diff options
Diffstat (limited to 'mayor-orig/mayor-base/www/include/share')
-rw-r--r-- | mayor-orig/mayor-base/www/include/share/net/upload.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index d58708ed..4aea8b8a 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -49,12 +49,27 @@ try { // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. + + // define('CLAMAV_ENABLED',true); + if (CLAMAV_ENABLED === true) { + $safePath = escapeshellarg($_FILES['upfile']['tmp_name']); + $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove --log='/var/mayor/log/clamdscan.log'"; // --remove + $out = ''; + $int = -1; + exec($command, $out, $int); + if ($int!==0) { + if (file_exists($safePath)) unlink($safePath); + throw new RuntimeException('Szerintünk ez vírusos!!!'); + } + } + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); + return false; } return true; |