| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- <?php
-
- /**
- +-----------------------------------------------------------------------+
- | This file is part of the Roundcube Webmail client |
- | Copyright (C) 2011, The Roundcube Dev Team |
- | |
- | Licensed under the GNU General Public License version 3 or |
- | any later version with exceptions for skins & plugins. |
- | See the README file for a full license statement. |
- | |
- | PURPOSE: |
- | PHP stream filter to detect evil content in mail attachments |
- +-----------------------------------------------------------------------+
- | Author: Thomas Bruederli <roundcube@gmail.com> |
- +-----------------------------------------------------------------------+
- */
-
- /**
- * PHP stream filter to detect html/javascript code in attachments
- *
- * @package Framework
- * @subpackage Utils
- */
- class rcube_content_filter extends php_user_filter
- {
- private $buffer = '';
- private $cutoff = 2048;
-
- function onCreate()
- {
- $this->cutoff = rand(2048, 3027);
- return true;
- }
-
- function filter($in, $out, &$consumed, $closing)
- {
- while ($bucket = stream_bucket_make_writeable($in)) {
- $this->buffer .= $bucket->data;
-
- // check for evil content and abort
- if (preg_match('/<(script|iframe|object)/i', $this->buffer)) {
- return PSFS_ERR_FATAL;
- }
-
- // keep buffer small enough
- if (strlen($this->buffer) > 4096) {
- $this->buffer = substr($this->buffer, $this->cutoff);
- }
-
- $consumed += $bucket->datalen;
- stream_bucket_append($out, $bucket);
- }
-
- return PSFS_PASS_ON;
- }
- }
|
