projects / moodle.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Conversion of double quoted strings to single quoted literals
[moodle.git] / lib / uploadlib.php
CommitLineData
18b8fbfa 1<?php
2error_reporting(E_ALL ^ E_NOTICE);
3/**
4 * This class handles all aspects of fileuploading
5 */
6class upload_manager {
7
8 var $files; // array to hold local copies of stuff in $_FILES
9 var $config; // holds all configuration stuff.
10 var $status; // keep track of if we're ok (errors for each file are kept in $files['whatever']['uploadlog']
11 var $course; // the course this file has been uploaded for (for logging and virus notifications)
12 var $inputname; // if we're only getting one file.
81d425b4 13 var $notify; // if we're given silent=true in the constructor, this gets built up to hold info about the process.
18b8fbfa 14
15 /**
16 * Constructor, sets up configuration stuff so we know how to act.
17 * Note: destination not taken as parameter as some modules want to use the insertid in the path and we need to check the other stuff first.
18 * @param $inputname - if this is given the upload manager will only process the file in $_FILES with this name.
19 * @param $deleteothers - whether to delete other files in the destination directory (optional,defaults to false)
20 * @param $handlecollisions - whether to use handle_filename_collision() or not. (optional, defaults to false)
21 * @param $course - the course the files are being uploaded for (for logging and virus notifications)
22 * @param $recoverifmultiple - if we come across a virus, or if a file doesn't validate or whatever, do we continue? optional, defaults to true.
81d425b4 23 * @param $modbytes - max bytes for this module - this and $course->maxbytes are used to get the maxbytes from get_max_upload_file_size().
24 * @param $silent - whether to notify errors or not.
96038147 25 * @param $allownull - whether we care if there's no file when we've set the input name.
18b8fbfa 26 */
96038147 27 function upload_manager($inputname='',$deleteothers=false,$handlecollisions=false,$course=null,$recoverifmultiple=false,$modbytes=0,$silent=false,$allownull=false) {
18b8fbfa 28
29 global $CFG;
30
31 $this->config->deleteothers = $deleteothers;
32 $this->config->handlecollisions = $handlecollisions;
33 $this->config->recoverifmultiple = $recoverifmultiple;
34 $this->config->maxbytes = get_max_upload_file_size($CFG->maxbytes,$course->maxbytes,$modbytes);
81d425b4 35 $this->config->silent = $silent;
96038147 36 $this->config->allownull = $allownull;
18b8fbfa 37 $this->files = array();
38 $this->status = false;
39 $this->course = $course;
40 $this->inputname = $inputname;
96038147 41 if (empty($this->inputname)) {
42 $this->config->allownull = true;
43 }
18b8fbfa 44 }
45
46 /**
47 * Gets all entries out of $_FILES and stores them locally in $files
48 * Checks each one against get_max_upload_file_size and calls cleanfilename and scans them for viruses etc.
49 */
50 function preprocess_files() {
51 global $CFG;
52 foreach ($_FILES as $name => $file) {
53 $this->status = true; // only set it to true here so that we can check if this function has been called.
54 if (empty($this->inputname) || $name == $this->inputname) { // if we have input name, only process if it matches.
55 $file['originalname'] = $file['name']; // do this first for the log.
56 $this->files[$name] = $file; // put it in first so we can get uploadlog out in print_upload_log.
96038147 57 $this->status = $this->validate_file($this->files[$name]); // default to only allowing empty on multiple uploads.
58 if (!$this->status && ($this->files[$name]['error'] == 0 || $this->files[$name]['error'] == 4) && $this->config->allownull) {
18b8fbfa 59 // this shouldn't cause everything to stop.. modules should be responsible for knowing which if any are compulsory.
60 continue;
61 }
62 if ($this->status && $CFG->runclamonupload) {
63 $this->status = clam_scan_file($this->files[$name],$this->course);
64 }
65 if (!$this->status) {
66 if (!$this->config->recoverifmultiple && count($this->files) > 1) {
67 $a->name = $this->files[$name]['originalname'];
68 $a->problem = $this->files[$name]['uploadlog'];
81d425b4 69 if (!$this->config->silent) {
70 notify(get_string('uploadfailednotrecovering','moodle',$a));
71 }
72 else {
73 $this->notify .= "<br />".get_string('uploadfailednotrecovering','moodle',$a);
74 }
18b8fbfa 75 $this->status = false;
76 return false;
77 }
78 else if (count($this->files) == 1) {
81d425b4 79 if (!$this->config->silent) {
80 notify($this->files[$name]['uploadlog']);
81 }
82 else {
83 $this->notify .= "<br />".$this->files[$name]['uploadlog'];
84 }
18b8fbfa 85 $this->status = false;
86 return false;
87 }
88 }
89 else {
90 $newname = clean_filename($this->files[$name]['name']);
91 if ($newname != $this->files[$name]['name']) {
92 $a->oldname = $this->files[$name]['name'];
93 $a->newname = $newname;
94 $this->files[$name]['uploadlog'] .= get_string('uploadrenamedchars','moodle',$a);
95 }
96 $this->files[$name]['name'] = $newname;
97 $this->files[$name]['clear'] = true; // ok to save.
