rcube_content_filter.php
No OneTemporary
Actions

Authored By

Unknown

Size

1 KB

Referenced Files

None

Subscribers

None

rcube_content_filter.php
View Options

	<?php

	/*
	+-----------------------------------------------------------------------+
	\| This file is part of the Roundcube Webmail client \|
	\| Copyright (C) 2011, The Roundcube Dev Team \|
	\| \|
	\| Licensed under the GNU General Public License version 3 or \|
	\| any later version with exceptions for skins & plugins. \|
	\| See the README file for a full license statement. \|
	\| \|
	\| PURPOSE: \|
	\| PHP stream filter to detect evil content in mail attachments \|
	+-----------------------------------------------------------------------+
	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	+-----------------------------------------------------------------------+
	*/

	/**
	* PHP stream filter to detect html/javascript code in attachments
	*
	* @package Framework
	* @subpackage Core
	*/
	class rcube_content_filter extends php_user_filter
	{
	private $buffer = '';
	private $cutoff = 2048;

	function onCreate()
	{
	$this->cutoff = rand(2048, 3027);
	return true;
	}

	function filter($in, $out, &$consumed, $closing)
	{
	while ($bucket = stream_bucket_make_writeable($in)) {
	$this->buffer .= $bucket->data;

	// check for evil content and abort
	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer)) {
	return PSFS_ERR_FATAL;
	}

	// keep buffer small enough
	if (strlen($this->buffer) > 4096) {
	$this->buffer = substr($this->buffer, $this->cutoff);
	}

	$consumed += $bucket->datalen;
	stream_bucket_append($out, $bucket);
	}

	return PSFS_PASS_ON;
	}
	}