source: tags/0.9beta/plugins/SpellChecker/aspell_setup.php @ 643

Last change on this file since 643 was 643, checked in by ray, 13 years ago

Finally: The first Xinha release! see Ticket #902

File size: 3.6 KB
RevLine 
[643]1<?php
2// REVISION HISTORY:
3//
4// 2005-08-17 YmL:
5//      .       security fix on unchecked variables. Original author missed quite a few
6//              holes.
7
8  umask(000);
9  $temptext = tempnam('/tmp', 'spell_');
10  if ((!isset($_POST['dictionary'])) || (strlen(trim($_POST['dictionary'])) < 1))
11  {
12      $lang = 'en_GB';
13  }
14  else
15  {
16      $lang = $_POST['dictionary'];
17  } 
18  $lang = preg_replace('/[^a-z0-9_]/i', '', $lang);
19 
20  $aspell      = 'aspell';
21  $aspell_args = '-a --lang=' . $lang;
22
23  if(DIRECTORY_SEPARATOR == '\\') //windows
24  {
25    $aspell         = 'C:\Progra~1\Aspell\bin\aspell.exe';
26  }
27  else //linux
28  {
29    // See if there is a local install of aspell here
30    if(file_exists(dirname(__FILE__) . '/aspell/bin/aspell'))
31    {
32      putenv('PATH=' . dirname(__FILE__) . '/aspell/bin:' . getenv('PATH'));
33      putenv('LD_LIBRARY_PATH=' . dirname(__FILE__) . '/aspell/lib:' . getenv('LD_LIBRARY_PATH'));
34      $dicfil = dirname(__FILE__) .'/aspell/lib/' . preg_replace('/^.*\/lib\/(aspell\S*)\n.*/s', '$1', `aspell config dict-dir`);
35      $aspell_args .= ' --dict-dir=' . $dicfil . ' --add-filter-path=' . $dicfil ;
36    }
37  }
38
39
40  // Old aspell doesn't know about encoding, which means that unicode will be broke, but
41  // we should at least let it try.
42  preg_match('/really aspell ([0-9]+)\.([0-9]+)(?:\.([0-9]+))?/i', `$aspell version`, $aVer);
43
44  $aVer = array('major' => (int)$aVer[1], 'minor' => (int)$aVer[2], 'release' => (int)@$aVer[3]);
45  if($aVer['major'] >= 0 && $aVer['minor'] >= 60)
46  {
47    $aspell_args   .= ' -H --encoding=utf-8';
48  }
49  elseif(preg_match('/--encoding/', shell_exec('aspell 2>&1')))
50  {
51    $aspell_args   .= ' --mode=none --add-filter=sgml --encoding=utf-8';
52  }
53  else
54  {
55    $aspell_args   .= ' --mode=none --add-filter=sgml';
56  }
57
58  // Personal dictionaries
59  $p_dicts_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'personal_dicts';
60
61  if(isset($_REQUEST['p_dicts_path']) && file_exists($_REQUEST['p_dicts_path']) && is_writable($_REQUEST['p_dicts_path']))
62  {
63    if(!isset($_REQUEST['p_dicts_name']))
64    {
65      if(isset($_COOKIE['SpellChecker_p_dicts_name']))
66      {
67        $_REQUEST['p_dicts_name'] = $_COOKIE['SpellChecker_p_dicts_name'];
68      }
69      else
70      {
71        $_REQUEST['p_dicts_name'] = uniqid('dict');
72        setcookie('SpellChecker_p_dicts_name', $_REQUEST['p_dicts_name'], time() + 60*60*24*365*10);
73      }
74    }   
75    $p_dict_path = $_REQUEST['p_dicts_path'] . DIRECTORY_SEPARATOR . preg_replace('/[^a-z0-9_]/i', '', $_REQUEST['p_dicts_name']);
76
77    if(!file_exists($p_dict_path))
78    {
79                // since there is a single directory for all users this could end up containing
80                // quite a few subdirectories. To prevent a DOS situation we'll limit the
81                // total directories created to 2000 (arbitrary). Adjust to suit your installation.
82
83                $count = 0;
84
85                if( $dir = @opendir( $p_dicts_path ) )
86                        {
87
88                        while( FALSE !== ($file = readdir($dir)) )
89                                {
90                                $count++;
91                                }
92                        }
93
94                // TODO: make this a config value.
95
96                if ( $count > 2000 )
97                        {
98
99                        // either very heavy use or a DOS attempt
100
101                        die();
102
103                        }
104
105      mkdir($p_dict_path);
106      chmod($p_dict_path, 02770);
107    }
108
109    if(file_exists($p_dict_path) && is_writable($p_dict_path))
110    {
111      // Good To Go!
112      $aspell_args .= ' --home-dir=' . $p_dict_path ;
113    }
114  }
115
116// as an additional precaution check the aspell_args for illegal
117// characters
118  $aspell_args = preg_replace( "/[|><;\$]+/", '', $aspell_args );
119  $aspelldictionaries = "$aspell dump dicts";
120  $aspellcommand      = "$aspell $aspell_args < $temptext";
121
122
123?>
Note: See TracBrowser for help on using the repository browser.