diff options
author | M.Gergo | 2020-03-31 19:40:35 +0200 |
---|---|---|
committer | M.Gergo | 2020-03-31 19:40:35 +0200 |
commit | 0ba1d0c88b25762d4acb0f4b5425778f0cbc76a9 (patch) | |
tree | 967d5c6f8477b2871ae022b9bd56fc9697af4bbd /mayor-orig/mayor-base | |
parent | 2f564886b387ecd47ce4f88cabb26a706a32c56c (diff) | |
parent | 4c6b313fae97ccb7eaae75b5d05881f10469e13d (diff) | |
download | mayor-0ba1d0c88b25762d4acb0f4b5425778f0cbc76a9.tar.gz mayor-0ba1d0c88b25762d4acb0f4b5425778f0cbc76a9.zip |
Merge branch 'MaYor-dev'
Az eddigi fejlesztések a forrásból -> (devel@mayor.hu)
Diffstat (limited to 'mayor-orig/mayor-base')
-rw-r--r-- | mayor-orig/mayor-base/log/mayor-base.rev | 2 | ||||
-rw-r--r-- | mayor-orig/mayor-base/www/include/share/net/upload.php | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/mayor-orig/mayor-base/log/mayor-base.rev b/mayor-orig/mayor-base/log/mayor-base.rev index 7ea43f6c..ff844583 100644 --- a/mayor-orig/mayor-base/log/mayor-base.rev +++ b/mayor-orig/mayor-base/log/mayor-base.rev @@ -1 +1 @@ -4638 +4644 diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index d58708ed..0d50d34e 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -49,12 +49,27 @@ try { // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. + + // define('CLAMAV_ENABLED',true); + if (CLAMAV_ENABLED === true) { + $safePath = escapeshellarg($_FILES['upfile']['tmp_name']); + $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove"; // --remove + $out = ''; + $int = -1; + exec($command, $out, $int); + if ($int!==0) { + if (file_exists($safePath)) unlink($safePath); + throw new RuntimeException('Szerintünk ez vírusos!!!'); + } + } + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); + return false; } return true; |