Back to index

moin  1.9.0~rc2
Functions
util.php File Reference

Go to the source code of this file.

Functions

 RemoveFromStart ($sourceString, $charToRemove)
 RemoveFromEnd ($sourceString, $charToRemove)
 FindBadUtf8 ($string)
 ConvertToXmlAttribute ($value)
 IsHtmlExtension ($ext, $htmlExtensions)
 Check whether given extension is in html etensions list.
 DetectHtml ($filePath)
 Detect HTML in the first KB to prevent against potential security issue with IE/Safari/Opera file type auto detection bug.
 IsImageValid ($filePath, $extension)
 Check file content.

Function Documentation

ConvertToXmlAttribute ( value)

Definition at line 60 of file util.php.

{
       if ( defined( 'PHP_OS' ) )
       {
              $os = PHP_OS ;
       }
       else
       {
              $os = php_uname() ;
       }

       if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
       {
              return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
       }
       else
       {
              return ( htmlspecialchars( $value ) ) ;
       }
}

Here is the call graph for this function:

Here is the caller graph for this function:

DetectHtml ( filePath)

Detect HTML in the first KB to prevent against potential security issue with IE/Safari/Opera file type auto detection bug.

Returns true if file contain insecure HTML code at the beginning.

Parameters:
string$filePathabsolute path to file
Returns:
boolean

Definition at line 110 of file util.php.

{
       $fp = @fopen( $filePath, 'rb' ) ;

       //open_basedir restriction, see #1906
       if ( $fp === false || !flock( $fp, LOCK_SH ) )
       {
              return -1 ;
       }

       $chunk = fread( $fp, 1024 ) ;
       flock( $fp, LOCK_UN ) ;
       fclose( $fp ) ;

       $chunk = strtolower( $chunk ) ;

       if (!$chunk)
       {
              return false ;
       }

       $chunk = trim( $chunk ) ;

       if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
       {
              return true;
       }

       $tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;

       foreach( $tags as $tag )
       {
              if( false !== strpos( $chunk, $tag ) )
              {
                     return true ;
              }
       }

       //type = javascript
       if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
       {
              return true ;
       }

       //href = javascript
       //src = javascript
       //data = javascript
       if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
       {
              return true ;
       }

       //url(javascript
       if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
       {
              return true ;
       }

       return false ;
}

Here is the caller graph for this function:

FindBadUtf8 ( string)

Definition at line 37 of file util.php.

{
       $regex =
       '([\x00-\x7F]'.
       '|[\xC2-\xDF][\x80-\xBF]'.
       '|\xE0[\xA0-\xBF][\x80-\xBF]'.
       '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
       '|\xED[\x80-\x9F][\x80-\xBF]'.
       '|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
       '|[\xF1-\xF3][\x80-\xBF]{3}'.
       '|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
       '|(.{1}))';

       while (preg_match('/'.$regex.'/S', $string, $matches)) {
              if ( isset($matches[2])) {
                     return true;
              }
              $string = substr($string, strlen($matches[0]));
       }

       return false;
}

Here is the caller graph for this function:

IsHtmlExtension ( ext,
htmlExtensions 
)

Check whether given extension is in html etensions list.

Parameters:
string$ext
array$htmlExtensions
Returns:
boolean

Definition at line 88 of file util.php.

{
       if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
       {
              return false ;
       }
       $lcaseHtmlExtensions = array() ;
       foreach ( $htmlExtensions as $key => $val )
       {
              $lcaseHtmlExtensions[$key] = strtolower( $val ) ;
       }
       return in_array( $ext, $lcaseHtmlExtensions ) ;
}

Here is the caller graph for this function:

IsImageValid ( filePath,
extension 
)

Check file content.

Currently this function validates only image files. Returns false if file is invalid.

Parameters:
string$filePathabsolute path to file
string$extensionfile extension
integer$detectionLevel0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
Returns:
boolean

Definition at line 181 of file util.php.

{
       if (!@is_readable($filePath)) {
              return -1;
       }

       $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');

       // version_compare is available since PHP4 >= 4.0.7
       if ( function_exists( 'version_compare' ) ) {
              $sCurrentVersion = phpversion();
              if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
                     $imageCheckExtensions[] = "tiff";
                     $imageCheckExtensions[] = "tif";
              }
              if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
                     $imageCheckExtensions[] = "swc";
              }
              if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
                     $imageCheckExtensions[] = "jpc";
                     $imageCheckExtensions[] = "jp2";
                     $imageCheckExtensions[] = "jpx";
                     $imageCheckExtensions[] = "jb2";
                     $imageCheckExtensions[] = "xbm";
                     $imageCheckExtensions[] = "wbmp";
              }
       }

       if ( !in_array( $extension, $imageCheckExtensions ) ) {
              return true;
       }

       if ( @getimagesize( $filePath ) === false ) {
              return false ;
       }

       return true;
}

Here is the caller graph for this function:

RemoveFromEnd ( sourceString,
charToRemove 
)

Definition at line 31 of file util.php.

{
       $sPattern = '|' . $charToRemove . '+$|' ;
       return preg_replace( $sPattern, '', $sourceString ) ;
}

Here is the caller graph for this function:

RemoveFromStart ( sourceString,
charToRemove 
)

Definition at line 25 of file util.php.

{
       $sPattern = '|^' . $charToRemove . '+|' ;
       return preg_replace( $sPattern, '', $sourceString ) ;
}

Here is the caller graph for this function: