functions. It would be a lot more efficient that way.