githubFork/roundcubemail.git

Roundcubemail devel

Merge branch 'master' of github.com:roundcube/roundcubemail

Thomas Bruederli

2012-11-17 6ddb16d181e285d4f0ef0ef55bdd0ba787f1b583

commit \| author \| age
c29b82	1	<?php
T	2
	3	/*
	4	+-----------------------------------------------------------------------+
	5	\| program/include/rcube_content_filter.php \|
	6	\| \|
	7	\| This file is part of the Roundcube Webmail client \|
	8	\| Copyright (C) 2011, The Roundcube Dev Team \|
7fe381	9	\| \|
T	10	\| Licensed under the GNU General Public License version 3 or \|
	11	\| any later version with exceptions for skins & plugins. \|
	12	\| See the README file for a full license statement. \|
c29b82	13	\| \|
T	14	\| PURPOSE: \|
	15	\| PHP stream filter to detect evil content in mail attachments \|
	16	\| \|
	17	+-----------------------------------------------------------------------+
	18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	19	+-----------------------------------------------------------------------+
	20	*/
	21
	22	/**
	23	* PHP stream filter to detect html/javascript code in attachments
9ab346	24	*
AM	25	* @package Framework
	26	* @subpackage Core
c29b82	27	*/
T	28	class rcube_content_filter extends php_user_filter
	29	{
a267c6	30	private $buffer = '';
A	31	private $cutoff = 2048;
c29b82	32
a267c6	33	function onCreate()
A	34	{
	35	$this->cutoff = rand(2048, 3027);
	36	return true;
c29b82	37	}
T	38
a267c6	39	function filter($in, $out, &$consumed, $closing)
A	40	{
	41	while ($bucket = stream_bucket_make_writeable($in)) {
	42	$this->buffer .= $bucket->data;
c29b82	43
a267c6	44	// check for evil content and abort
A	45	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
	46	return PSFS_ERR_FATAL;
	47	}
	48
	49	// keep buffer small enough
	50	if (strlen($this->buffer) > 4096) {
	51	$this->buffer = substr($this->buffer, $this->cutoff);
	52	}
	53
	54	$consumed += $bucket->datalen;
	55	stream_bucket_append($out, $bucket);
	56	}
	57
	58	return PSFS_PASS_ON;
	59	}
	60	}