WebSVN – Applications.papyrus – Diff – /trunk/api/fckeditor/editor/filemanager/connectors/php/util.php


<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * Utility functions for the File Manager Connector for PHP.
 */
 
function RemoveFromStart( $sourceString, $charToRemove )
{
	$sPattern = '|^' . $charToRemove . '+|' ;
	return preg_replace( $sPattern, '', $sourceString ) ;
}
 
function RemoveFromEnd( $sourceString, $charToRemove )
{
	$sPattern = '|' . $charToRemove . '+$|' ;
	return preg_replace( $sPattern, '', $sourceString ) ;
}
 
function FindBadUtf8( $string )
{
	$regex =
	'([\x00-\x7F]'.
	'|[\xC2-\xDF][\x80-\xBF]'.
	'|\xE0[\xA0-\xBF][\x80-\xBF]'.
	'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
	'|\xED[\x80-\x9F][\x80-\xBF]'.
	'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
	'|[\xF1-\xF3][\x80-\xBF]{3}'.
	'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
	'|(.{1}))';
 
	while (preg_match('/'.$regex.'/S', $string, $matches)) {
		if ( isset($matches[2])) {
			return true;
		}
		$string = substr($string, strlen($matches[0]));
	}
 
	return false;
}
 
function ConvertToXmlAttribute( $value )
{
	if ( defined( 'PHP_OS' ) )
	{
		$os = PHP_OS ;
	}
	else
	{
		$os = php_uname() ;
	}
 
	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
	{
		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
	}
	else
	{
		return ( htmlspecialchars( $value ) ) ;
	}
}
 
/**
 * Check whether given extension is in html etensions list
 *
 * @param string $ext
 * @param array $htmlExtensions
 * @return boolean
 */
function IsHtmlExtension( $ext, $htmlExtensions )
{
	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
	{
		return false ;
	}
	$lcaseHtmlExtensions = array() ;
	foreach ( $htmlExtensions as $key => $val )
	{
		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
	}
	return in_array( $ext, $lcaseHtmlExtensions ) ;
}
 
/**
 * Detect HTML in the first KB to prevent against potential security issue with
 * IE/Safari/Opera file type auto detection bug.
 * Returns true if file contain insecure HTML code at the beginning.
 *
 * @param string $filePath absolute path to file
 * @return boolean
 */
function DetectHtml( $filePath )
{
	$fp = @fopen( $filePath, 'rb' ) ;
 
	//open_basedir restriction, see #1906
	if ( $fp === false || !flock( $fp, LOCK_SH ) )
	{
		return -1 ;
	}
 
	$chunk = fread( $fp, 1024 ) ;
	flock( $fp, LOCK_UN ) ;
	fclose( $fp ) ;
 
	$chunk = strtolower( $chunk ) ;
 
	if (!$chunk)
	{
		return false ;
	}
 
	$chunk = trim( $chunk ) ;
 
	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
	{
		return true;
	}
 
	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
 
	foreach( $tags as $tag )
	{
		if( false !== strpos( $chunk, $tag ) )
		{
			return true ;
		}
	}
 
	//type = javascript
	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
	{
		return true ;
	}
 
	//href = javascript
	//src = javascript
	//data = javascript
	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
	{
		return true ;
	}
 
	//url(javascript
	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
	{
		return true ;
	}
 
	return false ;
}
 
/**
 * Check file content.
 * Currently this function validates only image files.
 * Returns false if file is invalid.
 *
 * @param string $filePath absolute path to file
 * @param string $extension file extension
 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
 * @return boolean
 */
function IsImageValid( $filePath, $extension )
{
	if (!@is_readable($filePath)) {
		return -1;
	}
 
