/source/Plug-in/fck/editor/filemanager/connectors/php/util.php

http://prosporous.googlecode.com/ · PHP · 185 lines · 110 code · 22 blank · 53 comment · 17 complexity · 41413404718ccb3642e5b4eface2b53d MD5 · raw file

  1. <?php
  2. /*
  3. * FCKeditor - The text editor for Internet - http://www.fckeditor.net
  4. * Copyright (C) 2003-2007 Frederico Caldeira Knabben
  5. *
  6. * == BEGIN LICENSE ==
  7. *
  8. * Licensed under the terms of any of the following licenses at your
  9. * choice:
  10. *
  11. * - GNU General Public License Version 2 or later (the "GPL")
  12. * http://www.gnu.org/licenses/gpl.html
  13. *
  14. * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
  15. * http://www.gnu.org/licenses/lgpl.html
  16. *
  17. * - Mozilla Public License Version 1.1 or later (the "MPL")
  18. * http://www.mozilla.org/MPL/MPL-1.1.html
  19. *
  20. * == END LICENSE ==
  21. *
  22. * Utility functions for the File Manager Connector for PHP.
  23. */
  24. function RemoveFromStart( $sourceString, $charToRemove )
  25. {
  26. $sPattern = '|^' . $charToRemove . '+|' ;
  27. return preg_replace( $sPattern, '', $sourceString ) ;
  28. }
  29. function RemoveFromEnd( $sourceString, $charToRemove )
  30. {
  31. $sPattern = '|' . $charToRemove . '+$|' ;
  32. return preg_replace( $sPattern, '', $sourceString ) ;
  33. }
  34. function ConvertToXmlAttribute( $value )
  35. {
  36. if ( defined( 'PHP_OS' ) )
  37. {
  38. $os = PHP_OS ;
  39. }
  40. else
  41. {
  42. $os = php_uname() ;
  43. }
  44. if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' )
  45. {
  46. return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
  47. }
  48. else
  49. {
  50. return ( htmlspecialchars( $value ) ) ;
  51. }
  52. }
  53. /**
  54. * Check whether given extension is in html etensions list
  55. *
  56. * @param string $ext
  57. * @param array $htmlExtensions
  58. * @return boolean
  59. */
  60. function IsHtmlExtension( $ext, $htmlExtensions )
  61. {
  62. if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
  63. {
  64. return false ;
  65. }
  66. $lcaseHtmlExtensions = array() ;
  67. foreach ( $htmlExtensions as $key => $val )
  68. {
  69. $lcaseHtmlExtensions[$key] = strtolower( $val ) ;
  70. }
  71. return in_array( $ext, $lcaseHtmlExtensions ) ;
  72. }
  73. /**
  74. * Detect HTML in the first KB to prevent against potential security issue with
  75. * IE/Safari/Opera file type auto detection bug.
  76. * Returns true if file contain insecure HTML code at the beginning.
  77. *
  78. * @param string $filePath absolute path to file
  79. * @return boolean
  80. */
  81. function DetectHtml( $filePath )
  82. {
  83. $fp = fopen( $filePath, 'rb' ) ;
  84. $chunk = fread( $fp, 1024 ) ;
  85. fclose( $fp ) ;
  86. $chunk = strtolower( $chunk ) ;
  87. if (!$chunk)
  88. {
  89. return false ;
  90. }
  91. $chunk = trim( $chunk ) ;
  92. if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
  93. {
  94. return true;
  95. }
  96. $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
  97. foreach( $tags as $tag )
  98. {
  99. if( false !== strpos( $chunk, $tag ) )
  100. {
  101. return true ;
  102. }
  103. }
  104. //type = javascript
  105. if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
  106. {
  107. return true ;
  108. }
  109. //href = javascript
  110. //src = javascript
  111. //data = javascript
  112. if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
  113. {
  114. return true ;
  115. }
  116. //url(javascript
  117. if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
  118. {
  119. return true ;
  120. }
  121. return false ;
  122. }
  123. /**
  124. * Check file content.
  125. * Currently this function validates only image files.
  126. * Returns false if file is invalid.
  127. *
  128. * @param string $filePath absolute path to file
  129. * @param string $extension file extension
  130. * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
  131. * @return boolean
  132. */
  133. function IsImageValid( $filePath, $extension )
  134. {
  135. $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
  136. // version_compare is available since PHP4 >= 4.0.7
  137. if ( function_exists( 'version_compare' ) ) {
  138. $sCurrentVersion = phpversion();
  139. if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
  140. $imageCheckExtensions[] = "tiff";
  141. $imageCheckExtensions[] = "tif";
  142. }
  143. if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
  144. $imageCheckExtensions[] = "swc";
  145. }
  146. if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
  147. $imageCheckExtensions[] = "jpc";
  148. $imageCheckExtensions[] = "jp2";
  149. $imageCheckExtensions[] = "jpx";
  150. $imageCheckExtensions[] = "jb2";
  151. $imageCheckExtensions[] = "xbm";
  152. $imageCheckExtensions[] = "wbmp";
  153. }
  154. }
  155. if ( !in_array( $extension, $imageCheckExtensions ) ) {
  156. return true;
  157. }
  158. if ( @getimagesize( $filePath ) === false ) {
  159. return false ;
  160. }
  161. return true;
  162. }
  163. ?>