diff options
Diffstat (limited to 'mayor-orig/mayor-base')
-rw-r--r-- | mayor-orig/mayor-base/log/mayor-base.rev | 2 | ||||
-rw-r--r-- | mayor-orig/mayor-base/www/include/share/net/upload.php | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/mayor-orig/mayor-base/log/mayor-base.rev b/mayor-orig/mayor-base/log/mayor-base.rev index 7ea43f6c..ff844583 100644 --- a/mayor-orig/mayor-base/log/mayor-base.rev +++ b/mayor-orig/mayor-base/log/mayor-base.rev @@ -1 +1 @@ -4638 +4644 diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index d58708ed..0d50d34e 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -49,12 +49,27 @@ try { // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. + + // define('CLAMAV_ENABLED',true); + if (CLAMAV_ENABLED === true) { + $safePath = escapeshellarg($_FILES['upfile']['tmp_name']); + $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove"; // --remove + $out = ''; + $int = -1; + exec($command, $out, $int); + if ($int!==0) { + if (file_exists($safePath)) unlink($safePath); + throw new RuntimeException('Szerintünk ez vírusos!!!'); + } + } + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); + return false; } return true; |