import v2.0.0.0_RC3 | 2012-07-01

https://github.com/lucanos/CommunityID -> http://www.itadmins.net/archives/357

fckeditor/editor/filemanager/connectors/php/util.php

@@ -0,0 +1,220 @@
+<?php
+/*
+ * FCKeditor - The text editor for Internet - http://www.fckeditor.net
+ * Copyright (C) 2003-2009 Frederico Caldeira Knabben
+ *
+ * == BEGIN LICENSE ==
+ *
+ * Licensed under the terms of any of the following licenses at your
+ * choice:
+ *
+ *  - GNU General Public License Version 2 or later (the "GPL")
+ *    http://www.gnu.org/licenses/gpl.html
+ *
+ *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
+ *    http://www.gnu.org/licenses/lgpl.html
+ *
+ *  - Mozilla Public License Version 1.1 or later (the "MPL")
+ *    http://www.mozilla.org/MPL/MPL-1.1.html
+ *
+ * == END LICENSE ==
+ *
+ * Utility functions for the File Manager Connector for PHP.
+ */
+
+function RemoveFromStart( $sourceString, $charToRemove )
+{
+	$sPattern = '|^' . $charToRemove . '+|' ;
+	return preg_replace( $sPattern, '', $sourceString ) ;
+}
+
+function RemoveFromEnd( $sourceString, $charToRemove )
+{
+	$sPattern = '|' . $charToRemove . '+$|' ;
+	return preg_replace( $sPattern, '', $sourceString ) ;
+}
+
+function FindBadUtf8( $string )
+{
+	$regex =
+	'([\x00-\x7F]'.
+	'|[\xC2-\xDF][\x80-\xBF]'.
+	'|\xE0[\xA0-\xBF][\x80-\xBF]'.
+	'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
+	'|\xED[\x80-\x9F][\x80-\xBF]'.
+	'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
+	'|[\xF1-\xF3][\x80-\xBF]{3}'.
+	'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
+	'|(.{1}))';
+
+	while (preg_match('/'.$regex.'/S', $string, $matches)) {
+		if ( isset($matches[2])) {
+			return true;
+		}
+		$string = substr($string, strlen($matches[0]));
+	}
+
+	return false;
+}
+
+function ConvertToXmlAttribute( $value )
+{
+	if ( defined( 'PHP_OS' ) )
+	{
+		$os = PHP_OS ;
+	}
+	else
+	{
+		$os = php_uname() ;
+	}
+
+	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
+	{
+		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
+	}
+	else
+	{
+		return ( htmlspecialchars( $value ) ) ;
+	}
+}
+
+/**
+ * Check whether given extension is in html etensions list
+ *
+ * @param string $ext
+ * @param array $htmlExtensions
+ * @return boolean
+ */
+function IsHtmlExtension( $ext, $htmlExtensions )
+{
+	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
+	{
+		return false ;
+	}
+	$lcaseHtmlExtensions = array() ;
+	foreach ( $htmlExtensions as $key => $val )
+	{
+		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
+	}
+	return in_array( $ext, $lcaseHtmlExtensions ) ;
+}
+
+/**
+ * Detect HTML in the first KB to prevent against potential security issue with
+ * IE/Safari/Opera file type auto detection bug.
+ * Returns true if file contain insecure HTML code at the beginning.
+ *
+ * @param string $filePath absolute path to file
+ * @return boolean
+ */
+function DetectHtml( $filePath )
+{
+	$fp = @fopen( $filePath, 'rb' ) ;
+
+	//open_basedir restriction, see #1906
+	if ( $fp === false || !flock( $fp, LOCK_SH ) )
+	{
+		return -1 ;
+	}
+
+	$chunk = fread( $fp, 1024 ) ;
+	flock( $fp, LOCK_UN ) ;
+	fclose( $fp ) ;
+
+	$chunk = strtolower( $chunk ) ;
+
+	if (!$chunk)
+	{
+		return false ;
+	}
+
+	$chunk = trim( $chunk ) ;
+
+	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
+	{
+		return true;
+	}
+
+	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
+
+	foreach( $tags as $tag )
+	{
+		if( false !== strpos( $chunk, $tag ) )
+		{
+			return true ;
+		}
+	}
+
+	//type = javascript
+	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
+	{
+		return true ;
+	}
+
+	//href = javascript
+	//src = javascript
+	//data = javascript
+	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
+	{
+		return true ;
+	}
+
+	//url(javascript
+	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
+	{
+		return true ;
+	}
+
+	return false ;
+}
+
+/**
+ * Check file content.
+ * Currently this function validates only image files.
+ * Returns false if file is invalid.
+ *
+ * @param string $filePath absolute path to file
+ * @param string $extension file extension
+ * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
+ * @return boolean
+ */
+function IsImageValid( $filePath, $extension )
+{
+	if (!@is_readable($filePath)) {
+		return -1;
+	}
+
+	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
+
+	// version_compare is available since PHP4 >= 4.0.7
+	if ( function_exists( 'version_compare' ) ) {
+		$sCurrentVersion = phpversion();
+		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
+			$imageCheckExtensions[] = "tiff";
+			$imageCheckExtensions[] = "tif";
+		}
+		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
+			$imageCheckExtensions[] = "swc";
+		}
+		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
+			$imageCheckExtensions[] = "jpc";
+			$imageCheckExtensions[] = "jp2";
+			$imageCheckExtensions[] = "jpx";
+			$imageCheckExtensions[] = "jb2";
+			$imageCheckExtensions[] = "xbm";
+			$imageCheckExtensions[] = "wbmp";
+		}
+	}
+
+	if ( !in_array( $extension, $imageCheckExtensions ) ) {
+		return true;
+	}
+
+	if ( @getimagesize( $filePath ) === false ) {
+		return false ;
+	}
+
+	return true;
+}
+
+?>