util_8php_source.html

 <?php

 /*

  * FCKeditor - The text editor for Internet - http://www.fckeditor.net

  * Copyright (C) 2003-2010 Frederico Caldeira Knabben

  *

  * == BEGIN LICENSE ==

  *

  * Licensed under the terms of any of the following licenses at your

  * choice:

  *

  *  - GNU General Public License Version 2 or later (the "GPL")

  *    http://www.gnu.org/licenses/gpl.html

  *

  *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")

  *    http://www.gnu.org/licenses/lgpl.html

  *

  *  - Mozilla Public License Version 1.1 or later (the "MPL")

  *    http://www.mozilla.org/MPL/MPL-1.1.html

  *

  * == END LICENSE ==

  *

  * Utility functions for the File Manager Connector for PHP.

  */


 function RemoveFromStart( $sourceString, $charToRemove )

 {

      $sPattern = '|^' . $charToRemove . '+|' ;

      return preg_replace( $sPattern, '', $sourceString ) ;

 }


 function RemoveFromEnd( $sourceString, $charToRemove )

 {

      $sPattern = '|' . $charToRemove . '+$|' ;

      return preg_replace( $sPattern, '', $sourceString ) ;

 }


 function FindBadUtf8( $string )

 {

      $regex =

      '([\x00-\x7F]'.

      '|[\xC2-\xDF][\x80-\xBF]'.

      '|\xE0[\xA0-\xBF][\x80-\xBF]'.

      '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.

      '|\xED[\x80-\x9F][\x80-\xBF]'.

      '|\xF0[\x90-\xBF][\x80-\xBF]{2}'.

      '|[\xF1-\xF3][\x80-\xBF]{3}'.

      '|\xF4[\x80-\x8F][\x80-\xBF]{2}'.

      '|(.{1}))';


      while (preg_match('/'.$regex.'/S', $string, $matches)) {

           if ( isset($matches[2])) {

                return true;

           }

           $string = substr($string, strlen($matches[0]));

      }


      return false;

 }


 function ConvertToXmlAttribute( $value )

 {

      if ( defined( 'PHP_OS' ) )

      {

           $os = PHP_OS ;

      }

      else

      {

           $os = php_uname() ;

      }


      if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )

      {

           return ( utf8_encode( htmlspecialchars( $value ) ) ) ;

      }

      else

      {

           return ( htmlspecialchars( $value ) ) ;

      }

 }


 function IsHtmlExtension( $ext, $htmlExtensions )

 {

      if ( !$htmlExtensions || !is_array( $htmlExtensions ) )

      {

           return false ;

      }

      $lcaseHtmlExtensions = array() ;

      foreach ( $htmlExtensions as $key => $val )

      {

           $lcaseHtmlExtensions[$key] = strtolower( $val ) ;

      }

      return in_array( $ext, $lcaseHtmlExtensions ) ;

 }


 function DetectHtml( $filePath )

 {

      $fp = @fopen( $filePath, 'rb' ) ;


      //open_basedir restriction, see #1906

      if ( $fp === false || !flock( $fp, LOCK_SH ) )

      {

           return -1 ;

      }


      $chunk = fread( $fp, 1024 ) ;

      flock( $fp, LOCK_UN ) ;

      fclose( $fp ) ;


      $chunk = strtolower( $chunk ) ;


      if (!$chunk)

      {

           return false ;

      }


      $chunk = trim( $chunk ) ;


      if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )

      {

           return true;

      }


      $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;


      foreach( $tags as $tag )

      {

           if( false !== strpos( $chunk, $tag ) )

           {

                return true ;

           }

      }


      //type = javascript

      if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )

      {

           return true ;

      }


      //href = javascript

      //src = javascript

      //data = javascript

      if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )

      {

           return true ;

      }


      //url(javascript

      if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )

      {

           return true ;

      }


      return false ;

 }


 function IsImageValid( $filePath, $extension )

 {

      if (!@is_readable($filePath)) {

           return -1;

      }


      $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');


      // version_compare is available since PHP4 >= 4.0.7

      if ( function_exists( 'version_compare' ) ) {

           $sCurrentVersion = phpversion();

           if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {

                $imageCheckExtensions[] = "tiff";

                $imageCheckExtensions[] = "tif";

           }

           if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {

                $imageCheckExtensions[] = "swc";

           }

           if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {

                $imageCheckExtensions[] = "jpc";

                $imageCheckExtensions[] = "jp2";

                $imageCheckExtensions[] = "jpx";

                $imageCheckExtensions[] = "jb2";

                $imageCheckExtensions[] = "xbm";

                $imageCheckExtensions[] = "wbmp";

           }

      }


      if ( !in_array( $extension, $imageCheckExtensions ) ) {

           return true;

      }


      if ( @getimagesize( $filePath ) === false ) {

           return false ;

      }


      return true;

 }


 ?>

ConvertToXmlAttribute
ConvertToXmlAttribute($value)
Definition: util.php:60

$fp
$fp
Definition: configuration.php:313

RemoveFromEnd
RemoveFromEnd($sourceString, $charToRemove)
Definition: util.php:31

$extension
$extension
Definition: fine_uploader.php:45

FindBadUtf8
FindBadUtf8($string)
Definition: util.php:37

DetectHtml
DetectHtml($filePath)
Detect HTML in the first KB to prevent against potential security issue with IE/Safari/Opera file typ...
Definition: util.php:110

IsHtmlExtension
IsHtmlExtension($ext, $htmlExtensions)
Check whether given extension is in html etensions list.
Definition: util.php:88

IsImageValid
IsImageValid($filePath, $extension)
Check file content.
Definition: util.php:181

RemoveFromStart
RemoveFromStart($sourceString, $charToRemove)
Definition: util.php:25