githubFork/roundcubemail.git

Roundcubemail devel

alecpl

2012-04-14 1495ac7913095ae8284c3501b7d4e6dd31a484ec

commit \| author \| age
c29b82	1	<?php
T	2
	3	/*
	4	+-----------------------------------------------------------------------+
	5	\| program/include/rcube_content_filter.php \|
	6	\| \|
	7	\| This file is part of the Roundcube Webmail client \|
	8	\| Copyright (C) 2011, The Roundcube Dev Team \|
7fe381	9	\| \|
T	10	\| Licensed under the GNU General Public License version 3 or \|
	11	\| any later version with exceptions for skins & plugins. \|
	12	\| See the README file for a full license statement. \|
c29b82	13	\| \|
T	14	\| PURPOSE: \|
	15	\| PHP stream filter to detect evil content in mail attachments \|
	16	\| \|
	17	+-----------------------------------------------------------------------+
	18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	19	+-----------------------------------------------------------------------+
	20
	21	$Id$
	22	*/
	23
	24	/**
	25	* PHP stream filter to detect html/javascript code in attachments
	26	*/
	27	class rcube_content_filter extends php_user_filter
	28	{
a267c6	29	private $buffer = '';
A	30	private $cutoff = 2048;
c29b82	31
a267c6	32	function onCreate()
A	33	{
	34	$this->cutoff = rand(2048, 3027);
	35	return true;
c29b82	36	}
T	37
a267c6	38	function filter($in, $out, &$consumed, $closing)
A	39	{
	40	while ($bucket = stream_bucket_make_writeable($in)) {
	41	$this->buffer .= $bucket->data;
c29b82	42
a267c6	43	// check for evil content and abort
A	44	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
	45	return PSFS_ERR_FATAL;
	46	}
	47
	48	// keep buffer small enough
	49	if (strlen($this->buffer) > 4096) {
	50	$this->buffer = substr($this->buffer, $this->cutoff);
	51	}
	52
	53	$consumed += $bucket->datalen;
	54	stream_bucket_append($out, $bucket);
	55	}
	56
	57	return PSFS_PASS_ON;
	58	}
	59	}