New: Can use any antivirus
This commit is contained in:
Laurent Destailleur
parent
b11ac5d223
commit
5663860dff
@ -4,6 +4,7 @@ English Dolibarr ChangeLog
|
||||
***** ChangeLog for 2.8 compared to 2.7 *****
|
||||
|
||||
For users:
|
||||
- New: Can use any antivirus on file upload.
|
||||
- New: A customer can also be a prospect.
|
||||
- New: task #9802 : Can link an action to a project.
|
||||
- New: Initial sold can be conciliated.
|
||||
|
||||
@ -88,7 +88,7 @@ if ($_POST['addfile'] || $_POST['addfilehtml'])
|
||||
}
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier d<EFBFBD>passant la limite ?)
|
||||
// Echec transfert (fichier depassant la limite ?)
|
||||
$message = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
|
||||
@ -45,10 +45,8 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
$result=create_exdir($upload_dir); // Create dir if not exists
|
||||
if ($result >= 0)
|
||||
{
|
||||
@dol_delete_file($upload_dir . "/" . $_FILES['userfile']['name'],1);
|
||||
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0);
|
||||
if ($resupload > 0)
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1);
|
||||
if (is_numeric($resupload) && $resupload > 0)
|
||||
{
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
|
||||
//print_r($_FILES);
|
||||
@ -57,8 +55,8 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
// Echec transfert (fichier depassant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded");
|
||||
$mesg.= 'ee';
|
||||
$mesg.'</div>';
|
||||
if (is_array($resupload)) $mesg.= '<br>'.dol_nl2br(join("\n",$resupload));
|
||||
$mesg.= '</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
}
|
||||
@ -169,7 +167,7 @@ print '<td>'.$langs->trans("SessionTimeOut").'</td><td align="right">';
|
||||
print $form->textwithpicto('',$langs->trans("SessionExplanation",ini_get("session.gc_probability"),ini_get("session.gc_divisor")));
|
||||
print '</td>';
|
||||
print '<td nowrap="1">';
|
||||
print '<input class="flat" name="MAIN_SESSION_TIMEOUT" type="text" size="6" value="'.$conf->global->MAIN_SESSION_TIMEOUT.'"> '.$langs->trans("seconds");
|
||||
print '<input class="flat" name="MAIN_SESSION_TIMEOUT" type="text" size="6" value="'.htmlentities($conf->global->MAIN_SESSION_TIMEOUT).'"> '.$langs->trans("seconds");
|
||||
print '</td>';
|
||||
print '<td align="right">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
@ -248,7 +246,7 @@ if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->tr
|
||||
else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.';
|
||||
print '</td>';
|
||||
print '<td nowrap="1">';
|
||||
print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.$conf->global->MAIN_UPLOAD_DOC.'"> '.$langs->trans("Kb");
|
||||
print '<input class="flat" name="MAIN_UPLOAD_DOC" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UPLOAD_DOC).'"> '.$langs->trans("Kb");
|
||||
print '</td>';
|
||||
print '<td align="center">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
@ -263,7 +261,7 @@ print '<td>'.$langs->trans("UMask").'</td><td align="right">';
|
||||
print $form->textwithpicto('',$langs->trans("UMaskExplanation"));
|
||||
print '</td>';
|
||||
print '<td nowrap="1">';
|
||||
print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.$conf->global->MAIN_UMASK.'">';
|
||||
print '<input class="flat" name="MAIN_UMASK" type="text" size="6" value="'.htmlentities($conf->global->MAIN_UMASK).'">';
|
||||
print '</td>';
|
||||
print '<td align="center">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
@ -278,7 +276,7 @@ print '<td colspan="2">'.$langs->trans("AntiVirusCommand").'<br>';
|
||||
print $langs->trans("AntiVirusCommandExample");
|
||||
print '</td>';
|
||||
print '<td align="center" width="100">';
