diff --git a/ChangeLog b/ChangeLog
index bd883f70196..99c8e0aedad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@ English Dolibarr ChangeLog
***** ChangeLog for 2.8 compared to 2.7 *****
For users:
+- New: Can use any antivirus on file upload.
- New: A customer can also be a prospect.
- New: task #9802 : Can link an action to a project.
- New: Initial sold can be conciliated.
diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php
index 18fdb57ecd1..cc48a57ee41 100644
--- a/htdocs/admin/mails.php
+++ b/htdocs/admin/mails.php
@@ -88,7 +88,7 @@ if ($_POST['addfile'] || $_POST['addfilehtml'])
}
else
{
- // Echec transfert (fichier d�passant la limite ?)
+ // Echec transfert (fichier depassant la limite ?)
$message = '
'.$langs->trans("ErrorFileNotUploaded").'
';
// print_r($_FILES);
}
diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php
index d1b36ca5187..0044e050c86 100644
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@@ -45,10 +45,8 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
$result=create_exdir($upload_dir); // Create dir if not exists
if ($result >= 0)
{
- @dol_delete_file($upload_dir . "/" . $_FILES['userfile']['name'],1);
-
- $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0);
- if ($resupload > 0)
+ $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1);
+ if (is_numeric($resupload) && $resupload > 0)
{
$mesg = '
';
print '';
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 16337edcdbd..0101607c3cd 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit=Note: No limit is set in your PHP configuration
MaxSizeForUploadedFiles=Maximum size for uploaded files (0 to disallow any upload)
UseCaptchaCode=Use graphical code (CAPTCHA) on login page
UseAvToScanUploadedFiles=Use anti-virus to scan uploaded files
+AntiVirusCommand = Full path to antivirus command
+AntiVirusCommandExample = Example for ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe Example for ClamAv: /usr/bin/clamscan
+AntiVirusParam = More parameters on command line
+AntiVirusParamExample = Example for ClamWin: --database="C:\Program Files (x86)\ClamWin\lib"
ComptaSetup=Accounting module setup
UserSetup=Users' management setup
MenuSetup=Menus' management setup
diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index a35ee7936e8..ce7b9d2bbcc 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit = Aucune limite interne à votre serveur PHP
MaxSizeForUploadedFiles = Taille maximum des documents uploadés (0 pour interdire l'upload)
UseCaptchaCode = Utilisation du code graphique (CAPTCHA) sur la page de login
UseAvToScanUploadedFiles = Utilisation d'un anti-virus pour scanner les fichiers uploadés
+AntiVirusCommand = Chemin complet vers la commande antivirus
+AntiVirusCommandExample = Exemple pour ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe Exemple pour ClamAv: /usr/bin/clamscan
+AntiVirusParam = Paramètres supplémentaire sur la ligne de commande
+AntiVirusParamExample = Exemple pour ClamWin: --database="C:\Program Files (x86)\ClamWin\lib"
ComptaSetup = Configuration du module Comptabilité
UserSetup = Configuration gestion des utilisateurs
MenuSetup = Administration des menus par base de données
diff --git a/htdocs/lib/antivir.class.php b/htdocs/lib/antivir.class.php
index 259338e05a2..354c5f39886 100644
--- a/htdocs/lib/antivir.class.php
+++ b/htdocs/lib/antivir.class.php
@@ -34,6 +34,7 @@
class AntiVir
{
var $error;
+ var $errors;
var $output;
var $db;
@@ -51,7 +52,7 @@ class AntiVir
/**
* \brief Scan a file with antivirus
* \param file File to scan
- * \return malware Name of virus found or ''
+ * \return int <0 if KO (-98 if error, -99 if virus), 0 if OK
*/
function dol_avscan_file($file)
{
@@ -71,27 +72,26 @@ class AntiVir
$command=$conf->global->MAIN_ANTIVIRUS_COMMAND;
$param=$conf->global->MAIN_ANTIVIRUS_PARAM;
- if (preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) $param=preg_replace('/%file/',trim($file),$param);
- else $param=trim($file);
$param=preg_replace('/%maxreclevel/',$maxreclevel,$param);
$param=preg_replace('/%maxfiles/',$maxfiles,$param);
$param=preg_replace('/%maxratio/',$maxratiod,$param);
$param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param);
$param=preg_replace('/%maxfilesize/',$maxfilesize,$param);
+ $param=preg_replace('/%file/',trim($file),$param);
+
+ if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM))
+ $param=$param." ".escapeshellarg(trim($file));
- // Create a clean fullcommand
- //print $command." ".$param;
if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command
- if (preg_match("/\s/",$param)) $param=escapeshellarg($param); // Use quotes on param
- //print $command." ".$param;
$output=array();
$return_var=0;
+ // Create a clean fullcommand
$fullcommand=$command.' '.$param.' 2>&1';
- dol_syslog("Run command=".$fullcommand);
+ dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand);
exec($fullcommand, $output, $return_var);
-/*
+ /*
$handle = fopen($outputfile, 'w');
if ($handle)
{
@@ -120,9 +120,23 @@ class AntiVir
}
*/
- dol_syslog("Result return_var=".$return_var." output=".join(',',$output));
+ dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".join(',',$output));
- return $return;
+ $returncodevirus=1;
+ if ($return_var == $returncodevirus) // Virus found
+ {
+ $this->errors=$output;
+ return -99;
+ }
+
+ if ($return_var > 0) // If other error
+ {
+ $this->errors=$output;
+ return -98;
+ }
+
+ // If return code = 0
+ return 1;
}
}
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index e5b9cbea435..5792b5cdfde 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1928,11 +1928,12 @@ function dol_print_error_email()
/**
- * \brief Deplacer les fichiers telecharges, apres quelques controles divers
+ * \brief Move an uploaded file after some controls.
+ * If there is errors (virus found, antivir in error, bad filename), file is not moved.
* \param src_file Source filename
* \param dest_file Target filename
* \param allowoverwrite Overwrite if exists
- * \return int >0 if OK, <0 if KO (-99 if virus found), Name of virus if virus found
+ * \return int >0 if OK, <0 if KO (an array with virus or errors if virus found or errors)
*/
function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
{
@@ -1947,7 +1948,13 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php');
$antivir=new AntiVir($db);
$result = $antivir->dol_avscan_file($src_file);
- if ($result < 0) return -99;
+ if ($result < 0) // If virus or error, we stop here
+ {
+ $reterrors=$antivir->errors;
+ dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." KO with antivir", LOG_WARNING);
+ //return $reterrors;
+ return -99;
+ }
}
// Security:
@@ -1972,7 +1979,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
if (preg_match('/^\./',$dest_file) || preg_match('/\.\./',$dest_file) || preg_match('/[<>|]/',$dest_file))
{
dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING);
- return -1;
+ return -2;
}
// The file functions must be in OS filesystem encoding.
@@ -1985,7 +1992,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
if (file_exists($file_name_osencoded))
{
dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING);
- return -2;
+ return -3;
}
}
@@ -2000,8 +2007,10 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
else
{
dol_syslog("Functions.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR);
- return -3;
+ return -4;
}
+
+ return 1;
}