From 108cd360416fab309c0d91e26187c5d51dc1f8d7 Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Thu, 26 Mar 2020 17:25:03 +0100 Subject: Rev: 4639 --- mayor-orig/mayor-base/www/include/share/net/upload.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'mayor-orig/mayor-base/www/include') diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index d58708ed..4aea8b8a 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -49,12 +49,27 @@ try { // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. + + // define('CLAMAV_ENABLED',true); + if (CLAMAV_ENABLED === true) { + $safePath = escapeshellarg($_FILES['upfile']['tmp_name']); + $command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove --log='/var/mayor/log/clamdscan.log'"; // --remove + $out = ''; + $int = -1; + exec($command, $out, $int); + if ($int!==0) { + if (file_exists($safePath)) unlink($safePath); + throw new RuntimeException('Szerintünk ez vírusos!!!'); + } + } + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); + return false; } return true; -- cgit v1.2.3