1<?php
2/*
3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
5 *
6 * == BEGIN LICENSE ==
7 *
8 * Licensed under the terms of any of the following licenses at your
9 * choice:
10 *
11 *  - GNU General Public License Version 2 or later (the "GPL")
12 *    http://www.gnu.org/licenses/gpl.html
13 *
14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15 *    http://www.gnu.org/licenses/lgpl.html
16 *
17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
18 *    http://www.mozilla.org/MPL/MPL-1.1.html
19 *
20 * == END LICENSE ==
21 *
22 * Utility functions for the File Manager Connector for PHP.
23 */
24
25function RemoveFromStart( $sourceString, $charToRemove )
26{
27	$sPattern = '|^' . $charToRemove . '+|' ;
28	return preg_replace( $sPattern, '', $sourceString ) ;
29}
30
31function RemoveFromEnd( $sourceString, $charToRemove )
32{
33	$sPattern = '|' . $charToRemove . '+$|' ;
34	return preg_replace( $sPattern, '', $sourceString ) ;
35}
36
37function FindBadUtf8( $string )
38{
39	$regex =
40	'([\x00-\x7F]'.
41	'|[\xC2-\xDF][\x80-\xBF]'.
42	'|\xE0[\xA0-\xBF][\x80-\xBF]'.
43	'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
44	'|\xED[\x80-\x9F][\x80-\xBF]'.
45	'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
46	'|[\xF1-\xF3][\x80-\xBF]{3}'.
47	'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
48	'|(.{1}))';
49
50	while (preg_match('/'.$regex.'/S', $string, $matches)) {
51		if ( isset($matches[2])) {
52			return true;
53		}
54		$string = substr($string, strlen($matches[0]));
55	}
56
57	return false;
58}
59
60function ConvertToXmlAttribute( $value )
61{
62 // util_debug($value);
63 // util_debug( utf8_encode( htmlspecialchars( $value ) ));
64	if ( defined( 'PHP_OS' ) )
65	{
66		$os = PHP_OS ;
67	}
68	else
69	{
70		$os = php_uname() ;
71	}
72
73	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
74	{
75
76//	        util_debug('FindBad' .  htmlspecialchars($value));
77//               util_debug('FindBad' . utf8_encode( htmlspecialchars( $value ) ));
78		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
79	}
80	else
81	{
82//	util_debug('speccial chars=' . htmlspecialchars($value));
83		return ( htmlspecialchars( $value ) ) ;
84	}
85}
86
87/**
88 * Check whether given extension is in html etensions list
89 *
90 * @param string $ext
91 * @param array $htmlExtensions
92 * @return boolean
93 */
94function IsHtmlExtension( $ext, $htmlExtensions )
95{
96	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
97	{
98		return false ;
99	}
100	$lcaseHtmlExtensions = array() ;
101	foreach ( $htmlExtensions as $key => $val )
102	{
103		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
104	}
105	return in_array( $ext, $lcaseHtmlExtensions ) ;
106}
107
108/**
109 * Detect HTML in the first KB to prevent against potential security issue with
110 * IE/Safari/Opera file type auto detection bug.
111 * Returns true if file contain insecure HTML code at the beginning.
112 *
113 * @param string $filePath absolute path to file
114 * @return boolean
115 */
116function DetectHtml( $filePath )
117{
118	$fp = @fopen( $filePath, 'rb' ) ;
119
120	//open_basedir restriction, see #1906
121	if ( $fp === false || !flock( $fp, LOCK_SH ) )
122	{
123		return -1 ;
124	}
125
126	$chunk = fread( $fp, 1024 ) ;
127	flock( $fp, LOCK_UN ) ;
128	fclose( $fp ) ;
129
130	$chunk = strtolower( $chunk ) ;
131
132	if (!$chunk)
133	{
134		return false ;
135	}
136
137	$chunk = trim( $chunk ) ;
138
139	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
140	{
141		return true;
142	}
143
144	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;
145
146	foreach( $tags as $tag )
147	{
148		if( false !== strpos( $chunk, $tag ) )
149		{
150            if($tag == '<title' && preg_match("/svg-edit/",$chunk)) continue;
151			return true ;
152		}
153	}
154
155	//type = javascript
156	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
157	{
158		return true ;
159	}
160
161	//href = javascript
162	//src = javascript
163	//data = javascript
164	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
165	{
166		return true ;
167	}
168
169	//url(javascript
170	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
171	{
172		return true ;
173	}
174
175	return false ;
176}
177
178/**
179 * Check file content.
