util.php

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2010 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    https://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    https://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * Utility functions for the File Manager Connector for PHP.
 */

function RemoveFromStart($sourceString, $charToRemove)
{
  $sPattern = '|^'.$charToRemove.'+|';
  return preg_replace($sPattern, '', $sourceString);
}

function RemoveFromEnd($sourceString, $charToRemove)
{
  $sPattern = '|'.$charToRemove.'+$|';
  return preg_replace($sPattern, '', $sourceString);
}

function FindBadUtf8($string)
{
  $regex = '([\x00-\x7F]|[\xC2-\xDF][\x80-\xBF]|\xE0[\xA0-\xBF][\x80-\xBF]|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}|\xED[\x80-\x9F][\x80-\xBF]';
  $regex .= '|\xF0[\x90-\xBF][\x80-\xBF]{2}|[\xF1-\xF3][\x80-\xBF]{3}|\xF4[\x80-\x8F][\x80-\xBF]{2}|(.{1}))';

  $matches = array();
  while (preg_match('/'.$regex.'/S', $string, $matches)) {
    if (isset($matches[2])) {
      return true;
    }
    $string = substr($string, strlen($matches[0]));
  }

  return false;
}

function ConvertToXmlAttribute($value)
{
  if (defined('PHP_OS'))
  {
    $os = PHP_OS;
  } else {
    $os = php_uname();
  }

  if (strtoupper(substr($os, 0, 3)) === 'WIN' || FindBadUtf8($value))
  {
    return (utf8_encode(htmlspecialchars($value)));
  } else {
    return (htmlspecialchars($value));
  }
}

function IsHtmlExtension($ext, $formExtensions)
{
  if (!$formExtensions || !is_array($formExtensions))
  {
    return false;
  }
  $lcaseHtmlExtensions = array();
  foreach ($formExtensions as $key => $val)
  {
    $lcaseHtmlExtensions[$key] = strtolower($val);
  }
  return in_array($ext, $lcaseHtmlExtensions);
}

function DetectHtml($filePath)
{
  $fp = @fopen($filePath, 'rb');

  //open_basedir restriction, see #1906
  if ($fp === false || !flock($fp, LOCK_SH))
  {
    return -1;
  }

  $chunk = fread($fp, 1024);
  flock($fp, LOCK_UN);
  fclose($fp);

  $chunk = strtolower($chunk);

  if (!$chunk)
  {
    return false;
  }

  $chunk = trim($chunk);

  if (preg_match("/<!DOCTYPE\W*X?HTML/sim", $chunk))
  {
    return true;
  }

  $tags = array('<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title');

  foreach ($tags as $tag)
  {
    if (false !== strpos($chunk, $tag))
    {
      return true;
    }
  }

  //type = javascript
  if (preg_match('!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk))
  {
    return true;
  }

  //href = javascript
  //src = javascript
  //data = javascript
  if (preg_match('!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk))
  {
    return true;
  }

  //url(javascript
  if (preg_match('!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk))
  {
    return true;
  }

  return false;
}

function IsImageValid($filePath, $extension)
{
  if (!@is_readable($filePath)) {
    return -1;
  }

  $imageCheckExtensions = array(
    'gif',
    'jpeg',
    'jpg',
    'png',
    'swf',
    'psd',
    'bmp',
    'iff',
    'tiff',
    'tif',
    'swc',
    'jpc',
    'jp2',
    'jpx',
    'jb2',
    'xbm',
    'wbmp'
  );

  if (!in_array($extension, $imageCheckExtensions)) {
    return true;
  }

  if (@getimagesize($filePath) === false) {
    return false;
  }

  return true;
}