IPv6 from string

Asked Oct 14 '21 at 12:49

Active Oct 21 '21 at 09:38

Viewed 48 times

let's say I collect the input from $_POST["domain"] to $domain:

$domain = $_POST["domain"];

And the content of $domain is cat /etc/passwd; sub.domain.com.

How can I get only sub.domain.com without any malicious directives?

And $_POST["domain"] could also be a IPv4 or IPv6 address.

edited Oct 21 '21 at 09:38

DarkBee

asked Oct 14 '21 at 12:49

malaria389

See [this](https://stackoverflow.com/a/24112946/231316) as well as [this](https://stackoverflow.com/a/46105387/231316) for starters – Chris Haas Oct 14 '21 at 13:45
You might use `filter_var()` with `FILTER_VALIDATE_DOMAIN` but note that if you receive input as above, you generally want to reject all of it rather than try to pick out which parts are good and which are bad. – Alex Howansky Oct 14 '21 at 14:01
Thank you Chris and Alex. You are right, actually it is a better idea to just reject to whole input. :) – malaria389 Oct 15 '21 at 08:43

0 Answers0