180 * Currently this function validates only image files.
181 * Returns false if file is invalid.
182 *
183 * @param string $filePath absolute path to file
184 * @param string $extension file extension
185 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
186 * @return boolean
187 */
188function IsImageValid( $filePath, $extension )
189{
190	if (!@is_readable($filePath)) {
191		return -1;
192	}
193
194	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');
195
196	// version_compare is available since PHP4 >= 4.0.7
197	if ( function_exists( 'version_compare' ) ) {
198		$sCurrentVersion = phpversion();
199		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
200			$imageCheckExtensions[] = "tiff";
201			$imageCheckExtensions[] = "tif";
202		}
203		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
204			$imageCheckExtensions[] = "swc";
205		}
206		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
207			$imageCheckExtensions[] = "jpc";
208			$imageCheckExtensions[] = "jp2";
209			$imageCheckExtensions[] = "jpx";
210			$imageCheckExtensions[] = "jb2";
211			$imageCheckExtensions[] = "xbm";
212			$imageCheckExtensions[] = "wbmp";
213		}
214	}
215
216	if ( !in_array( $extension, $imageCheckExtensions ) ) {
217		return true;
218	}
219
220	if ( @getimagesize( $filePath ) === false ) {
221		return false ;
222	}
223
224	return true;
225}
226
227//$Config['isWinStyle']
228//$Config['osWindows']
229function folder_as_entities($path, $type="abs") {
230
231    global $Config;
232    if($path == '/') return $path;
233
234
235    $filetypes = "(file|image|flash|media)(?!\w)";
236    if(!preg_match("#$filetypes#", $path, $matches)) {
237     return $path;
238    }
239    $file_type = $matches[1];
240
241    if($Config['isWinStyle'] || $Config['osWindows']) {
242       $pat = preg_quote(DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'media' . DIRECTORY_SEPARATOR) . '$';
243       if(preg_match("#$pat#",  $path)) {
244        return $path;
245       }
246    }
247
248    $path = urldecode($path);
249
250    $path_type['abs'] = 'UserFilesAbsolutePath';
251    $path_type['url'] = 'UserFilesPath';
252    $len = strlen($Config[$path_type[$type]]);
253    $rest = substr($path, $len);
254
255    $rest = preg_replace("#$filetypes#","",$rest);
256    $rest = trim($rest,'\\/');
257    $folders = preg_split("#[/\\\\]#", $rest);
258
259    for($i=0; $i < count($folders); $i++) {
260          $folders[$i] = urlencode($folders[$i]);
261    }
262
263    $path = implode('/', $folders) ;
264
265    if(isset($file_type) && $file_type != 'image') {
266        if(preg_match('/(file|media|flash)/', $file_type)) {
267           $return_path = $Config[$path_type[$type]] ."$file_type/$path" . '/';
268           $fname = "other.txt";
269        }
270    }
271    else {
272      $return_path = $Config[$path_type[$type]] .'image/' . $path . '/';
273      $fname = "img.txt";
274    }
275    $return_path = rtrim($return_path, '\\,/') . DIRECTORY_SEPARATOR;
276//    file_put_contents($fname,$return_path);
277    return $return_path;
278}
279
280 function util_debug($data) {
281    $handle = fopen('util.dbg', 'a');
282    fwrite($handle, $data . "\n");
283    fclose ($handle);
284 }
285
286?>
287