98 }
99 }
100 }
46c5446e 101 if (!is_array($_FILES) || count($_FILES) == 0) {
96038147 102 return $this->config->allownull;
46c5446e 103 }
18b8fbfa 104 $this->status = true;
105 return true; // if we've got this far it means that we're recovering so we want status to be ok.
106 }
107
108 /**
109 * Validates a single file entry from _FILES
110 * @param $file - the entry from _FILES to validate
111 * @param $allowempty - this is to allow module owners to control which files are compulsory if this function is being called straight from the module.
112 * @return true if ok.
113 */
96038147 114 function validate_file(&$file) {
18b8fbfa 115 if (empty($file)) {
96038147 116 return false;
18b8fbfa 117 }
118 if (!is_uploaded_file($file['tmp_name']) || $file['size'] == 0) {
119 $file['uploadlog'] .= "\n".$this->get_file_upload_error($file);
18b8fbfa 120 return false;
121 }
122 if ($file['size'] > $this->config->maxbytes) {
123 $file['uploadlog'] .= "\n".get_string("uploadedfiletoobig", "moodle", $this->config->maxbytes);
124 return false;
125 }
126 return true;
127 }
128
129 /**
130 * Moves all the files to the destination directory.
131 * @param $destination - the destination directory.
132 * @return status;
133 */
134 function save_files($destination) {
135 global $CFG,$USER;
136
137 if (!$this->status) { // preprocess_files hasn't been run
138 $this->preprocess_files();
139 }
140 if ($this->status) {
141 if (!(strpos($destination,$CFG->dataroot) === false)) {
142 // take it out for giving to make_upload_directory
143 $destination = substr($destination,strlen($CFG->dataroot)+1);
144 }
145
146 if ($destination{strlen($destination)-1} == "/") { // strip off a trailing / if we have one
147 $destination = substr($destination,0,-1);
148 }
149
150 if (!make_upload_directory($destination,true)) { //TODO maybe put this function here instead of moodlelib.php now.
151 $this->status = false;
152 return false;
153 }
154
155 $destination = $CFG->dataroot.'/'.$destination; // now add it back in so we have a full path
156
157 $exceptions = array(); //need this later if we're deleting other files.
158
159 foreach (array_keys($this->files) as $i) {
160
161 if (!$this->files[$i]['clear']) {
162 // not ok to save
163 continue;
164 }
165
166 if ($this->config->handlecollisions) {
167 $this->handle_filename_collision($destination,$this->files[$i]);
168 }
169 if (move_uploaded_file($this->files[$i]['tmp_name'], $destination.'/'.$this->files[$i]['name'])) {
170 chmod($destination.'/'.$this->files[$i]['name'], $CFG->directorypermissions);
171 $this->files[$i]['fullpath'] = $destination.'/'.$this->files[$i]['name'];
172 $this->files[$i]['uploadlog'] .= "\n".get_string('uploadedfile');
173 $this->files[$i]['saved'] = true;
174 $exceptions[] = $this->files[$i]['name'];
175 // now add it to the log (this is important so we know who to notify if a virus is found later on)
176 clam_log_upload($this->files[$i]['fullpath'],$this->course);
177 $savedsomething=true;
178 }
179 }
180 if ($savedsomething && $this->config->deleteothers) {
181 $this->delete_other_files($destination,$exceptions);
182 }
183 }
184 if (!$savedsomething) {
185 $this->status = false;
186 return false;
187 }
188 return $this->status;
189 }
190
191 /**
192 * Wrapper function that calls preprocess_files and viruscheck_files and then save_files
193 * Modules that require the insert id in the filepath should not use this and call these functions seperately in the required order.
194 * @parameter $destination - where to save the uploaded files to.
195 */
196 function process_file_uploads($destination) {
197 if ($this->preprocess_files()) {
198 return $this->save_files($destination);
199 }
200 return false;
201 }
202
203 /**
204 * Deletes all the files in a given directory except for the files in $exceptions (full paths)
205 * @param $destination - the directory to clean up.
206 * @param $exceptions - array of full paths of files to KEEP.
