Roundcubemail devel
parent: 18863495 | patch | commit | ignore whitespace
thomascube
2011-12-20 c29b82d90a8bdf9ee93a1a5e28237a8e078eae74 
Fix crashes with eAccelerator (#1488256)

1 files added
1 files modified
93 ■■■■■ changed files
program/include/rcube_content_filter.php 55 ●●●●● patch | view | raw | blame | history
program/steps/mail/get.inc 38 ●●●●● patch | view | raw | blame | history 
 program/include/rcube_content_filter.php


New file


@@ -0,0 +1,55 @@


<?php




/*


 +-----------------------------------------------------------------------+


 | program/include/rcube_content_filter.php                              |


 |                                                                       |


 | This file is part of the Roundcube Webmail client                     |


 | Copyright (C) 2011, The Roundcube Dev Team                            |


 | Licensed under the GNU GPL                                            |


 |                                                                       |


 | PURPOSE:                                                              |


 |   PHP stream filter to detect evil content in mail attachments        |


 |                                                                       |


 +-----------------------------------------------------------------------+


 | Author: Thomas Bruederli <roundcube@gmail.com>                        |


 +-----------------------------------------------------------------------+




 $Id$


*/




/**


 * PHP stream filter to detect html/javascript code in attachments


 */


class rcube_content_filter extends php_user_filter


{


  private $buffer = '';


  private $cutoff = 2048;




  function onCreate()


  {


    $this->cutoff = rand(2048, 3027);


    return true;


  }




  function filter($in, $out, &$consumed, $closing)


  {


    while ($bucket = stream_bucket_make_writeable($in)) {


      $this->buffer .= $bucket->data;




      // check for evil content and abort


      if (preg_match('/<(script|iframe|object)/i', $this->buffer))


        return PSFS_ERR_FATAL;




      // keep buffer small enough


      if (strlen($this->buffer) > 4096)


        $this->buffer = substr($this->buffer, $this->cutoff);




      $consumed += $bucket->datalen;


      stream_bucket_append($out, $bucket);


    }




    return PSFS_PASS_ON;


  }


}






 program/steps/mail/get.inc


@@ -5,7 +5,7 @@


 | program/steps/mail/get.inc                                            |


 |                                                                       |


 | This file is part of the Roundcube Webmail client                     |


 | Copyright (C) 2005-2009, The Roundcube Dev Team                       |


 | Copyright (C) 2005-2011, The Roundcube Dev Team                       |


 | Licensed under the GNU GPL                                            |


 |                                                                       |


 | PURPOSE:                                                              |


@@ -193,40 +193,4 @@


header('HTTP/1.1 404 Not Found');


exit;








/**


 * PHP stream filter to detect html/javascript code in attachments


 */


class rcube_content_filter extends php_user_filter


{


  private $buffer = '';


  private $cutoff = 2048;




  function onCreate()


  {


    $this->cutoff = rand(2048, 3027);


    return true;


  }




  function filter($in, $out, &$consumed, $closing)


  {


    while ($bucket = stream_bucket_make_writeable($in)) {


      $this->buffer .= $bucket->data;




      // check for evil content and abort


      if (preg_match('/<(script|iframe|object)/i', $this->buffer))


        return PSFS_ERR_FATAL;




      // keep buffer small enough


      if (strlen($this->buffer) > 4096)


        $this->buffer = substr($this->buffer, $this->cutoff);




      $consumed += $bucket->datalen;


      stream_bucket_append($out, $bucket);


    }




    return PSFS_PASS_ON;


  }


}