	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
 
	// version_compare is available since PHP4 >= 4.0.7
	if ( function_exists( 'version_compare' ) ) {
		$sCurrentVersion = phpversion();
		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
			$imageCheckExtensions[] = "tiff";
			$imageCheckExtensions[] = "tif";
		}
		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
			$imageCheckExtensions[] = "swc";
		}
		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
			$imageCheckExtensions[] = "jpc";
			$imageCheckExtensions[] = "jp2";
			$imageCheckExtensions[] = "jpx";
			$imageCheckExtensions[] = "jb2";
			$imageCheckExtensions[] = "xbm";
			$imageCheckExtensions[] = "wbmp";
		}
	}
 
	if ( !in_array( $extension, $imageCheckExtensions ) ) {
		return true;
	}
 
	if ( @getimagesize( $filePath ) === false ) {
		return false ;
	}
 
	return true;
}
 
?>

Subversion Repositories Applications.papyrus

(root)/trunk/api/fckeditor/editor/filemanager/connectors/php/util.php – Rev 1925 → 2048

Rev 1925		Rev 2048
1	`<?php`	1	`<?php`
2	`/*`	2	`/*`
3	`* FCKeditor - The text editor for Internet - http://www.fckeditor.net`	3	`* FCKeditor - The text editor for Internet - http://www.fckeditor.net`
4	`* Copyright (C) 2003-2008 Frederico Caldeira Knabben`	4	`* Copyright (C) 2003-2009 Frederico Caldeira Knabben`
5	`*`	5	`*`
6	`* == BEGIN LICENSE ==`	6	`* == BEGIN LICENSE ==`
7	`*`	7	`*`
8	`* Licensed under the terms of any of the following licenses at your`	8	`* Licensed under the terms of any of the following licenses at your`
9	`* choice:`	9	`* choice:`
10	`*`	10	`*`
11	`* - GNU General Public License Version 2 or later (the "GPL")`	11	`* - GNU General Public License Version 2 or later (the "GPL")`
12	`* http://www.gnu.org/licenses/gpl.html`	12	`* http://www.gnu.org/licenses/gpl.html`
13	`*`	13	`*`
14	`* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")`	14	`* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")`
15	`* http://www.gnu.org/licenses/lgpl.html`	15	`* http://www.gnu.org/licenses/lgpl.html`
16	`*`	16	`*`
17	`* - Mozilla Public License Version 1.1 or later (the "MPL")`	17	`* - Mozilla Public License Version 1.1 or later (the "MPL")`
18	`* http://www.mozilla.org/MPL/MPL-1.1.html`	18	`* http://www.mozilla.org/MPL/MPL-1.1.html`
19	`*`	19	`*`
20	`* == END LICENSE ==`	20	`* == END LICENSE ==`
21	`*`	21	`*`
22	`* Utility functions for the File Manager Connector for PHP.`	22	`* Utility functions for the File Manager Connector for PHP.`
23	`*/`	23	`*/`
24		24
25	`function RemoveFromStart( $sourceString, $charToRemove )`	25	`function RemoveFromStart( $sourceString, $charToRemove )`
26	`{`	26	`{`
27	`$sPattern = '\|^' . $charToRemove . '+\|' ;`	27	`$sPattern = '\|^' . $charToRemove . '+\|' ;`
28	`return preg_replace( $sPattern, '', $sourceString ) ;`	28	`return preg_replace( $sPattern, '', $sourceString ) ;`
29	`}`	29	`}`
30		30
31	`function RemoveFromEnd( $sourceString, $charToRemove )`	31	`function RemoveFromEnd( $sourceString, $charToRemove )`
32	`{`	32	`{`
33	`$sPattern = '\|' . $charToRemove . '+$\|' ;`	33	`$sPattern = '\|' . $charToRemove . '+$\|' ;`
