File indexing completed on 2025-02-02 05:48:46
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 **/ 0023 class Local_Validate_SanitizeUrl extends Zend_Validate_Abstract 0024 { 0025 const INVALID_URL = 'invalidUrl'; 0026 const INVALID_FILE_TYPE = 'invalidFileType'; 0027 const URL_NOT_ACCESSIBLE = 'urlNotAccessible'; 0028 0029 protected $_allowedMimeTypes = array( 0030 'text/html' => 'htm|html|php', 0031 ); 0032 0033 protected $_invalidMimeTypes = array( 0034 '\.pdf', 0035 '\.zip', 0036 '\.exe', 0037 '\.rar', 0038 '\.doc', 0039 '\.7z', 0040 '\.js', 0041 '\.css' 0042 ); 0043 0044 // Image formats 0045 // 'jpg|jpeg|jpe' => 'image/jpeg', 0046 // 'gif' => 'image/gif', 0047 // 'png' => 'image/png', 0048 // 'bmp' => 'image/bmp', 0049 // 'tif|tiff' => 'image/tiff', 0050 // 'ico' => 'image/x-icon', 0051 0052 // Video formats 0053 // 'asf|asx' => 'video/x-ms-asf', 0054 // 'wmv' => 'video/x-ms-wmv', 0055 // 'wmx' => 'video/x-ms-wmx', 0056 // 'wm' => 'video/x-ms-wm', 0057 // 'avi' => 'video/avi', 0058 // 'divx' => 'video/divx', 0059 // 'flv' => 'video/x-flv', 0060 // 'mov|qt' => 'video/quicktime', 0061 // 'mpeg|mpg|mpe' => 'video/mpeg', 0062 // 'mp4|m4v' => 'video/mp4', 0063 // 'ogv' => 'video/ogg', 0064 // 'webm' => 'video/webm', 0065 // 'mkv' => 'video/x-matroska', 0066 0067 // Text formats 0068 // 'txt|asc|c|cc|h' => 'text/plain', 0069 // 'csv' => 'text/csv', 0070 // 'tsv' => 'text/tab-separated-values', 0071 // 'ics' => 'text/calendar', 0072 // 'rtx' => 'text/richtext', 0073 // 'css' => 'text/css', 0074 // 'htm|html' => 'text/html', 0075 0076 // Audio formats 0077 // 'mp3|m4a|m4b' => 'audio/mpeg', 0078 // 'ra|ram' => 'audio/x-realaudio', 0079 // 'wav' => 'audio/wav', 0080 // 'ogg|oga' => 'audio/ogg', 0081 // 'mid|midi' => 'audio/midi', 0082 // 'wma' => 'audio/x-ms-wma', 0083 // 'wax' => 'audio/x-ms-wax', 0084 // 'mka' => 'audio/x-matroska', 0085 0086 // Misc application formats 0087 // 'rtf' => 'application/rtf', 0088 // 'js' => 'application/javascript', 0089 // 'pdf' => 'application/pdf', 0090 // 'swf' => 'application/x-shockwave-flash', 0091 // 'class' => 'application/java', 0092 // 'tar' => 'application/x-tar', 0093 // 'zip' => 'application/zip', 0094 // 'gz|gzip' => 'application/x-gzip', 0095 // 'rar' => 'application/rar', 0096 // '7z' => 'application/x-7z-compressed', 0097 // 'exe' => 'application/x-msdownload', 0098 0099 // MS Office formats 0100 // 'doc' => 'application/msword', 0101 // 'pot|pps|ppt' => 'application/vnd.ms-powerpoint', 0102 // 'wri' => 'application/vnd.ms-write', 0103 // 'xla|xls|xlt|xlw' => 'application/vnd.ms-excel', 0104 // 'mdb' => 'application/vnd.ms-access', 0105 // 'mpp' => 'application/vnd.ms-project', 0106 // 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml. document', 0107 // 'docm' => 'application/vnd.ms-word.document.macroEnabled.12', 0108 // 'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml. template', 0109 // 'dotm' => 'application/vnd.ms-word.template.macroEnabled.12', 0110 // 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 0111 // 'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12', 0112 // 'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12', 0113 // 'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 0114 // 'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12', 0115 // 'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12', 0116 // 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml. presentation', 0117 // 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12', 0118 // 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml. slideshow', 0119 // 'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12', 0120 // 'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template', 0121 // 'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12', 0122 // 'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12', 0123 // 'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide', 0124 // 'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12', 0125 // 'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote', 0126 0127 // OpenOffice formats 0128 // 'odt' => 'application/vnd.oasis.opendocument.text', 0129 // 'odp' => 'application/vnd.oasis.opendocument.presentation', 0130 // 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', 0131 // 'o dg' => 'application/vnd.oasis.opendocument.graphics', 0132 // 'odc' => 'application/vnd.oasis.opendocument.chart', 0133 // 'odb' => 'application/vnd.oasis.opendocument.database', 0134 // 'odf' => 'application/vnd.oasis.opendocument.formula', 0135 0136 // WordPerfect formats 0137 // 'wp|wpd' => 'application/wordperfect', 0138 0139 // iWork formats 0140 // 'key' => 'application/vnd.apple.keynote', 0141 // 'numbers' => 'application/vnd.apple.numbers', 0142 // 'pages' => 'application/vnd.apple.pages' 0143 0144 0145 protected $_messageTemplates = array( 0146 self::INVALID_URL => "Not a valid URL. Please check your URL.", 0147 self::INVALID_FILE_TYPE => "Not a valid file type. Valid file types are htm or html or php.", 0148 self::URL_NOT_ACCESSIBLE => "Not a valid URL. Please check your URL." 0149 ); 0150 0151 public function isValid($value) 0152 { 0153 $valueString = ( string )$value; 0154 $this->_setValue($valueString); 0155 0156 return $this->isUrlValid($value); 0157 } 0158 0159 /** 0160 * Checks the URL string for allowed structure and mime type 0161 * 0162 * @param null $url 0163 * @return bool 0164 */ 0165 function isUrlValid($url = null) 0166 { 0167 if ($url == null) { 0168 return false; 0169 } 0170 0171 if (false == Zend_Uri_Http::check($url)) { 0172 $this->_error(self::INVALID_URL); 0173 return false; 0174 } 0175 0176 $uri = Zend_Uri_Http::fromString($url); 0177 $path = $uri->getPath(); 0178 foreach ($this->_invalidMimeTypes as $invalidMimeType) { 0179 if (true == preg_match("/.*{$invalidMimeType}\/?$/", $path)) { 0180 $this->_error(self::INVALID_FILE_TYPE); 0181 return false; 0182 } 0183 } 0184 0185 $format = 1; 0186 $infoHeader = get_headers($url, $format); 0187 if (false === $infoHeader) { 0188 $this->_error(self::URL_NOT_ACCESSIBLE); 0189 return false; 0190 } 0191 0192 $infoContentType = $infoHeader["Content-Type"]; 0193 $contentType = explode(';', $infoContentType); 0194 0195 if (false == array_key_exists(trim($contentType[0]), $this->_allowedMimeTypes)) { 0196 $this->_error(self::INVALID_FILE_TYPE); 0197 return false; 0198 } 0199 0200 return true; 0201 } 0202 0203 }