?iť?
Current Path : /home/scgforma/www/soc064/htdocs/core/filemanagerdol/connectors/php/ |
Current File : /home/scgforma/www/soc064/htdocs/core/filemanagerdol/connectors/php/util.php |
<?php /* * FCKeditor - The text editor for Internet - http://www.fckeditor.net * Copyright (C) 2003-2010 Frederico Caldeira Knabben * * == BEGIN LICENSE == * * Licensed under the terms of any of the following licenses at your * choice: * * - GNU General Public License Version 2 or later (the "GPL") * http://www.gnu.org/licenses/gpl.html * * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") * http://www.gnu.org/licenses/lgpl.html * * - Mozilla Public License Version 1.1 or later (the "MPL") * http://www.mozilla.org/MPL/MPL-1.1.html * * == END LICENSE == * * Utility functions for the File Manager Connector for PHP. */ /** * RemoveFromStart * * @param string $sourceString Source * @param string $charToRemove Char to remove * @return string Result */ function RemoveFromStart($sourceString, $charToRemove) { $sPattern = '|^' . $charToRemove . '+|' ; return preg_replace($sPattern, '', $sourceString); } /** * RemoveFromEnd * * @param string $sourceString Source * @param string $charToRemove Rhar to remove * @return string Result */ function RemoveFromEnd($sourceString, $charToRemove) { $sPattern = '|' . $charToRemove . '+$|' ; return preg_replace($sPattern, '', $sourceString); } /** * FindBadUtf8 * * @param string $string String * @return boolean */ function FindBadUtf8($string) { $regex = '([\x00-\x7F]'. '|[\xC2-\xDF][\x80-\xBF]'. '|\xE0[\xA0-\xBF][\x80-\xBF]'. '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. '|\xED[\x80-\x9F][\x80-\xBF]'. '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. '|[\xF1-\xF3][\x80-\xBF]{3}'. '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. '|(.{1}))'; while (preg_match('/'.$regex.'/S', $string, $matches)) { if ( isset($matches[2])) { return true; } $string = substr($string, strlen($matches[0])); } return false; } /** * ConvertToXmlAttribute * * @param string $value Value * @return string */ function ConvertToXmlAttribute($value) { if ( defined('PHP_OS') ) { $os = PHP_OS ; } else { $os = php_uname(); } if (strtoupper(substr($os, 0, 3)) === 'WIN' || FindBadUtf8($value)) { return (utf8_encode(htmlspecialchars($value))); } else { return (htmlspecialchars($value)); } } /** * Check whether given extension is in html etensions list * * @param string $ext Extension * @param array $formExtensions Array of extensions * @return boolean */ function IsHtmlExtension($ext, $formExtensions) { if (!$formExtensions || !is_array($formExtensions) ) { return false ; } $lcaseHtmlExtensions = array(); foreach ($formExtensions as $key => $val) { $lcaseHtmlExtensions[$key] = strtolower($val); } return in_array($ext, $lcaseHtmlExtensions); } /** * Detect HTML in the first KB to prevent against potential security issue with * IE/Safari/Opera file type auto detection bug. * Returns true if file contain insecure HTML code at the beginning. * * @param string $filePath absolute path to file * @return boolean */ function DetectHtml($filePath) { $fp = @fopen($filePath, 'rb'); //open_basedir restriction, see #1906 if ( $fp === false || !flock($fp, LOCK_SH) ) { return -1 ; } $chunk = fread($fp, 1024); flock($fp, LOCK_UN); fclose($fp); $chunk = strtolower($chunk); if (!$chunk) { return false ; } $chunk = trim($chunk); if ( preg_match("/<!DOCTYPE\W*X?HTML/sim", $chunk) ) { return true; } $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ); foreach($tags as $tag) { if( false !== strpos($chunk, $tag) ) { return true ; } } //type = javascript if ( preg_match('!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk) ) { return true ; } //href = javascript //src = javascript //data = javascript if ( preg_match('!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk) ) { return true ; } //url(javascript if ( preg_match('!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk) ) { return true ; } return false ; } /** * Check file content. * Currently this function validates only image files. * Returns false if file is invalid. * * @param string $filePath Absolute path to file * @param string $extension File extension * @return boolean True or false */ function IsImageValid($filePath, $extension) { if (!@is_readable($filePath)) { return -1; } $imageCheckExtensions = array( 'gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff', 'tiff', 'tif', 'swc', 'jpc', 'jp2', 'jpx', 'jb2', 'xbm', 'wbmp' ); if (!in_array($extension, $imageCheckExtensions) ) { return true; } if (@getimagesize($filePath) === false) { return false ; } return true; }