From c29b82d90a8bdf9ee93a1a5e28237a8e078eae74 Mon Sep 17 00:00:00 2001 From: thomascube Date: Tue, 20 Dec 2011 08:29:28 +0000 Subject: [PATCH] Fix crashes with eAccelerator (#1488256) --- program/include/rcube_content_filter.php | 55 ++++++++++++++++++++++++ program/steps/mail/get.inc | 38 +--------------- 2 files changed, 56 insertions(+), 37 deletions(-) create mode 100644 program/include/rcube_content_filter.php diff --git a/program/include/rcube_content_filter.php b/program/include/rcube_content_filter.php new file mode 100644 index 000000000..430defec6 --- /dev/null +++ b/program/include/rcube_content_filter.php @@ -0,0 +1,55 @@ + | + +-----------------------------------------------------------------------+ + + $Id$ +*/ + +/** + * PHP stream filter to detect html/javascript code in attachments + */ +class rcube_content_filter extends php_user_filter +{ + private $buffer = ''; + private $cutoff = 2048; + + function onCreate() + { + $this->cutoff = rand(2048, 3027); + return true; + } + + function filter($in, $out, &$consumed, $closing) + { + while ($bucket = stream_bucket_make_writeable($in)) { + $this->buffer .= $bucket->data; + + // check for evil content and abort + if (preg_match('/<(script|iframe|object)/i', $this->buffer)) + return PSFS_ERR_FATAL; + + // keep buffer small enough + if (strlen($this->buffer) > 4096) + $this->buffer = substr($this->buffer, $this->cutoff); + + $consumed += $bucket->datalen; + stream_bucket_append($out, $bucket); + } + + return PSFS_PASS_ON; + } +} + diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index cbe59346f..d114e7c61 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -5,7 +5,7 @@ | program/steps/mail/get.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -194,39 +194,3 @@ header('HTTP/1.1 404 Not Found'); exit; - -/** - * PHP stream filter to detect html/javascript code in attachments - */ -class rcube_content_filter extends php_user_filter -{ - private $buffer = ''; - private $cutoff = 2048; - - function onCreate() - { - $this->cutoff = rand(2048, 3027); - return true; - } - - function filter($in, $out, &$consumed, $closing) - { - while ($bucket = stream_bucket_make_writeable($in)) { - $this->buffer .= $bucket->data; - - // check for evil content and abort - if (preg_match('/<(script|iframe|object)/i', $this->buffer)) - return PSFS_ERR_FATAL; - - // keep buffer small enough - if (strlen($this->buffer) > 4096) - $this->buffer = substr($this->buffer, $this->cutoff); - - $consumed += $bucket->datalen; - stream_bucket_append($out, $bucket); - } - - return PSFS_PASS_ON; - } -} -