34	`return preg_replace( $sPattern, '', $sourceString ) ;`	34	`return preg_replace( $sPattern, '', $sourceString ) ;`
35	`}`	35	`}`
36		36
37	`function FindBadUtf8( $string )`	37	`function FindBadUtf8( $string )`
38	`{`	38	`{`
39	`$regex =`	39	`$regex =`
40	`'([\x00-\x7F]'.`	40	`'([\x00-\x7F]'.`
41	`'\|[\xC2-\xDF][\x80-\xBF]'.`	41	`'\|[\xC2-\xDF][\x80-\xBF]'.`
42	`'\|\xE0[\xA0-\xBF][\x80-\xBF]'.`	42	`'\|\xE0[\xA0-\xBF][\x80-\xBF]'.`
43	`'\|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.`	43	`'\|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.`
44	`'\|\xED[\x80-\x9F][\x80-\xBF]'.`	44	`'\|\xED[\x80-\x9F][\x80-\xBF]'.`
45	`'\|\xF0[\x90-\xBF][\x80-\xBF]{2}'.`	45	`'\|\xF0[\x90-\xBF][\x80-\xBF]{2}'.`
46	`'\|[\xF1-\xF3][\x80-\xBF]{3}'.`	46	`'\|[\xF1-\xF3][\x80-\xBF]{3}'.`
47	`'\|\xF4[\x80-\x8F][\x80-\xBF]{2}'.`	47	`'\|\xF4[\x80-\x8F][\x80-\xBF]{2}'.`
48	`'\|(.{1}))';`	48	`'\|(.{1}))';`
49		49
50	`while (preg_match('/'.$regex.'/S', $string, $matches)) {`	50	`while (preg_match('/'.$regex.'/S', $string, $matches)) {`
51	`if ( isset($matches[2])) {`	51	`if ( isset($matches[2])) {`
52	`return true;`	52	`return true;`
53	`}`	53	`}`
54	`$string = substr($string, strlen($matches[0]));`	54	`$string = substr($string, strlen($matches[0]));`
55	`}`	55	`}`
56		56
57	`return false;`	57	`return false;`
58	`}`	58	`}`
59		59
60	`function ConvertToXmlAttribute( $value )`	60	`function ConvertToXmlAttribute( $value )`
61	`{`	61	`{`
62	`if ( defined( 'PHP_OS' ) )`	62	`if ( defined( 'PHP_OS' ) )`
63	`{`	63	`{`
64	`$os = PHP_OS ;`	64	`$os = PHP_OS ;`
65	`}`	65	`}`
66	`else`	66	`else`
67	`{`	67	`{`
68	`$os = php_uname() ;`	68	`$os = php_uname() ;`
69	`}`	69	`}`
70		70
71	`if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' \|\| FindBadUtf8( $value ) )`	71	`if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' \|\| FindBadUtf8( $value ) )`
72	`{`	72	`{`
73	`return ( utf8_encode( htmlspecialchars( $value ) ) ) ;`	73	`return ( utf8_encode( htmlspecialchars( $value ) ) ) ;`
74	`}`	74	`}`
75	`else`	75	`else`
76	`{`	76	`{`
77	`return ( htmlspecialchars( $value ) ) ;`	77	`return ( htmlspecialchars( $value ) ) ;`
78	`}`	78	`}`
79	`}`	79	`}`
80		80
81	`/**`	81	`/**`
82	`* Check whether given extension is in html etensions list`	82	`* Check whether given extension is in html etensions list`
83	`*`	83	`*`
84	`* @param string $ext`	84	`* @param string $ext`
85	`* @param array $htmlExtensions`	85	`* @param array $htmlExtensions`
86	`* @return boolean`	86	`* @return boolean`
87	`*/`	87	`*/`
88	`function IsHtmlExtension( $ext, $htmlExtensions )`	88	`function IsHtmlExtension( $ext, $htmlExtensions )`
89	`{`	89	`{`
90	`if ( !$htmlExtensions \|\| !is_array( $htmlExtensions ) )`	90	`if ( !$htmlExtensions \|\| !is_array( $htmlExtensions ) )`
91	`{`	91	`{`
92	`return false ;`	92	`return false ;`
93	`}`	93	`}`
94	`$lcaseHtmlExtensions = array() ;`	94	`$lcaseHtmlExtensions = array() ;`
95	`foreach ( $htmlExtensions as $key => $val )`	95	`foreach ( $htmlExtensions as $key => $val )`
96	`{`	96	`{`
97	`$lcaseHtmlExtensions[$key] = strtolower( $val ) ;`	97	`$lcaseHtmlExtensions[$key] = strtolower( $val ) ;`
98	`}`	98	`}`
99	`return in_array( $ext, $lcaseHtmlExtensions ) ;`	99	`return in_array( $ext, $lcaseHtmlExtensions ) ;`
