<?php

/*
 +-----------------------------------------------------------------------+
 | This file is part of the Roundcube Webmail client                     |
 | Copyright (C) 2011, The Roundcube Dev Team                            |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
 |                                                                       |
 | PURPOSE:                                                              |
 |   PHP stream filter to detect evil content in mail attachments        |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
 +-----------------------------------------------------------------------+
*/

/**
 * PHP stream filter to detect html/javascript code in attachments
 *
 * @package    Framework
 * @subpackage Utils
 */
class rcube_content_filter extends php_user_filter
{
    private $buffer = '';
    private $cutoff = 2048;

    function onCreate()
    {
        $this->cutoff = rand(2048, 3027);
        return true;
    }

    function filter($in, $out, &$consumed)
    {
        while ($bucket = stream_bucket_make_writeable($in)) {
            $this->buffer .= $bucket->data;

            // check for evil content and abort
            if (preg_match('/<(script|iframe|object)/i', $this->buffer)) {
                return PSFS_ERR_FATAL;
            }

            // keep buffer small enough
            if (strlen($this->buffer) > 4096) {
                $this->buffer = substr($this->buffer, $this->cutoff);
            }

            $consumed += $bucket->datalen;
            stream_bucket_append($out, $bucket);
        }

        return PSFS_PASS_ON;
    }
}