From 108cd360416fab309c0d91e26187c5d51dc1f8d7 Mon Sep 17 00:00:00 2001
From: M.Gergo
Date: Thu, 26 Mar 2020 17:25:03 +0100
Subject: Rev: 4639

---
 mayor-orig/mayor-base/log/mayor-base.rev               |  2 +-
 mayor-orig/mayor-base/www/include/share/net/upload.php | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'mayor-orig/mayor-base')

diff --git a/mayor-orig/mayor-base/log/mayor-base.rev b/mayor-orig/mayor-base/log/mayor-base.rev
index 7ea43f6c..d464190f 100644
--- a/mayor-orig/mayor-base/log/mayor-base.rev
+++ b/mayor-orig/mayor-base/log/mayor-base.rev
@@ -1 +1 @@
-4638
+4639
diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php
index d58708ed..4aea8b8a 100644
--- a/mayor-orig/mayor-base/www/include/share/net/upload.php
+++ b/mayor-orig/mayor-base/www/include/share/net/upload.php
@@ -49,12 +49,27 @@ try {
     // You should name it uniquely.
     // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
     // On this example, obtain safe unique name from its binary data.
+
+    // define('CLAMAV_ENABLED',true);
+    if (CLAMAV_ENABLED === true) {
+	$safePath = escapeshellarg($_FILES['upfile']['tmp_name']);
+	$command = "clamdscan --quiet --stdout --fdpass ".$safePath." --remove  --log='/var/mayor/log/clamdscan.log'"; // --remove
+	$out = '';
+	$int = -1;
+	exec($command, $out, $int);
+	if ($int!==0) {
+	    if (file_exists($safePath)) unlink($safePath);
+    	    throw new RuntimeException('Szerintünk ez vírusos!!!');    
+	}
+    }
+
     if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) {
         throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?');
     }
 
     } catch (RuntimeException $e) {
 	$_SESSION['alert'][] = 'info::'.$e->getMessage();
+	return false;
     }
     return true;
 
-- 
cgit v1.2.3