4 +-----------------------------------------------------------------------+
5 | program/include/rcube_content_filter.php |
7 | This file is part of the Roundcube Webmail client |
8 | Copyright (C) 2011, The Roundcube Dev Team |
9 | Licensed under the GNU GPL |
12 | PHP stream filter to detect evil content in mail attachments |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com> |
16 +-----------------------------------------------------------------------+
18 $Id: rcube_content_filter.php 5635 2011-12-21 10:07:42Z alec $
22 * PHP stream filter to detect html/javascript code in attachments
24 class rcube_content_filter extends php_user_filter
27 private $cutoff = 2048;
31 $this->cutoff = rand(2048, 3027);
35 function filter($in, $out, &$consumed, $closing)
37 while ($bucket = stream_bucket_make_writeable($in)) {
38 $this->buffer .= $bucket->data;
40 // check for evil content and abort
41 if (preg_match('/<(script|iframe|object)/i', $this->buffer))
42 return PSFS_ERR_FATAL;
44 // keep buffer small enough
45 if (strlen($this->buffer) > 4096)
46 $this->buffer = substr($this->buffer, $this->cutoff);
48 $consumed += $bucket->datalen;
49 stream_bucket_append($out, $bucket);