100	`}`	100	`}`
101		101
102	`/**`	102	`/**`
103	`* Detect HTML in the first KB to prevent against potential security issue with`	103	`* Detect HTML in the first KB to prevent against potential security issue with`
104	`* IE/Safari/Opera file type auto detection bug.`	104	`* IE/Safari/Opera file type auto detection bug.`
105	`* Returns true if file contain insecure HTML code at the beginning.`	105	`* Returns true if file contain insecure HTML code at the beginning.`
106	`*`	106	`*`
107	`* @param string $filePath absolute path to file`	107	`* @param string $filePath absolute path to file`
108	`* @return boolean`	108	`* @return boolean`
109	`*/`	109	`*/`
110	`function DetectHtml( $filePath )`	110	`function DetectHtml( $filePath )`
111	`{`	111	`{`
112	`$fp = @fopen( $filePath, 'rb' ) ;`	112	`$fp = @fopen( $filePath, 'rb' ) ;`
113		113
114	`//open_basedir restriction, see #1906`	114	`//open_basedir restriction, see #1906`
115	`if ( $fp === false \|\| !flock( $fp, LOCK_SH ) )`	115	`if ( $fp === false \|\| !flock( $fp, LOCK_SH ) )`
116	`{`	116	`{`
117	`return -1 ;`	117	`return -1 ;`
118	`}`	118	`}`
119		119
120	`$chunk = fread( $fp, 1024 ) ;`	120	`$chunk = fread( $fp, 1024 ) ;`
121	`flock( $fp, LOCK_UN ) ;`	121	`flock( $fp, LOCK_UN ) ;`
122	`fclose( $fp ) ;`	122	`fclose( $fp ) ;`
123		123
124	`$chunk = strtolower( $chunk ) ;`	124	`$chunk = strtolower( $chunk ) ;`
125		125
126	`if (!$chunk)`	126	`if (!$chunk)`
127	`{`	127	`{`
128	`return false ;`	128	`return false ;`
129	`}`	129	`}`
130		130
131	`$chunk = trim( $chunk ) ;`	131	`$chunk = trim( $chunk ) ;`
132		132
133	`if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )`	133	`if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )`
134	`{`	134	`{`
135	`return true;`	135	`return true;`
136	`}`	136	`}`
137		137
138	`$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;`	138	`$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;`
139		139
140	`foreach( $tags as $tag )`	140	`foreach( $tags as $tag )`
141	`{`	141	`{`
142	`if( false !== strpos( $chunk, $tag ) )`	142	`if( false !== strpos( $chunk, $tag ) )`
143	`{`	143	`{`
144	`return true ;`	144	`return true ;`
145	`}`	145	`}`
146	`}`	146	`}`
147		147
148	`//type = javascript`	148	`//type = javascript`
149	`if ( preg_match( '!type\s=\s[\'"]?\s(?:\w/)?(?:ecma\|java)!sim', $chunk ) )`	149	`if ( preg_match( '!type\s=\s[\'"]?\s(?:\w/)?(?:ecma\|java)!sim', $chunk ) )`
150	`{`	150	`{`
151	`return true ;`	151	`return true ;`
152	`}`	152	`}`
153		153
154	`//href = javascript`	154	`//href = javascript`
155	`//src = javascript`	155	`//src = javascript`
156	`//data = javascript`	156	`//data = javascript`
157	`if ( preg_match( '!(?:href\|src\|data)\s=\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )`	157	`if ( preg_match( '!(?:href\|src\|data)\s=\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )`
158	`{`	158	`{`
159	`return true ;`	159	`return true ;`
160	`}`	160	`}`
161		161
162	`//url(javascript`	162	`//url(javascript`
163	`if ( preg_match( '!url\s\(\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )`	163	`if ( preg_match( '!url\s\(\s[\'"]?\s*(?:ecma\|java)script:!sim', $chunk ) )`