207 */
208 function delete_other_files($destination,$exceptions=null) {
209 if ($filestodel = get_directory_list($destination)) {
210 foreach ($filestodel as $file) {
211 if (!is_array($exceptions) || !in_array($file,$exceptions)) {
212 unlink("$destination/$file");
213 $deletedsomething = true;
214 }
215 }
216 }
217 if ($deletedsomething) {
81d425b4 218 if (!$this->config->silent) {
219 notify(get_string('uploadoldfilesdeleted'));
220 }
221 else {
222 $this->notify .= "<br />".get_string('uploadoldfilesdeleted');
223 }
18b8fbfa 224 }
225 }
226
227 /**
228 * Handles filename collisions - if the desired filename exists it will rename it according to the pattern in $format
229 * @param $destination - destination directory (to check existing files against)
230 * @param $file - the current file from $files we're processing.
231 * @param $format - the printf style format to rename the file to (defaults to filename_number.extn)
232 * @return new filename.
233 */
234 function handle_filename_collision($destination,&$file,$format='%s_%d.%s') {
235 $bits = explode('.',$file['name']);
236 // check for collisions and append a nice numberydoo.
237 if (file_exists($destination.'/'.$file['name'])) {
238 $a->oldname = $file['name'];
239 for ($i = 1; true; $i++) {
240 $try = sprintf($format,$bits[0],$i,$bits[1]);
241 if ($this->check_before_renaming($destination,$try,$file)) {
242 $file['name'] = $try;
243 break;
244 }
245 }
246 $a->newname = $file['name'];
247 $file['uploadlog'] .= "\n".get_string('uploadrenamedcollision','moodle',$a);
248 }
249 }
250
251 /**
252 * This function checks a potential filename against what's on the filesystem already and what's been saved already.
253 */
254 function check_before_renaming($destination,$nametocheck,$file) {
255 if (!file_exists($destination.'/'.$nametocheck)) {
256 return true;
257 }
258 if ($this->config->deleteothers) {
259 foreach ($this->files as $tocheck) {
260 // if we're deleting files anyway, it's not THIS file and we care about it and it has the same name and has already been saved..
261 if ($file['tmp_name'] != $tocheck['tmp_name'] && $tocheck['clear'] && $nametocheck == $tocheck['name'] && $tocheck['saved']) {
262 $collision = true;
263 }
264 }
265 if (!$collision) {
266 return true;
267 }
268 }
269 return false;
270 }
271
272
273 function get_file_upload_error(&$file) {
274
275 switch ($file['error']) {
276 case 0: // UPLOAD_ERR_OK
277 if ($file['size'] > 0) {
278 $errmessage = get_string('uploadproblem', $file['name']);
279 } else {
280 $errmessage = get_string('uploadnofilefound'); /// probably a dud file name
281 }
282 break;
283
284 case 1: // UPLOAD_ERR_INI_SIZE
285 $errmessage = get_string('uploadserverlimit');
286 break;
287
288 case 2: // UPLOAD_ERR_FORM_SIZE
289 $errmessage = get_string('uploadformlimit');
290 break;
291
292 case 3: // UPLOAD_ERR_PARTIAL
293 $errmessage = get_string('uploadpartialfile');
294 break;
295
296 case 4: // UPLOAD_ERR_NO_FILE
297 $errmessage = get_string('uploadnofilefound');
298 break;
299
300 default:
301 $errmessage = get_string('uploadproblem', $file['name']);
302 }
303 return $errmessage;
304 }
305
306 /**
307 * prints a log of everything that happened (of interest) to each file in _FILES
308 * @param $return - optional, defaults to false (log is echoed)
309 */
310 function print_upload_log($return=false) {
311 foreach (array_keys($this->files) as $i => $key) {
312 $str .= '<b>'.get_string('uploadfilelog','moodle',$i+1).' '
313 .((!empty($this->files[$key]['originalname'])) ? '('.$this->files[$key]['originalname'].')' : '')
314 .'</b> :'.nl2br($this->files[$key]['uploadlog']).'<br />';
315 }
316 if ($return) {
317 return $str;
318 }
319 echo $str;
320 }
321
322 /**
323 * If we're only handling one file (if inputname was given in the constructor) this will return the (possibly changed) filename of the file.
324 */
325 function get_new_filename() {
326 if (!empty($this->inputname) && count($this->files) == 1) {
327 return $this->files[$this->inputname]['name'];
328 }
329 return false;
330 }
331
81d425b4 332 /**
333 * If we're only handling one file (if input name was given in the constructor) this will return the full path to the saved file.
334 */
335 function get_new_filepath() {
336 if (!empty($this->inputname) && count($this->files) == 1) {
337 return $this->files[$this->inputname]['fullpath'];
338 }
339 return false;
340 }
341
18b8fbfa 342 /**
343 * If we're only handling one file (if inputname was given in the constructor) this will return the ORIGINAL filename of the file.