|
||||
print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size=80 value="'.$conf->global->MAIN_ANTIVIRUS_COMMAND.'">';
|
||||
print '<input type="text" name="MAIN_ANTIVIRUS_COMMAND" size=80 value="'.htmlentities($conf->global->MAIN_ANTIVIRUS_COMMAND).'">';
|
||||
print "</td>";
|
||||
print '<td align="right">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
@ -294,7 +292,7 @@ print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
|
||||
print $langs->trans("AntiVirusParamExample");
|
||||
print '</td>';
|
||||
print '<td align="center" width="100">';
|
||||
print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size=80 value="'.$conf->global->MAIN_ANTIVIRUS_PARAM.'">';
|
||||
print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size=80 value="'.htmlentities($conf->global->MAIN_ANTIVIRUS_PARAM).'">';
|
||||
print "</td>";
|
||||
print '<td align="right">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
|
||||
@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit=Note: No limit is set in your PHP configuration
|
||||
MaxSizeForUploadedFiles=Maximum size for uploaded files (0 to disallow any upload)
|
||||
UseCaptchaCode=Use graphical code (CAPTCHA) on login page
|
||||
UseAvToScanUploadedFiles=Use anti-virus to scan uploaded files
|
||||
AntiVirusCommand = Full path to antivirus command
|
||||
AntiVirusCommandExample = Example for ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe<br>Example for ClamAv: /usr/bin/clamscan
|
||||
AntiVirusParam = More parameters on command line
|
||||
AntiVirusParamExample = Example for ClamWin: --database="C:\Program Files (x86)\ClamWin\lib"
|
||||
ComptaSetup=Accounting module setup
|
||||
UserSetup=Users' management setup
|
||||
MenuSetup=Menus' management setup
|
||||
|
||||
@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit = Aucune limite interne à votre serveur PHP
|
||||
MaxSizeForUploadedFiles = Taille maximum des documents uploadés (0 pour interdire l'upload)
|
||||
UseCaptchaCode = Utilisation du code graphique (CAPTCHA) sur la page de login
|
||||
UseAvToScanUploadedFiles = Utilisation d'un anti-virus pour scanner les fichiers uploadés
|
||||
AntiVirusCommand = Chemin complet vers la commande antivirus
|
||||
AntiVirusCommandExample = Exemple pour ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe<br>Exemple pour ClamAv: /usr/bin/clamscan
|
||||
AntiVirusParam = Paramètres supplémentaire sur la ligne de commande
|
||||
AntiVirusParamExample = Exemple pour ClamWin: --database="C:\Program Files (x86)\ClamWin\lib"
|
||||
ComptaSetup = Configuration du module Comptabilité
|
||||
UserSetup = Configuration gestion des utilisateurs
|
||||
MenuSetup = Administration des menus par base de données
|
||||
|
||||
@ -34,6 +34,7 @@
|
||||
class AntiVir
|
||||
{
|
||||
var $error;
|
||||
var $errors;
|
||||
var $output;
|
||||
var $db;
|
||||
|
||||
@ -51,7 +52,7 @@ class AntiVir
|
||||
/**
|
||||
* \brief Scan a file with antivirus
|
||||
* \param file File to scan
|
||||
* \return malware Name of virus found or ''
|
||||
* \return int <0 if KO (-98 if error, -99 if virus), 0 if OK
|
||||
*/
|
||||
function dol_avscan_file($file)
|
||||
{
|
||||
@ -71,27 +72,26 @@ class AntiVir
|
||||
$command=$conf->global->MAIN_ANTIVIRUS_COMMAND;
|
||||
$param=$conf->global->MAIN_ANTIVIRUS_PARAM;
|
||||
|
||||
if (preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) $param=preg_replace('/%file/',trim($file),$param);
|
||||
else $param=trim($file);
|
||||
$param=preg_replace('/%maxreclevel/',$maxreclevel,$param);
|
||||
$param=preg_replace('/%maxfiles/',$maxfiles,$param);
|
||||
$param=preg_replace('/%maxratio/',$maxratiod,$param);
|
||||
$param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param);
