Click here to Skip to main content
15,886,199 members
Search within:


Articles / Web Development / XHTML
 

Integrating FCKeditor in ASP.NET

Rate me:
Please Sign up or sign in to vote.
4.43/5 (15 votes)
20 Jul 2008CPOL2 min read 269.9K   10.1K   64  
Integrating FCKeditor in ASP.NET
 
<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2008 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * Utility functions for the File Manager Connector for PHP.
 */

function RemoveFromStart( $sourceString, $charToRemove )
{
	$sPattern = '|^' . $charToRemove . '+|' ;
	return preg_replace( $sPattern, '', $sourceString ) ;
}

function RemoveFromEnd( $sourceString, $charToRemove )
{
	$sPattern = '|' . $charToRemove . '+$|' ;
	return preg_replace( $sPattern, '', $sourceString ) ;
}

function FindBadUtf8( $string )
{
	$regex =
	'([\x00-\x7F]'.
	'|[\xC2-\xDF][\x80-\xBF]'.
	'|\xE0[\xA0-\xBF][\x80-\xBF]'.
	'|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'.
	'|\xED[\x80-\x9F][\x80-\xBF]'.
	'|\xF0[\x90-\xBF][\x80-\xBF]{2}'.
	'|[\xF1-\xF3][\x80-\xBF]{3}'.
	'|\xF4[\x80-\x8F][\x80-\xBF]{2}'.
	'|(.{1}))';

	while (preg_match('/'.$regex.'/S', $string, $matches)) {
		if ( isset($matches[2])) {
			return true;
		}
		$string = substr($string, strlen($matches[0]));
	}

	return false;
}

function ConvertToXmlAttribute( $value )
{
	if ( defined( 'PHP_OS' ) )
	{
		$os = PHP_OS ;
	}
	else
	{
		$os = php_uname() ;
	}

	if ( strtoupper( substr( $os, 0, 3 ) ) === 'WIN' || FindBadUtf8( $value ) )
	{
		return ( utf8_encode( htmlspecialchars( $value ) ) ) ;
	}
	else
	{
		return ( htmlspecialchars( $value ) ) ;
	}
}

/**
 * Check whether given extension is in html etensions list
 *
 * @param string $ext
 * @param array $htmlExtensions
 * @return boolean
 */
function IsHtmlExtension( $ext, $htmlExtensions )
{
	if ( !$htmlExtensions || !is_array( $htmlExtensions ) )
	{
		return false ;
	}
	$lcaseHtmlExtensions = array() ;
	foreach ( $htmlExtensions as $key => $val )
	{
		$lcaseHtmlExtensions[$key] = strtolower( $val ) ;
	}
	return in_array( $ext, $lcaseHtmlExtensions ) ;
}

/**
 * Detect HTML in the first KB to prevent against potential security issue with
 * IE/Safari/Opera file type auto detection bug.
 * Returns true if file contain insecure HTML code at the beginning.
 *
 * @param string $filePath absolute path to file
 * @return boolean
 */
function DetectHtml( $filePath )
{
	$fp = @fopen( $filePath, 'rb' ) ;

	//open_basedir restriction, see #1906
	if ( $fp === false || !flock( $fp, LOCK_SH ) )
	{
		return -1 ;
	}

	$chunk = fread( $fp, 1024 ) ;
	flock( $fp, LOCK_UN ) ;
	fclose( $fp ) ;

	$chunk = strtolower( $chunk ) ;

	if (!$chunk)
	{
		return false ;
	}

	$chunk = trim( $chunk ) ;

	if ( preg_match( "/<!DOCTYPE\W*X?HTML/sim", $chunk ) )
	{
		return true;
	}

	$tags = array( '<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title' ) ;

	foreach( $tags as $tag )
	{
		if( false !== strpos( $chunk, $tag ) )
		{
			return true ;
		}
	}

	//type = javascript
	if ( preg_match( '!type\s*=\s*[\'"]?\s*(?:\w*/)?(?:ecma|java)!sim', $chunk ) )
	{
		return true ;
	}

	//href = javascript
	//src = javascript
	//data = javascript
	if ( preg_match( '!(?:href|src|data)\s*=\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
	{
		return true ;
	}

	//url(javascript
	if ( preg_match( '!url\s*\(\s*[\'"]?\s*(?:ecma|java)script:!sim', $chunk ) )
	{
		return true ;
	}

	return false ;
}

/**
 * Check file content.
 * Currently this function validates only image files.
 * Returns false if file is invalid.
 *
 * @param string $filePath absolute path to file
 * @param string $extension file extension
 * @param integer $detectionLevel 0 = none, 1 = use getimagesize for images, 2 = use DetectHtml for images
 * @return boolean
 */
function IsImageValid( $filePath, $extension )
{
	if (!@is_readable($filePath)) {
		return -1;
	}

	$imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff');

	// version_compare is available since PHP4 >= 4.0.7
	if ( function_exists( 'version_compare' ) ) {
		$sCurrentVersion = phpversion();
		if ( version_compare( $sCurrentVersion, "4.2.0" ) >= 0 ) {
			$imageCheckExtensions[] = "tiff";
			$imageCheckExtensions[] = "tif";
		}
		if ( version_compare( $sCurrentVersion, "4.3.0" ) >= 0 ) {
			$imageCheckExtensions[] = "swc";
		}
		if ( version_compare( $sCurrentVersion, "4.3.2" ) >= 0 ) {
			$imageCheckExtensions[] = "jpc";
			$imageCheckExtensions[] = "jp2";
			$imageCheckExtensions[] = "jpx";
			$imageCheckExtensions[] = "jb2";
			$imageCheckExtensions[] = "xbm";
			$imageCheckExtensions[] = "wbmp";
		}
	}

	if ( !in_array( $extension, $imageCheckExtensions ) ) {
		return true;
	}

	if ( @getimagesize( $filePath ) === false ) {
		return false ;
	}

	return true;
}

?>

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Jahedur Rahman Chowdhury
Software Developer (Senior)
Bangladesh Bangladesh
Software Engineer, Bangladesh.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 20 Jul 2008

Article Copyright 2008 by Jahedur Rahman Chowdhury
Everything else Copyright © CodeProject, 1999-2024

Web03 2.8:2024-04-02:1