| New file |
|---|
| 0,0 → 1,220 |
|---|
| <?php |
| /* |
| * FCKeditor - The text editor for Internet - http://www.fckeditor.net |
| * Copyright (C) 2003-2008 Frederico Caldeira Knabben |
| * |
| * == BEGIN LICENSE == |
| * |
| * Licensed under the terms of any of the following licenses at your |
| * choice: |
| * |
| * - GNU General Public License Version 2 or later (the "GPL") |
| * http://www.gnu.org/licenses/gpl.html |
| * |
| * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") |
| * http://www.gnu.org/licenses/lgpl.html |
| * |
| * - Mozilla Public License Version 1.1 or later (the "MPL") |
| * http://www.mozilla.org/MPL/MPL-1.1.html |
| * |
| * == END LICENSE == |
| * |
| * Utility functions for the File Manager Connector for PHP. |
| */ |
| |
| function RemoveFromStart( $sourceString, $charToRemove ) |
| { |
| $sPattern = '|^' . $charToRemove . '+|' ; |
| return preg_replace( $sPattern, '', $sourceString ) ; |
| } |
| |
| function RemoveFromEnd( $sourceString, $charToRemove ) |
| { |
| $sPattern = '|' . $charToRemove . '+$|' ; |
| return preg_replace( $sPattern, '', $sourceString ) ; |
| } |
| |
| function FindBadUtf8( $string ) |
| { |
| $regex = |
| '([\x00-\x7F]'. |
| '|[\xC2-\xDF][\x80-\xBF]'. |
| '|\xE0[\xA0-\xBF][\x80-\xBF]'. |
| '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. |
| '|\xED[\x80-\x9F][\x80-\xBF]'. |
| '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. |
| '|[\xF1-\xF3][\x80-\xBF]{3}'. |
| '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. |
| '|(.{1}))'; |
| |
| while (preg_match('/'.$regex.'/S', $string, $matches)) { |
| if ( isset($matches[2])) { |
| return true; |
| } |
| $string = substr($string, strlen($matches[0])); |
| } |
| |
| return false; |
| } |
| |
| function ConvertToXmlAttribute( $value ) |
| { |
| if ( defined( 'PHP_OS' ) ) |
| { |
| $os = PHP_OS ; |
| } |
| else |
| { |
| $os = php_uname() ; |
| } |
| |
| if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) ) |
| { |
| return ( utf8_encode( htmlspecialchars( $value ) ) ) ; |
| } |
| else |
| { |
| return ( htmlspecialchars( $value ) ) ; |
| } |
| } |
| |
| /** |
| * Check whether given extension is in html etensions list |
| * |
| * @param string $ext |
| * @param array $htmlExtensions |
| * @return boolean |
| */ |
| function IsHtmlExtension( $ext, $htmlExtensions ) |
| { |
| if ( !$htmlExtensions || !is_array( $htmlExtensions ) ) |
| { |
| return false ; |
| } |
| $lcaseHtmlExtensions = array() ; |
| foreach ( $htmlExtensions as $key => $val ) |
| { |
| $lcaseHtmlExtensions[$key] = strtolower( $val ) ; |
| } |
| return in_array( $ext, $lcaseHtmlExtensions ) ; |
| } |
| |
| /** |
| * Detect HTML in the first KB to prevent against potential security issue with |
| * IE/Safari/Opera file type auto detection bug. |
| * Returns true if file contain insecure HTML code at the beginning. |
| * |
| * @param string $filePath absolute path to file |
| * @return boolean |
| */ |
| function DetectHtml( $filePath ) |
| { |
| $fp = @fopen( $filePath, 'rb' ) ; |
| |
| //open_basedir restriction, see #1906 |
| if ( $fp === false || !flock( $fp, LOCK_SH ) ) |
| { |
| return -1 ; |
| } |
| |
| $chunk = fread( $fp, 1024 ) ; |
| flock( $fp, LOCK_UN ) ; |
| fclose( $fp ) ; |
| |
| $chunk = strtolower( $chunk ) ; |
| |
| if (!$chunk) |
| { |
| return false ; |
| } |
| |
| $chunk = trim( $chunk ) ; |
| |
| if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) ) |
| { |
| return true; |
| } |
| |
| $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ; |
| |
| foreach( $tags as $tag ) |
| { |
| if( false !== strpos( $chunk, $tag ) ) |
| { |
| return true ; |
| } |
| } |
| |
| //type = javascript |
| if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) |
| { |
| return true ; |
| } |
| |
| //href = javascript |
| //src = javascript |
| //data = javascript |
| if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) |
| { |
| return true ; |
| } |
| |
| //url(javascript |
| if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) |
| { |
| return true ; |
| } |
| |
| return false ; |
| } |
| |
| /** |
| * Check file content. |
| * Currently this function validates only image files. |
| * Returns false if file is invalid. |
| * |
| * @param string $filePath absolute path to file |
| * @param string $extension file extension |
| * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images |
| * @return boolean |
| */ |
| function IsImageValid( $filePath, $extension ) |
| { |
| if (!@is_readable($filePath)) { |
| return -1; |
| } |
| |
| $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff'); |
| |
| // version_compare is available since PHP4 >= 4.0.7 |
| if ( function_exists( 'version_compare' ) ) { |
| $sCurrentVersion = phpversion(); |
| if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) { |
| $imageCheckExtensions[] = "tiff"; |
| $imageCheckExtensions[] = "tif"; |
| } |
| if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) { |
| $imageCheckExtensions[] = "swc"; |
| } |
| if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) { |
| $imageCheckExtensions[] = "jpc"; |
| $imageCheckExtensions[] = "jp2"; |
| $imageCheckExtensions[] = "jpx"; |
| $imageCheckExtensions[] = "jb2"; |
| $imageCheckExtensions[] = "xbm"; |
| $imageCheckExtensions[] = "wbmp"; |
| } |
| } |
| |
| if ( !in_array( $extension, $imageCheckExtensions ) ) { |
| return true; |
| } |
| |
| if ( @getimagesize( $filePath ) === false ) { |
| return false ; |
| } |
| |
| return true; |
| } |
| |
| ?> |