function Filter($filter, $m_data)
{
    global $FILTERS, $SOCKET_FILTERS;
    global $php_errormsg;
    static $b_in_here = false;
    //
    // prevent recursive errors
    //
    if ($b_in_here) {
        return "<DATA DISCARDED>";
    }
    $b_in_here = true;
    //
    // Any errors sent in an alert are flagged to not run through the
    // filter - this also means the user's data won't be included in the
    // alert.
    // The reason for this is that the Filter is typically an encryption
    // program. If the filter fails, then sending the user's data in
    // clear text in an alert breaks the security of having encryption
    // in the first place!
    //
    //
    // find the filter
    //
    if (!isset($FILTERS[$filter]) || $FILTERS[$filter] == "") {
        //
        // check for SOCKET_FILTERS
        //
        if (!isset($SOCKET_FILTERS[$filter]) || $SOCKET_FILTERS[$filter] == "") {
            ErrorWithIgnore("bad_filter", GetMessage(MSG_FILTER_UNK, array("FILTER" => $filter)), false, false);
            exit;
        }
        $m_data = SocketFilter($filter, $SOCKET_FILTERS[$filter], $m_data);
    } elseif ($FILTERS[$filter] == "null") {
        //
        // do nothing - just return the original data unchanged
        //
    } elseif ($FILTERS[$filter] == "csv") {
        $m_data = BuiltinFilterCSV();
    } else {
        $cmd = $FILTERS[$filter];
        //
        // get the program name - assumed to be the first blank-separated word
        //
        $a_words = preg_split('/\\s+/', $cmd);
        $prog = $a_words[0];
        $s_cwd = getcwd();
        //
        // change to the directory that contains the filter program
        //
        $dirname = dirname($prog);
        if ($dirname != "" && $dirname != "." && !chdir($dirname)) {
            Error("chdir_filter", GetMessage(MSG_FILTER_CHDIR, array("DIR" => $dirname, "FILTER" => $filter, "ERROR" => CheckString($php_errormsg))), false, false);
            exit;
        }
        //
        // the output of the filter goes to a temporary file; this works
        // OK on Windows too, even with the Unix shell syntax.
        //
        $temp_file = GetTempName("FMF");
        $temp_error_file = GetTempName("FME");
        $cmd = "{$cmd} >{$temp_file} 2>{$temp_error_file}";
        //
        // start the filter
        //
        $pipe = popen($cmd, "w");
        if ($pipe === false) {
            $s_sv_err = CheckString($php_errormsg);
            $err = join('', file($temp_error_file));
            unlink($temp_file);
            unlink($temp_error_file);
            Error("filter_not_found", GetMessage(MSG_FILTER_NOTFOUND, array("CMD" => $cmd, "FILTER" => $filter, "ERROR" => $s_sv_err)), false, false, $err);
            exit;
        }
        //
        // write the data to the filter
        //
        if (is_array($m_data)) {
            fwrite($pipe, implode(BODY_LF, $m_data));
        } else {
            fwrite($pipe, $m_data);
        }
        if (($i_st = pclose($pipe)) != 0) {
            $s_sv_err = CheckString($php_errormsg);
            $err = join('', file($temp_error_file));
            unlink($temp_file);
            unlink($temp_error_file);
            Error("filter_failed", GetMessage(MSG_FILTER_ERROR, array("FILTER" => $filter, "ERROR" => $s_sv_err, "STATUS" => $i_st)), false, false, $err);
            exit;
        }
        //
        // read in the filter's output and return as the data to be sent
        //
        $m_data = join('', file($temp_file));
        unlink($temp_error_file);
        unlink($temp_file);
        //
        // return to previous directory
        //
        chdir($s_cwd);
    }
    $b_in_here = false;
    return $m_data;
}
Beispiel #2
0
function Filter($filter, $m_data)
{
    global $FILTERS, $SOCKET_FILTERS;
    //
    // Any errors sent in an alert are flagged to not run through the
    // filter - this also means the user's data won't be included in the
    // alert.
    // The reason for this is that the Filter is typically an encryption
    // program. If the filter fails, then sending the user's data in
    // clear text in an alert breaks the security of having encryption
    // in the first place!
    //
    //
    // find the filter
    //
    if (!isset($FILTERS[$filter]) || $FILTERS[$filter] == "") {
        //
        // check for SOCKET_FILTERS
        //
        if (!isset($SOCKET_FILTERS[$filter]) || $SOCKET_FILTERS[$filter] == "") {
            Error("bad_filter", "The form has an internal error - unknown filter '" . $filter . "'", false);
            exit;
        }
        $m_data = SocketFilter($filter, $SOCKET_FILTERS[$filter], $m_data);
    } else {
        $cmd = $FILTERS[$filter];
        //
        // get the program name - assumed to be the first blank-separated word
        //
        $a_words = preg_split('/\\s+/', $cmd);
        $prog = $a_words[0];
        $s_cwd = getcwd();
        //
        // change to the directory that contains the filter program
        //
        $dirname = dirname($prog);
        if (!chdir($dirname)) {
            Error("chdir_filter", "The form has an internal error - cannot chdir to '{$dirname}' to run filter", false);
            exit;
        }
        //
        // the output of the filter goes to a temporary file; this works
        // OK on Windows too, even with the Unix shell syntax.
        //
        $temp_file = GetTempName("FMF");
        $cmd = "{$cmd} > {$temp_file} 2>&1";
        //
        // start the filter
        //
        $pipe = popen($cmd, "w");
        if (!$pipe) {
            $err = join('', file($temp_file));
            unlink($temp_file);
            Error("filter_not_found", "The form has an internal error - cannot execute filter '" . $cmd . "'", false, true, $err);
            exit;
        }
        //
        // write the data to the filter
        //
        if (is_array($m_data)) {
            fwrite($pipe, implode(BODY_LF, $m_data));
        } else {
            fwrite($pipe, $m_data);
        }
        if (pclose($pipe) != 0) {
            $err = join('', file($temp_file));
            unlink($temp_file);
            Error("filter_failed", "The form has an internal error - filter failed", false, true, $err);
            exit;
        }
        //
        // read in the filter's output and return as the data to be sent
        //
        $m_data = join('', file($temp_file));
        unlink($temp_file);
        //
        // return to previous directory
        //
        chdir($s_cwd);
    }
    return $m_data;
}