[Sommaire] [Imprimer]

   1  <?php
   2      /**************************************************************************\
   3      * eGroupWare SiteMgr - Web Content Management                              *
   4      * http://www.egroupware.org                                                *
   5      * --------------------------------------------                             *
   6      *  This program is free software; you can redistribute it and/or modify it *
   7      *  under the terms of the GNU General Public License as published by the   *
   8      *  Free Software Foundation; either version 2 of the License, or (at your  *
   9      *  option) any later version.                                              *
  10      \**************************************************************************/
  11  
  12      /* $Id: class.module_filecontents.inc.php 20295 2006-02-15 12:31:25Z  $ */
  13  
  14  class module_filecontents extends Module 
  15  {
  16  	function module_filecontents()
  17      {
  18          $this->arguments = array(
  19              'filepath' => array(
  20                  'type' => 'textfield', 
  21                  'label' => lang('The complete URL or path to a file to be included'),
  22                  'params' => array('size' => 50),
  23              )
  24          );
  25          $this->title = lang('File contents');
  26          $this->description = lang('This module includes the contents of an URL or file (readable by the webserver and in its docroot !)');
  27      }
  28  
  29  	function get_content(&$arguments,$properties)
  30      {
  31          $url = parse_url($path = $arguments['filepath']);
  32  
  33          if (empty($path))
  34          {
  35              return '';
  36          }
  37          if (!$this->validate($arguments))
  38          {
  39              return $this->validation_error;
  40          }
  41          $is_html = preg_match('/\.html?$/i',$path);
  42  
  43          if ($this->is_script($path) || @$url['scheme'])
  44          {
  45              if (!@$url['scheme'])
  46              {
  47                  $path = ($_SERVER['HTTPS'] ? 'https://' : 'http://') .
  48                      ($url['hostname'] ? $url['hostname'] : $_SERVER['HTTP_HOST']) .
  49                      str_replace($_SERVER['DOCUMENT_ROOT'],'',$path);
  50              }
  51              if ($fp = fopen($path,'rb'))
  52              {
  53                  $ret = '';
  54                  while (!feof($fp))
  55                  {
  56                      $ret .= fread($fp,1024);
  57                  }
  58                  fclose ($fp);
  59                  $is_html = True;
  60              }
  61              else
  62              {
  63                  $ret = lang('File %1 is not readable by the webserver !!!',$path);
  64              }
  65          }
  66          else
  67          {
  68              $ret = implode('', file($path));
  69          }
  70          if ($is_html)
  71          {
  72              $one_line = str_replace("\n",'\\n',$ret);
  73              // only use what's between the body tags
  74              if (preg_match('/<body[^>]*>(.*)<\/body>/i',$one_line,$parts))
  75              {
  76                  $ret = str_replace('\\n',"\n",$parts[1]);
  77              }
  78              if (preg_match('/<meta http-equiv="content-type" content="text\/html; ?charset=([^"]+)"/i',$one_line,$parts))
  79              {
  80                  $ret = $GLOBALS['egw']->translation->convert($ret,$parts[1]);
  81              }
  82          }
  83          return $ret;
  84      }
  85  
  86      // test if $path lies within the webservers document-root
  87      //
  88  	function in_docroot($path)
  89      {
  90          $docroots = array(EGW_SERVER_ROOT,$_SERVER['DOCUMENT_ROOT']);
  91          $path = realpath($path);
  92  
  93          foreach ($docroots as $docroot)
  94          {
  95              $len = strlen($docroot);
  96  
  97              if ($docroot == substr($path,0,$len))
  98              {
  99                  $rest = substr($path,$len);
 100  
 101                  if (!strlen($rest) || $rest[0] == DIRECTORY_SEPARATOR)
 102                  {
 103                      return True;
 104                  }
 105              }
 106          }
 107          return False;
 108      }
 109  
 110  	function is_script($url)
 111      {
 112          $url = parse_url($url);
 113  
 114          return preg_match('/\.(php.?|pl|py)$/i',$url['path']);
 115      }
 116  
 117  	function validate(&$data)
 118      {
 119          $url = parse_url($data['filepath']);
 120          $allow_url_fopen = ini_get('allow_url_fopen');
 121  
 122          if ($url['scheme'] || $this->is_script($data['filepath']) && !$allow_url_fopen)
 123          {
 124              if (!$allow_url_fopen)
 125              {
 126                  $this->validation_error = lang("Can't open an URL or execute a script, because allow_url_fopen is not set in your php.ini !!!");
 127                  return false;
 128              }
 129              return True;
 130          }
 131          if (!is_readable($url['path']))
 132          {
 133              $this->validation_error = lang('File %1 is not readable by the webserver !!!',$data['filepath']);
 134              return false;
 135          }
 136          if (!$this->in_docroot($data['filepath']))
 137          {
 138              $this->validation_error = lang('File %1 is outside the docroot of the webserver !!!<br>This module does NOT allow - for security reasons - to open files outside the docroot.',$data['filepath']);
 139              return false;
 140          }
 141          return true;
 142      }
 143  }