- substr: documentation ( source)
- str_replace: documentation ( source)
- strtolower: documentation ( source)
<?php
$QUERYSTRING = "test.eps.eps.php";
$changes = -1;
do {$changes++; $a = $QUERYSTRING; $QUERYSTRING = str_replace(array('..', '~', chr(0), ':', '?'), '', $QUERYSTRING); } while ($a != $QUERYSTRING);
echo $QUERYSTRING . "\n";
echo $changes . "\n";
if( ($changes > 0) || (substr(strtolower($QUERYSTRING), -3) != ".ai") && (substr(strtolower($QUERYSTRING), -4) != ".eps")) {
echo "not allowed";
} else {
echo "allowed";
}