Rev 1987 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?php/** FCKeditor - The text editor for Internet - http://www.fckeditor.net* Copyright (C) 2003-2008 Frederico Caldeira Knabben** == BEGIN LICENSE ==** Licensed under the terms of any of the following licenses at your* choice:** - GNU General Public License Version 2 or later (the "GPL")* http://www.gnu.org/licenses/gpl.html** - GNU Lesser General Public License Version 2.1 or later (the "LGPL")* http://www.gnu.org/licenses/lgpl.html** - Mozilla Public License Version 1.1 or later (the "MPL")* http://www.mozilla.org/MPL/MPL-1.1.html** == END LICENSE ==** Utility functions for the File Manager Connector for PHP.*/function RemoveFromStart( $sourceString, $charToRemove ){$sPattern = '|^' . $charToRemove . '+|' ;return preg_replace( $sPattern, '', $sourceString ) ;}function RemoveFromEnd( $sourceString, $charToRemove ){$sPattern = '|' . $charToRemove . '+$|' ;return preg_replace( $sPattern, '', $sourceString ) ;}function FindBadUtf8( $string ){$regex ='([\x00-\x7F]'.'|[\xC2-\xDF][\x80-\xBF]'.'|\xE0[\xA0-\xBF][\x80-\xBF]'.'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.'|\xED[\x80-\x9F][\x80-\xBF]'.'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.'|[\xF1-\xF3][\x80-\xBF]{3}'.'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.'|(.{1}))';while (preg_match('/'.$regex.'/S', $string, $matches)) {if ( isset($matches[2])) {return true;}$string = substr($string, strlen($matches[0]));}return false;}function ConvertToXmlAttribute( $value ){if ( defined( 'PHP_OS' ) ){$os = PHP_OS ;}else{$os = php_uname() ;}if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) ){return ( utf8_encode( htmlspecialchars( $value ) ) ) ;}else{return ( htmlspecialchars( $value ) ) ;}}/*** Check whether given extension is in html etensions list** @param string $ext* @param array $htmlExtensions* @return boolean*/function IsHtmlExtension( $ext, $htmlExtensions ){if ( !$htmlExtensions || !is_array( $htmlExtensions ) ){return false ;}$lcaseHtmlExtensions = array() ;foreach ( $htmlExtensions as $key => $val ){$lcaseHtmlExtensions[$key] = strtolower( $val ) ;}return in_array( $ext, $lcaseHtmlExtensions ) ;}/*** Detect HTML in the first KB to prevent against potential security issue with* IE/Safari/Opera file type auto detection bug.* Returns true if file contain insecure HTML code at the beginning.** @param string $filePath absolute path to file* @return boolean*/function DetectHtml( $filePath ){$fp = @fopen( $filePath, 'rb' ) ;//open_basedir restriction, see #1906if ( $fp === false || !flock( $fp, LOCK_SH ) ){return -1 ;}$chunk = fread( $fp, 1024 ) ;flock( $fp, LOCK_UN ) ;fclose( $fp ) ;$chunk = strtolower( $chunk ) ;if (!$chunk){return false ;}$chunk = trim( $chunk ) ;if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) ){return true;}$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;foreach( $tags as $tag ){if( false !== strpos( $chunk, $tag ) ){return true ;}}//type = javascriptif ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ){return true ;}//href = javascript//src = javascript//data = javascriptif ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ){return true ;}//url(javascriptif ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ){return true ;}return false ;}/*** Check file content.* Currently this function validates only image files.* Returns false if file is invalid.** @param string $filePath absolute path to file* @param string $extension file extension* @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images* @return boolean*/function IsImageValid( $filePath, $extension ){if (!@is_readable($filePath)) {return -1;}$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');// version_compare is available since PHP4 >= 4.0.7if ( function_exists( 'version_compare' ) ) {$sCurrentVersion = phpversion();if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {$imageCheckExtensions[] = "tiff";$imageCheckExtensions[] = "tif";}if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {$imageCheckExtensions[] = "swc";}if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {$imageCheckExtensions[] = "jpc";$imageCheckExtensions[] = "jp2";$imageCheckExtensions[] = "jpx";$imageCheckExtensions[] = "jb2";$imageCheckExtensions[] = "xbm";$imageCheckExtensions[] = "wbmp";}}if ( !in_array( $extension, $imageCheckExtensions ) ) {return true;}if ( @getimagesize( $filePath ) === false ) {return false ;}return true;}?>