|
||||
$param=preg_replace('/%maxfilesize/',$maxfilesize,$param);
|
||||
$param=preg_replace('/%file/',trim($file),$param);
|
||||
|
||||
if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM))
|
||||
$param=$param." ".escapeshellarg(trim($file));
|
||||
|
||||
// Create a clean fullcommand
|
||||
//print $command." ".$param;
|
||||
if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command
|
||||
if (preg_match("/\s/",$param)) $param=escapeshellarg($param); // Use quotes on param
|
||||
//print $command." ".$param;
|
||||
|
||||
$output=array();
|
||||
$return_var=0;
|
||||
// Create a clean fullcommand
|
||||
$fullcommand=$command.' '.$param.' 2>&1';
|
||||
dol_syslog("Run command=".$fullcommand);
|
||||
dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand);
|
||||
exec($fullcommand, $output, $return_var);
|
||||
|
||||
/*
|
||||
/*
|
||||
$handle = fopen($outputfile, 'w');
|
||||
if ($handle)
|
||||
{
|
||||
@ -120,9 +120,23 @@ class AntiVir
|
||||
}
|
||||
*/
|
||||
|
||||
dol_syslog("Result return_var=".$return_var." output=".join(',',$output));
|
||||
dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".join(',',$output));
|
||||
|
||||
return $return;
|
||||
$returncodevirus=1;
|
||||
if ($return_var == $returncodevirus) // Virus found
|
||||
{
|
||||
$this->errors=$output;
|
||||
return -99;
|
||||
}
|
||||
|
||||
if ($return_var > 0) // If other error
|
||||
{
|
||||
$this->errors=$output;
|
||||
return -98;
|
||||
}
|
||||
|
||||
// If return code = 0
|
||||
return 1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1928,11 +1928,12 @@ function dol_print_error_email()
|
||||
|
||||
|
||||
/**
|
||||
* \brief Deplacer les fichiers telecharges, apres quelques controles divers
|
||||
* \brief Move an uploaded file after some controls.
|
||||
* If there is errors (virus found, antivir in error, bad filename), file is not moved.
|
||||
* \param src_file Source filename
|
||||
* \param dest_file Target filename
|
||||
* \param allowoverwrite Overwrite if exists
|
||||
* \return int >0 if OK, <0 if KO (-99 if virus found), Name of virus if virus found
|
||||
* \return int >0 if OK, <0 if KO (an array with virus or errors if virus found or errors)
|
||||
*/
|
||||
function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
{
|
||||
@ -1947,7 +1948,13 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php');
|
||||
$antivir=new AntiVir($db);
|
||||
$result = $antivir->dol_avscan_file($src_file);
|
||||
if ($result < 0) return -99;
|
||||
if ($result < 0) // If virus or error, we stop here
|
||||
{
|
||||
$reterrors=$antivir->errors;
|
||||
dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." KO with antivir", LOG_WARNING);
|
||||
//return $reterrors;
|
||||
return -99;
|
||||
}
|
||||
}
|
||||
|
||||
// Security:
|
||||
@ -1972,7 +1979,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
if (preg_match('/^\./',$dest_file) || preg_match('/\.\./',$dest_file) || preg_match('/[<>|]/',$dest_file))
|
||||
{
|
||||
dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
|
||||
return -1;
|
||||
return -2;
|
||||
}
|
||||
|
||||
// The file functions must be in OS filesystem encoding.
|
||||
@ -1985,7 +1992,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
if (file_exists($file_name_osencoded))
|
||||
{
|
||||
dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING);
|
||||
return -2;
|
||||
return -3;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2000,8 +2007,10 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
else
|
||||
{
|
||||
dol_syslog("Functions.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR);
|
||||
return -3;
|
||||
return -4;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user