| commit | author | age | ||
| c29b82 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | +-----------------------------------------------------------------------+ | |
| 5 | | program/include/rcube_content_filter.php | | |
| 6 | | | | |
| 7 | | This file is part of the Roundcube Webmail client | | |
| 8 | | Copyright (C) 2011, The Roundcube Dev Team | | |
| 9 | | Licensed under the GNU GPL | | |
| 10 | | | | |
| 11 | | PURPOSE: | | |
| 12 | | PHP stream filter to detect evil content in mail attachments | | |
| 13 | | | | |
| 14 | +-----------------------------------------------------------------------+ | |
| 15 | | Author: Thomas Bruederli <roundcube@gmail.com> | | |
| 16 | +-----------------------------------------------------------------------+ | |
| 17 | ||
| 18 | $Id$ | |
| 19 | */ | |
| 20 | ||
| 21 | /** | |
| 22 | * PHP stream filter to detect html/javascript code in attachments | |
| 23 | */ | |
| 24 | class rcube_content_filter extends php_user_filter | |
| 25 | { | |
| a267c6 | 26 | private $buffer = ''; |
| A | 27 | private $cutoff = 2048; |
| c29b82 | 28 | |
| a267c6 | 29 | function onCreate() |
| A | 30 | { |
| 31 | $this->cutoff = rand(2048, 3027); | |
| 32 | return true; | |
| c29b82 | 33 | } |
| T | 34 | |
| a267c6 | 35 | function filter($in, $out, &$consumed, $closing) |
| A | 36 | { |
| 37 | while ($bucket = stream_bucket_make_writeable($in)) { | |
| 38 | $this->buffer .= $bucket->data; | |
| c29b82 | 39 | |
| a267c6 | 40 | // check for evil content and abort |
| A | 41 | if (preg_match('/<(script|iframe|object)/i', $this->buffer)) { |
| 42 | return PSFS_ERR_FATAL; | |
| 43 | } | |
| 44 | ||
| 45 | // keep buffer small enough | |
| 46 | if (strlen($this->buffer) > 4096) { | |
| 47 | $this->buffer = substr($this->buffer, $this->cutoff); | |
| 48 | } | |
| 49 | ||
| 50 | $consumed += $bucket->datalen; | |
| 51 | stream_bucket_append($out, $bucket); | |
| 52 | } | |
| 53 | ||
| 54 | return PSFS_PASS_ON; | |
| 55 | } | |
| 56 | } | |
