aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/mayor-base
diff options
context:
space:
mode:
Diffstat (limited to 'mayor-orig/mayor-base')
-rw-r--r--mayor-orig/mayor-base/log/mayor-base.rev2
-rw-r--r--mayor-orig/mayor-base/www/include/share/net/upload.php15
2 files changed, 16 insertions, 1 deletions
diff --git a/mayor-orig/mayor-base/log/mayor-base.rev b/mayor-orig/mayor-base/log/mayor-base.rev
index 7ea43f6c..ff844583 100644
--- a/mayor-orig/mayor-base/log/mayor-base.rev
+++ b/mayor-orig/mayor-base/log/mayor-base.rev
@@ -1 +1 @@
-4638
+4644
diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php
index d58708ed..0d50d34e 100644
--- a/mayor-orig/mayor-base/www/include/share/net/upload.php
+++ b/mayor-orig/mayor-base/www/include/share/net/upload.php
@@ -49,12 +49,27 @@ try {
// You should name it uniquely.
// DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
// On this example, obtain safe unique name from its binary data.
+
+ // define('CLAMAV_ENABLED',true);
+ if (CLAMAV_ENABLED === true) {
+ $safePath = escapeshellarg($_FILES['upfile']['tmp_name']);
+ $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove"; // --remove
+ $out = '';
+ $int = -1;
+ exec($command, $out, $int);
+ if ($int!==0) {
+ if (file_exists($safePath)) unlink($safePath);
+ throw new RuntimeException('Szerintünk ez vírusos!!!');
+ }
+ }
+
if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) {
throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?');
}
} catch (RuntimeException $e) {
$_SESSION['alert'][] = 'info::'.$e->getMessage();
+ return false;
}
return true;