diff options
author | M.Gergo | 2020-03-26 17:25:03 +0100 |
---|---|---|
committer | M.Gergo | 2020-03-26 17:25:03 +0100 |
commit | 108cd360416fab309c0d91e26187c5d51dc1f8d7 (patch) | |
tree | 5bef2292957fe1dc1a664abbe8ade5f5dfe88418 /mayor-orig/mayor-base/www | |
parent | f5c88cbab227449ae2c1f000d9911499f6065315 (diff) | |
download | mayor-108cd360416fab309c0d91e26187c5d51dc1f8d7.tar.gz mayor-108cd360416fab309c0d91e26187c5d51dc1f8d7.zip |
Rev: 4639rev4639
Diffstat (limited to 'mayor-orig/mayor-base/www')
-rw-r--r-- | mayor-orig/mayor-base/www/include/share/net/upload.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index d58708ed..4aea8b8a 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -49,12 +49,27 @@ try { // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. + + // define('CLAMAV_ENABLED',true); + if (CLAMAV_ENABLED === true) { + $safePath = escapeshellarg($_FILES['upfile']['tmp_name']); + $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove --log='/var/mayor/log/clamdscan.log'"; // --remove + $out = ''; + $int = -1; + exec($command, $out, $int); + if ($int!==0) { + if (file_exists($safePath)) unlink($safePath); + throw new RuntimeException('Szerintünk ez vírusos!!!'); + } + } + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); + return false; } return true; |