Context Navigation

rcube_content_filter.php @ 5787

Last change on this file since 5787 was 5787, checked in by thomasb, 16 months ago
Changed license to GNU GPLv3+ with exceptions for skins and plugins
Property svn:eol-style set to `native` Property svn:keywords set to `Id Date Author Revision`
File size: 2.1 KB

Line
1	<?php
2
3	/*
4	+-----------------------------------------------------------------------+
5	\| program/include/rcube_content_filter.php \|
6	\| \|
7	\| This file is part of the Roundcube Webmail client \|
8	\| Copyright (C) 2011, The Roundcube Dev Team \|
9	\| \|
10	\| Licensed under the GNU General Public License version 3 or \|
11	\| any later version with exceptions for skins & plugins. \|
12	\| See the README file for a full license statement. \|
13	\| \|
14	\| PURPOSE: \|
15	\| PHP stream filter to detect evil content in mail attachments \|
16	\| \|
17	+-----------------------------------------------------------------------+
18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
19	+-----------------------------------------------------------------------+
20
21	$Id$
22	*/
23
24	/**
25	* PHP stream filter to detect html/javascript code in attachments
26	*/
27	class rcube_content_filter extends php_user_filter
28	{
29	private $buffer = '';
30	private $cutoff = 2048;
31
32	function onCreate()
33	{
34	$this->cutoff = rand(2048, 3027);
35	return true;
36	}
37
38	function filter($in, $out, &$consumed, $closing)
39	{
40	while ($bucket = stream_bucket_make_writeable($in)) {
41	$this->buffer .= $bucket->data;
42
43	// check for evil content and abort
44	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
45	return PSFS_ERR_FATAL;
46	}
47
48	// keep buffer small enough
49	if (strlen($this->buffer) > 4096) {
50	$this->buffer = substr($this->buffer, $this->cutoff);
51	}
52
53	$consumed += $bucket->datalen;
54	stream_bucket_append($out, $bucket);
55	}
56
57	return PSFS_PASS_ON;
58	}
59	}

Note: See TracBrowser for help on using the repository browser.