164	`{`	164	`{`
165	`return true ;`	165	`return true ;`
166	`}`	166	`}`
167		167
168	`return false ;`	168	`return false ;`
169	`}`	169	`}`
170		170
171	`/**`	171	`/**`
172	`* Check file content.`	172	`* Check file content.`
173	`* Currently this function validates only image files.`	173	`* Currently this function validates only image files.`
174	`* Returns false if file is invalid.`	174	`* Returns false if file is invalid.`
175	`*`	175	`*`
176	`* @param string $filePath absolute path to file`	176	`* @param string $filePath absolute path to file`
177	`* @param string $extension file extension`	177	`* @param string $extension file extension`
178	`* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images`	178	`* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images`
179	`* @return boolean`	179	`* @return boolean`
180	`*/`	180	`*/`
181	`function IsImageValid( $filePath, $extension )`	181	`function IsImageValid( $filePath, $extension )`
182	`{`	182	`{`
183	`if (!@is_readable($filePath)) {`	183	`if (!@is_readable($filePath)) {`
184	`return -1;`	184	`return -1;`
185	`}`	185	`}`
186		186
187	`$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');`	187	`$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');`
188		188
189	`// version_compare is available since PHP4 >= 4.0.7`	189	`// version_compare is available since PHP4 >= 4.0.7`
190	`if ( function_exists( 'version_compare' ) ) {`	190	`if ( function_exists( 'version_compare' ) ) {`
191	`$sCurrentVersion = phpversion();`	191	`$sCurrentVersion = phpversion();`
192	`if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {`	192	`if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {`
193	`$imageCheckExtensions[] = "tiff";`	193	`$imageCheckExtensions[] = "tiff";`
194	`$imageCheckExtensions[] = "tif";`	194	`$imageCheckExtensions[] = "tif";`
195	`}`	195	`}`
196	`if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {`	196	`if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {`
197	`$imageCheckExtensions[] = "swc";`	197	`$imageCheckExtensions[] = "swc";`
198	`}`	198	`}`
199	`if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {`	199	`if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {`
200	`$imageCheckExtensions[] = "jpc";`	200	`$imageCheckExtensions[] = "jpc";`
201	`$imageCheckExtensions[] = "jp2";`	201	`$imageCheckExtensions[] = "jp2";`
202	`$imageCheckExtensions[] = "jpx";`	202	`$imageCheckExtensions[] = "jpx";`
203	`$imageCheckExtensions[] = "jb2";`	203	`$imageCheckExtensions[] = "jb2";`
204	`$imageCheckExtensions[] = "xbm";`	204	`$imageCheckExtensions[] = "xbm";`
205	`$imageCheckExtensions[] = "wbmp";`	205	`$imageCheckExtensions[] = "wbmp";`
206	`}`	206	`}`
207	`}`	207	`}`
208		208
209	`if ( !in_array( $extension, $imageCheckExtensions ) ) {`	209	`if ( !in_array( $extension, $imageCheckExtensions ) ) {`
210	`return true;`	210	`return true;`
211	`}`	211	`}`
212		212
213	`if ( @getimagesize( $filePath ) === false ) {`	213	`if ( @getimagesize( $filePath ) === false ) {`
214	`return false ;`	214	`return false ;`
215	`}`	215	`}`
216		216
217	`return true;`	217	`return true;`
218	`}`	218	`}`
219		219
220	`?>`	220	`?>`