Context Navigation

rcube_content_filter.php @ 041c93c

Visit:

HEADdev-browser-capabilitiespdo

Last change on this file since 041c93c was 041c93c, checked in by Aleksander Machniak <alec@…>, 12 months ago
Removed $Id$
Property mode set to `100644`
File size: 2.1 KB

Line
1	<?php
2
3	/*
4	+-----------------------------------------------------------------------+
5	\| program/include/rcube_content_filter.php \|
6	\| \|
7	\| This file is part of the Roundcube Webmail client \|
8	\| Copyright (C) 2011, The Roundcube Dev Team \|
9	\| \|
10	\| Licensed under the GNU General Public License version 3 or \|
11	\| any later version with exceptions for skins & plugins. \|
12	\| See the README file for a full license statement. \|
13	\| \|
14	\| PURPOSE: \|
15	\| PHP stream filter to detect evil content in mail attachments \|
16	\| \|
17	+-----------------------------------------------------------------------+
18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
19	+-----------------------------------------------------------------------+
20	*/
21
22	/**
23	* PHP stream filter to detect html/javascript code in attachments
24	*/
25	class rcube_content_filter extends php_user_filter
26	{
27	private $buffer = '';
28	private $cutoff = 2048;
29
30	function onCreate()
31	{
32	$this->cutoff = rand(2048, 3027);
33	return true;
34	}
35
36	function filter($in, $out, &$consumed, $closing)
37	{
38	while ($bucket = stream_bucket_make_writeable($in)) {
39	$this->buffer .= $bucket->data;
40
41	// check for evil content and abort
42	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
43	return PSFS_ERR_FATAL;
44	}
45
46	// keep buffer small enough
47	if (strlen($this->buffer) > 4096) {
48	$this->buffer = substr($this->buffer, $this->cutoff);
49	}
50
51	$consumed += $bucket->datalen;
52	stream_bucket_append($out, $bucket);
53	}
54
55	return PSFS_PASS_ON;
56	}
57	}

Note: See TracBrowser for help on using the repository browser.