/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/php/util.php
PHP | 220 lines | 138 code | 28 blank | 54 comment | 22 complexity | 17599621ddddc7f2b0f796fcb4f69672 MD5 | raw file
- <?php
- /*
- * FCKeditor - The text editor for Internet - http://www.fckeditor.net
- * Copyright (C) 2003-2009 Frederico Caldeira Knabben
- *
- * == BEGIN LICENSE ==
- *
- * Licensed under the terms of any of the following licenses at your
- * choice:
- *
- * - GNU General Public License Version 2 or later (the "GPL")
- * http://www.gnu.org/licenses/gpl.html
- *
- * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
- * http://www.gnu.org/licenses/lgpl.html
- *
- * - Mozilla Public License Version 1.1 or later (the "MPL")
- * http://www.mozilla.org/MPL/MPL-1.1.html
- *
- * == END LICENSE ==
- *
- * Utility functions for the File Manager Connector for PHP.
- */
- function RemoveFromStart( $sourceString, $charToRemove )
- {
- $sPattern = '|^' . $charToRemove . '+|' ;
- return preg_replace( $sPattern, '', $sourceString ) ;
- }
- function RemoveFromEnd( $sourceString, $charToRemove )
- {
- $sPattern = '|' . $charToRemove . '+$|' ;
- return preg_replace( $sPattern, '', $sourceString ) ;
- }
- function FindBadUtf8( $string )
- {
- $regex =
- '([\x00-\x7F]'.
- '|[\xC2-\xDF][\x80-\xBF]'.
- '|\xE0[\xA0-\xBF][\x80-\xBF]'.
- '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
- '|\xED[\x80-\x9F][\x80-\xBF]'.
- '|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
- '|[\xF1-\xF3][\x80-\xBF]{3}'.
- '|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
- '|(.{1}))';
- while (preg_match('/'.$regex.'/S', $string, $matches)) {
- if ( isset($matches[2])) {
- return true;
- }
- $string = substr($string, strlen($matches[0]));
- }
- return false;
- }
- function ConvertToXmlAttribute( $value )
- {
- if ( defined( 'PHP_OS' ) )
- {
- $os = PHP_OS ;
- }
- else
- {
- $os = php_uname() ;
- }
- if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
- {
- return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
- }
- else
- {
- return ( htmlspecialchars( $value ) ) ;
- }
- }
- /**
- * Check whether given extension is in html etensions list
- *
- * @param string $ext
- * @param array $htmlExtensions
- * @return boolean
- */
- function IsHtmlExtension( $ext, $htmlExtensions )
- {
- if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
- {
- return false ;
- }
- $lcaseHtmlExtensions = array() ;
- foreach ( $htmlExtensions as $key => $val )
- {
- $lcaseHtmlExtensions[$key] = strtolower( $val ) ;
- }
- return in_array( $ext, $lcaseHtmlExtensions ) ;
- }
- /**
- * Detect HTML in the first KB to prevent against potential security issue with
- * IE/Safari/Opera file type auto detection bug.
- * Returns true if file contain insecure HTML code at the beginning.
- *
- * @param string $filePath absolute path to file
- * @return boolean
- */
- function DetectHtml( $filePath )
- {
- $fp = @fopen( $filePath, 'rb' ) ;
- //open_basedir restriction, see #1906
- if ( $fp === false || !flock( $fp, LOCK_SH ) )
- {
- return -1 ;
- }
- $chunk = fread( $fp, 1024 ) ;
- flock( $fp, LOCK_UN ) ;
- fclose( $fp ) ;
- $chunk = strtolower( $chunk ) ;
- if (!$chunk)
- {
- return false ;
- }
- $chunk = trim( $chunk ) ;
- if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
- {
- return true;
- }
- $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
- foreach( $tags as $tag )
- {
- if( false !== strpos( $chunk, $tag ) )
- {
- return true ;
- }
- }
- //type = javascript
- if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
- {
- return true ;
- }
- //href = javascript
- //src = javascript
- //data = javascript
- if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
- {
- return true ;
- }
- //url(javascript
- if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
- {
- return true ;
- }
- return false ;
- }
- /**
- * Check file content.
- * Currently this function validates only image files.
- * Returns false if file is invalid.
- *
- * @param string $filePath absolute path to file
- * @param string $extension file extension
- * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
- * @return boolean
- */
- function IsImageValid( $filePath, $extension )
- {
- if (!@is_readable($filePath)) {
- return -1;
- }
- $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
- // version_compare is available since PHP4 >= 4.0.7
- if ( function_exists( 'version_compare' ) ) {
- $sCurrentVersion = phpversion();
- if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
- $imageCheckExtensions[] = "tiff";
- $imageCheckExtensions[] = "tif";
- }
- if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
- $imageCheckExtensions[] = "swc";
- }
- if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
- $imageCheckExtensions[] = "jpc";
- $imageCheckExtensions[] = "jp2";
- $imageCheckExtensions[] = "jpx";
- $imageCheckExtensions[] = "jb2";
- $imageCheckExtensions[] = "xbm";
- $imageCheckExtensions[] = "wbmp";
- }
- }
- if ( !in_array( $extension, $imageCheckExtensions ) ) {
- return true;
- }
- if ( @getimagesize( $filePath ) === false ) {
- return false ;
- }
- return true;
- }
- ?>