Context Navigation

rcube_content_filter.php @ 5658

Last change on this file since 5658 was 5658, checked in by alec, 17 months ago
PHPCS
Property svn:eol-style set to `native` Property svn:keywords set to `Id Date Author Revision`
File size: 1.9 KB

Line
1	<?php
2
3	/*
4	+-----------------------------------------------------------------------+
5	\| program/include/rcube_content_filter.php \|
6	\| \|
7	\| This file is part of the Roundcube Webmail client \|
8	\| Copyright (C) 2011, The Roundcube Dev Team \|
9	\| Licensed under the GNU GPL \|
10	\| \|
11	\| PURPOSE: \|
12	\| PHP stream filter to detect evil content in mail attachments \|
13	\| \|
14	+-----------------------------------------------------------------------+
15	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
16	+-----------------------------------------------------------------------+
17
18	$Id$
19	*/
20
21	/**
22	* PHP stream filter to detect html/javascript code in attachments
23	*/
24	class rcube_content_filter extends php_user_filter
25	{
26	private $buffer = '';
27	private $cutoff = 2048;
28
29	function onCreate()
30	{
31	$this->cutoff = rand(2048, 3027);
32	return true;
33	}
34
35	function filter($in, $out, &$consumed, $closing)
36	{
37	while ($bucket = stream_bucket_make_writeable($in)) {
38	$this->buffer .= $bucket->data;
39
40	// check for evil content and abort
41	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
42	return PSFS_ERR_FATAL;
43	}
44
45	// keep buffer small enough
46	if (strlen($this->buffer) > 4096) {
47	$this->buffer = substr($this->buffer, $this->cutoff);
48	}
49
50	$consumed += $bucket->datalen;
51	stream_bucket_append($out, $bucket);
52	}
53
54	return PSFS_PASS_ON;
55	}
56	}

Note: See TracBrowser for help on using the repository browser.