commit | author | age
|
c29b82
|
1 |
<?php |
T |
2 |
|
a95874
|
3 |
/** |
c29b82
|
4 |
+-----------------------------------------------------------------------+ |
T |
5 |
| This file is part of the Roundcube Webmail client | |
|
6 |
| Copyright (C) 2011, The Roundcube Dev Team | |
7fe381
|
7 |
| | |
T |
8 |
| Licensed under the GNU General Public License version 3 or | |
|
9 |
| any later version with exceptions for skins & plugins. | |
|
10 |
| See the README file for a full license statement. | |
c29b82
|
11 |
| | |
T |
12 |
| PURPOSE: | |
|
13 |
| PHP stream filter to detect evil content in mail attachments | |
|
14 |
+-----------------------------------------------------------------------+ |
|
15 |
| Author: Thomas Bruederli <roundcube@gmail.com> | |
|
16 |
+-----------------------------------------------------------------------+ |
|
17 |
*/ |
|
18 |
|
|
19 |
/** |
|
20 |
* PHP stream filter to detect html/javascript code in attachments |
9ab346
|
21 |
* |
AM |
22 |
* @package Framework |
a6fd15
|
23 |
* @subpackage Utils |
c29b82
|
24 |
*/ |
T |
25 |
class rcube_content_filter extends php_user_filter |
|
26 |
{ |
a267c6
|
27 |
private $buffer = ''; |
A |
28 |
private $cutoff = 2048; |
c29b82
|
29 |
|
a267c6
|
30 |
function onCreate() |
A |
31 |
{ |
|
32 |
$this->cutoff = rand(2048, 3027); |
|
33 |
return true; |
c29b82
|
34 |
} |
T |
35 |
|
1b39d9
|
36 |
function filter($in, $out, &$consumed, $closing) |
a267c6
|
37 |
{ |
A |
38 |
while ($bucket = stream_bucket_make_writeable($in)) { |
|
39 |
$this->buffer .= $bucket->data; |
c29b82
|
40 |
|
a267c6
|
41 |
// check for evil content and abort |
A |
42 |
if (preg_match('/<(script|iframe|object)/i', $this->buffer)) { |
|
43 |
return PSFS_ERR_FATAL; |
|
44 |
} |
|
45 |
|
|
46 |
// keep buffer small enough |
|
47 |
if (strlen($this->buffer) > 4096) { |
|
48 |
$this->buffer = substr($this->buffer, $this->cutoff); |
|
49 |
} |
|
50 |
|
|
51 |
$consumed += $bucket->datalen; |
|
52 |
stream_bucket_append($out, $bucket); |
|
53 |
} |
|
54 |
|
|
55 |
return PSFS_PASS_ON; |
|
56 |
} |
|
57 |
} |