Framework files moved to lib/Roundcube

author: Aleksander Machniak <alec@alec.pl> 2012-11-21 19:52:03 +0100
committer: Aleksander Machniak <alec@alec.pl> 2012-11-21 19:52:03 +0100
commit: ba6f21caeb405c7e8512a09941fefbc97286e45f (patch)
tree: 4a0e8f6fbab3260d37bf85cbf0bc9f506e627678 /program/lib/Roundcube/rcube_content_filter.php
parent: f707fec0001d7dc7d46be114c42b37e49a052660 (diff)
1 files changed, 60 insertions, 0 deletions
diff --git a/program/lib/Roundcube/rcube_content_filter.php b/program/lib/Roundcube/rcube_content_filter.php
new file mode 100644
index 000000000..99916a300
--- /dev/null
+++ b/program/lib/Roundcube/rcube_content_filter.php
@@ -0,0 +1,60 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | program/include/rcube_content_filter.php                              |
+ |                                                                       |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2011, The Roundcube Dev Team                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   PHP stream filter to detect evil content in mail attachments        |
+ |                                                                       |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com>                        |
+ +-----------------------------------------------------------------------+
+*/
+
+/**
+ * PHP stream filter to detect html/javascript code in attachments
+ *
+ * @package    Framework
+ * @subpackage Core
+ */
+class rcube_content_filter extends php_user_filter
+{
+    private $buffer = '';
+    private $cutoff = 2048;
+
+    function onCreate()
+    {
+        $this->cutoff = rand(2048, 3027);
+        return true;
+    }
+
+    function filter($in, $out, &$consumed, $closing)
+    {
+        while ($bucket = stream_bucket_make_writeable($in)) {
+            $this->buffer .= $bucket->data;
+
+            // check for evil content and abort
+            if (preg_match('/<(script|iframe|object)/i', $this->buffer)) {
+                return PSFS_ERR_FATAL;
+            }
+
+            // keep buffer small enough
+            if (strlen($this->buffer) > 4096) {
+                $this->buffer = substr($this->buffer, $this->cutoff);
+            }
+
+            $consumed += $bucket->datalen;
+            stream_bucket_append($out, $bucket);
+        }
+
+        return PSFS_PASS_ON;
+    }
+}
author	Aleksander Machniak <alec@alec.pl>	2012-11-21 19:52:03 +0100
committer	Aleksander Machniak <alec@alec.pl>	2012-11-21 19:52:03 +0100
commit	ba6f21caeb405c7e8512a09941fefbc97286e45f (patch)
tree	4a0e8f6fbab3260d37bf85cbf0bc9f506e627678 /program/lib/Roundcube/rcube_content_filter.php
parent	f707fec0001d7dc7d46be114c42b37e49a052660 (diff)