Fix crashes with eAccelerator (#1488256)

author: thomascube <thomas@roundcube.net> 2011-12-20 08:29:28 +0000
committer: thomascube <thomas@roundcube.net> 2011-12-20 08:29:28 +0000
commit: c29b82d90a8bdf9ee93a1a5e28237a8e078eae74 (patch)
tree: 9857514c9a527bc956963dea4ef3e353537bebfb /program/include
parent: 18863495ae95937276919f83db54f439ede8bd18 (diff)
1 files changed, 55 insertions, 0 deletions
diff --git a/program/include/rcube_content_filter.php b/program/include/rcube_content_filter.php
new file mode 100644
index 000000000..430defec6
--- /dev/null
+++ b/program/include/rcube_content_filter.php
@@ -0,0 +1,55 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | program/include/rcube_content_filter.php                              |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2011, The Roundcube Dev Team                            |
+ | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   PHP stream filter to detect evil content in mail attachments        |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ +-----------------------------------------------------------------------+
+
+ $Id$
+*/
+
+/**
+ * PHP stream filter to detect html/javascript code in attachments
+ */
+class rcube_content_filter extends php_user_filter
+{
+  private $buffer = '';
+  private $cutoff = 2048;
+
+  function onCreate()
+  {
+    $this->cutoff = rand(2048, 3027);
+    return true;
+  }
+
+  function filter($in, $out, &$consumed, $closing)
+  {
+    while ($bucket = stream_bucket_make_writeable($in)) {
+      $this->buffer .= $bucket->data;
+
+      // check for evil content and abort
+      if (preg_match('/<(script|iframe|object)/i', $this->buffer))
+        return PSFS_ERR_FATAL;
+
+      // keep buffer small enough
+      if (strlen($this->buffer) > 4096)
+        $this->buffer = substr($this->buffer, $this->cutoff);
+
+      $consumed += $bucket->datalen;
+      stream_bucket_append($out, $bucket);
+    }
+
+    return PSFS_PASS_ON;
+  }
+}
+
author	thomascube <thomas@roundcube.net>	2011-12-20 08:29:28 +0000
committer	thomascube <thomas@roundcube.net>	2011-12-20 08:29:28 +0000
commit	c29b82d90a8bdf9ee93a1a5e28237a8e078eae74 (patch)
tree	9857514c9a527bc956963dea4ef3e353537bebfb /program/include
parent	18863495ae95937276919f83db54f439ede8bd18 (diff)