| [ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net 4 * Copyright (C) 2003-2010 Frederico Caldeira Knabben 5 * 6 * == BEGIN LICENSE == 7 * 8 * Licensed under the terms of any of the following licenses at your 9 * choice: 10 * 11 * - GNU General Public License Version 2 or later (the "GPL") 12 * http://www.gnu.org/licenses/gpl.html 13 * 14 * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") 15 * http://www.gnu.org/licenses/lgpl.html 16 * 17 * - Mozilla Public License Version 1.1 or later (the "MPL") 18 * http://www.mozilla.org/MPL/MPL-1.1.html 19 * 20 * == END LICENSE == 21 * 22 * Utility functions for the File Manager Connector for PHP. 23 */ 24 25 function RemoveFromStart( $sourceString, $charToRemove ) 26 { 27 $sPattern = '|^' . $charToRemove . '+|' ; 28 return preg_replace( $sPattern, '', $sourceString ) ; 29 } 30 31 function RemoveFromEnd( $sourceString, $charToRemove ) 32 { 33 $sPattern = '|' . $charToRemove . '+$|' ; 34 return preg_replace( $sPattern, '', $sourceString ) ; 35 } 36 37 function FindBadUtf8( $string ) 38 { 39 $regex = 40 '([\x00-\x7F]'. 41 '|[\xC2-\xDF][\x80-\xBF]'. 42 '|\xE0[\xA0-\xBF][\x80-\xBF]'. 43 '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. 44 '|\xED[\x80-\x9F][\x80-\xBF]'. 45 '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. 46 '|[\xF1-\xF3][\x80-\xBF]{3}'. 47 '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. 48 '|(.{1}))'; 49 50 while (preg_match('/'.$regex.'/S', $string, $matches)) { 51 if ( isset($matches[2])) { 52 return true; 53 } 54 $string = substr($string, strlen($matches[0])); 55 } 56 57 return false; 58 } 59 60 function ConvertToXmlAttribute( $value ) 61 { 62 if ( defined( 'PHP_OS' ) ) 63 { 64 $os = PHP_OS ; 65 } 66 else 67 { 68 $os = php_uname() ; 69 } 70 71 if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) ) 72 { 73 return ( utf8_encode( htmlspecialchars( $value ) ) ) ; 74 } 75 else 76 { 77 return ( htmlspecialchars( $value ) ) ; 78 } 79 } 80 81 /** 82 * Check whether given extension is in html etensions list 83 * 84 * @param string $ext 85 * @param array $htmlExtensions 86 * @return boolean 87 */ 88 function IsHtmlExtension( $ext, $htmlExtensions ) 89 { 90 if ( !$htmlExtensions || !is_array( $htmlExtensions ) ) 91 { 92 return false ; 93 } 94 $lcaseHtmlExtensions = array() ; 95 foreach ( $htmlExtensions as $key => $val ) 96 { 97 $lcaseHtmlExtensions[$key] = strtolower( $val ) ; 98 } 99 return in_array( $ext, $lcaseHtmlExtensions ) ; 100 } 101 102 /** 103 * Detect HTML in the first KB to prevent against potential security issue with 104 * IE/Safari/Opera file type auto detection bug. 105 * Returns true if file contain insecure HTML code at the beginning. 106 * 107 * @param string $filePath absolute path to file 108 * @return boolean 109 */ 110 function DetectHtml( $filePath ) 111 { 112 $fp = @fopen( $filePath, 'rb' ) ; 113 114 //open_basedir restriction, see #1906 115 if ( $fp === false || !flock( $fp, LOCK_SH ) ) 116 { 117 return -1 ; 118 } 119 120 $chunk = fread( $fp, 1024 ) ; 121 flock( $fp, LOCK_UN ) ; 122 fclose( $fp ) ; 123 124 $chunk = strtolower( $chunk ) ; 125 126 if (!$chunk) 127 { 128 return false ; 129 } 130 131 $chunk = trim( $chunk ) ; 132 133 if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) ) 134 { 135 return true; 136 } 137 138 $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ; 139 140 foreach( $tags as $tag ) 141 { 142 if( false !== strpos( $chunk, $tag ) ) 143 { 144 return true ; 145 } 146 } 147 148 //type = javascript 149 if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) ) 150 { 151 return true ; 152 } 153 154 //href = javascript 155 //src = javascript 156 //data = javascript 157 if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) 158 { 159 return true ; 160 } 161 162 //url(javascript 163 if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) ) 164 { 165 return true ; 166 } 167 168 return false ; 169 } 170 171 /** 172 * Check file content. 173 * Currently this function validates only image files. 174 * Returns false if file is invalid. 175 * 176 * @param string $filePath absolute path to file 177 * @param string $extension file extension 178 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images 179 * @return boolean 180 */ 181 function IsImageValid( $filePath, $extension ) 182 { 183 if (!@is_readable($filePath)) { 184 return -1; 185 } 186 187 $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff'); 188 189 // version_compare is available since PHP4 >= 4.0.7 190 if ( function_exists( 'version_compare' ) ) { 191 $sCurrentVersion = phpversion(); 192 if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) { 193 $imageCheckExtensions[] = "tiff"; 194 $imageCheckExtensions[] = "tif"; 195 } 196 if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) { 197 $imageCheckExtensions[] = "swc"; 198 } 199 if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) { 200 $imageCheckExtensions[] = "jpc"; 201 $imageCheckExtensions[] = "jp2"; 202 $imageCheckExtensions[] = "jpx"; 203 $imageCheckExtensions[] = "jb2"; 204 $imageCheckExtensions[] = "xbm"; 205 $imageCheckExtensions[] = "wbmp"; 206 } 207 } 208 209 if ( !in_array( $extension, $imageCheckExtensions ) ) { 210 return true; 211 } 212 213 if ( @getimagesize( $filePath ) === false ) { 214 return false ; 215 } 216 217 return true; 218 } 219 220 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |