util.php | searchcode

/source/Plug-in/fck/editor/filemanager/connectors/php/util.php

http://prosporous.googlecode.com/
PHP | 185 lines | 110 code | 22 blank | 53 comment | 17 complexity | 41413404718ccb3642e5b4eface2b53d MD5 | raw file
  1<?php
  2/*
  3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
  4 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
  5 *
  6 * == BEGIN LICENSE ==
  7 *
  8 * Licensed under the terms of any of the following licenses at your
  9 * choice:
 10 *
 11 *  - GNU General Public License Version 2 or later (the "GPL")
 12 *    http://www.gnu.org/licenses/gpl.html
 13 *
 14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 15 *    http://www.gnu.org/licenses/lgpl.html
 16 *
 17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 18 *    http://www.mozilla.org/MPL/MPL-1.1.html
 19 *
 20 * == END LICENSE ==
 21 *
 22 * Utility functions for the File Manager Connector for PHP.
 23 */
 24
 25function RemoveFromStart( $sourceString, $charToRemove )
 26{
 27	$sPattern = '|^' . $charToRemove . '+|' ;
 28	return preg_replace( $sPattern, '', $sourceString ) ;
 29}
 30
 31function RemoveFromEnd( $sourceString, $charToRemove )
 32{
 33	$sPattern = '|' . $charToRemove . '+$|' ;
 34	return preg_replace( $sPattern, '', $sourceString ) ;
 35}
 36
 37function ConvertToXmlAttribute( $value )
 38{
 39	if ( defined( 'PHP_OS' ) ) 
 40	{
 41		$os = PHP_OS ;
 42	}
 43	else
 44	{
 45		$os = php_uname() ;
 46	}
 47	
 48	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' ) 
 49	{
 50		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
 51	} 
 52	else 
 53	{
 54		return ( htmlspecialchars( $value ) ) ;
 55	}	
 56}
 57
 58/**
 59 * Check whether given extension is in html etensions list
 60 *
 61 * @param string $ext
 62 * @param array $htmlExtensions
 63 * @return boolean
 64 */
 65function IsHtmlExtension( $ext, $htmlExtensions )
 66{
 67	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
 68	{
 69		return false ;
 70	}
 71	$lcaseHtmlExtensions = array() ;
 72	foreach ( $htmlExtensions as $key => $val )
 73	{
 74		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
 75	}
 76	return in_array( $ext, $lcaseHtmlExtensions ) ;
 77}
 78
 79/**
 80 * Detect HTML in the first KB to prevent against potential security issue with 
 81 * IE/Safari/Opera file type auto detection bug.
 82 * Returns true if file contain insecure HTML code at the beginning.
 83 * 
 84 * @param string $filePath absolute path to file
 85 * @return boolean
 86 */ 
 87function DetectHtml( $filePath )
 88{
 89	$fp = fopen( $filePath, 'rb' ) ;
 90	$chunk = fread( $fp, 1024 ) ;
 91	fclose( $fp ) ;
 92
 93	$chunk = strtolower( $chunk ) ;
 94
 95	if (!$chunk) 
 96	{
 97		return false ;
 98	}
 99
100	$chunk = trim( $chunk ) ;
101
102	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) ) 
103	{
104		return true;
105	}	
106
107	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
108
109	foreach( $tags as $tag ) 
110	{
111		if( false !== strpos( $chunk, $tag ) ) 
112		{
113			return true ;
114		}
115	}
116
117	//type = javascript
118	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) 
119	{
120		return true ;
121	}
122
123	//href = javascript
124	//src = javascript
125	//data = javascript
126	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
127	{
128		return true ;
129	}
130	
131	//url(javascript
132	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) 
133	{
134		return true ;
135	}			
136
137	return false ;	
138}
139
140/**
141 * Check file content.
142 * Currently this function validates only image files.
143 * Returns false if file is invalid.
144 * 
145 * @param string $filePath absolute path to file
146 * @param string $extension file extension
147 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
148 * @return boolean
149 */ 
150function IsImageValid( $filePath, $extension )
151{
152	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
153
154	// version_compare is available since PHP4 >= 4.0.7
155	if ( function_exists( 'version_compare' ) ) {
156		$sCurrentVersion = phpversion();
157		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
158			$imageCheckExtensions[] = "tiff";
159			$imageCheckExtensions[] = "tif";
160		}
161		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
162			$imageCheckExtensions[] = "swc";
163		}
164		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
165			$imageCheckExtensions[] = "jpc";
166			$imageCheckExtensions[] = "jp2";
167			$imageCheckExtensions[] = "jpx";
168			$imageCheckExtensions[] = "jb2";
169			$imageCheckExtensions[] = "xbm";
170			$imageCheckExtensions[] = "wbmp";
171		}
172	}
173	
174	if ( !in_array( $extension, $imageCheckExtensions ) ) {
175		return true;
176	}
177	
178	if ( @getimagesize( $filePath ) === false ) {
179		return false ;
180	}		
181	
182	return true;
183}
184
185?>