344 */
345 function get_original_filename() {
346 if (!empty($this->inputname) && count($this->files) == 1) {
347 return $this->files[$this->inputname]['originalname'];
348 }
349 return false;
350 }
96038147 351
352 /**
353 * This function returns any errors wrapped up in red
354 */
355 function get_errors() {
356 return '<p style="color:red;">'.$this->notify.'</p>';
357 }
18b8fbfa 358}
359
360/**************************************************************************************
361THESE FUNCTIONS ARE OUTSIDE THE CLASS BECAUSE THEY NEED TO BE CALLED FROM OTHER PLACES.
362FOR EXAMPLE CLAM_HANDLE_INFECTED_FILE AND CLAM_REPLACE_INFECTED_FILE USED FROM CRON
363UPLOAD_PRINT_FORM_FRAGMENT DOESN'T REALLY BELONG IN THE CLASS BUT CERTAINLY IN THIS FILE
364***************************************************************************************/
365
366
367/**
368 * This function prints out a number of upload form elements
369 * @param $numfiles - the number of elements required (optional, defaults to 1)
370 * @param $names - array of element names to use (optional, defaults to FILE_n)
371 * @param $descriptions - array of strings to be printed out before each file bit.
372 * @param $uselabels - whether to output text fields for file descriptions or not (optional, defaults to false)
373 * @param $labelnames - array of element names to use for labels (optional, defaults to LABEL_n)
374 * @param $coursebytes
375 * @param $modbytes - these last two are used to calculate upload max size ( using get_max_upload_file_size)
376 * @param $return - whether to return the string (defaults to false - string is echoed)
377 */
378function upload_print_form_fragment($numfiles=1,$names=null,$descriptions=null,$uselabels=false,$labelnames=null,$coursebytes=0,$modbytes=0,$return=false) {
379 global $CFG;
380 $maxbytes = get_max_upload_file_size($CFG->maxbytes,$coursebytes,$modbytes);
381 $str = '<input type="hidden" name="MAX_FILE_SIZE" value="'.$maxbytes.'" />'."\n";
382 for ($i = 0; $i < $numfiles; $i++) {
383 if (is_array($descriptions) && !empty($descriptions[$i])) {
384 $str .= '<b>'.$descriptions[$i].'</b><br />';
385 }
09e8a2f8 386 $name = ((is_array($names) && !empty($names[$i])) ? $names[$i] : 'FILE_'.$i);
387 $str .= '<input type="file" size="50" name="'.$name.'" alt="'.$name.'" /><br />'."\n";
18b8fbfa 388 if ($uselabels) {
09e8a2f8 389 $lname = ((is_array($labelnames) && !empty($labelnames[$i])) ? $labelnames[$i] : 'LABEL_'.$i);
390 $str .= get_string('uploadlabel').' <input type="text" size="50" name="'.$lname.'" alt="'.$lname
18b8fbfa 391 .'" /><br /><br />'."\n";
392 }
393 }
394 if ($return) {
395 return $str;
396 }
397 else {
398 echo $str;
399 }
400}
401
402
403/**
404 * Deals with an infected file - either moves it to a quarantinedir
405 * (specified in CFG->quarantinedir) or deletes it.
406 * If moving it fails, it deletes it.
407 * @param file full path to the file
408 * @param userid - if not used, defaults to $USER->id (there in case called from cron)
409 * @param basiconly - admin level reporting or user level reporting.
410 * @return a string of what it did.
411 */
412function clam_handle_infected_file($file,$userid=0,$basiconly=false) {
413
414 global $CFG,$USER;
415 if ($USER && !$userid) {
416 $userid = $USER->id;
417 }
418 $delete = true;
419 if (file_exists($CFG->quarantinedir) && is_dir($CFG->quarantinedir) && is_writable($CFG->quarantinedir)) {
420 $now = date('YmdHis');
421 if (rename($file,$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected')) {
422 $delete = false;
7604c7db 423 clam_log_infected($file,$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected',$userid);
18b8fbfa 424 if ($basiconly) {
425 $notice .= "\n".get_string('clammovedfilebasic');
426 }
427 else {
428 $notice .= "\n".get_string('clammovedfile','moodle',$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected');
429 }
430 }
431 else {
432 if ($basiconly) {
433 $notice .= "\n".get_string('clamdeletedfile');
434 }
435 else {
436 $notice .= "\n".get_string('clamquarantinedirfailed','moodle',$CFG->quarantinedir);
437 }
438 }
439 }
440 else {
441 if ($basiconly) {
442 $notice .= "\n".get_string('clamdeletedfile');
443 }
444 else {
445 $notice .= "\n".get_string('clamquarantinedirfailed','moodle',$CFG->quarantinedir);
446 }
447 }
448 if ($delete) {
449 if (unlink($file)) {
7604c7db 450 clam_log_infected($file,'',$userid);
18b8fbfa 451 $notice .= "\n".get_string('clamdeletedfile');
452 }
453 else {
454 if ($basiconly) {
455 // still tell the user the file has been deleted. this is only for admins.
456 $notice .= "\n".get_string('clamdeletedfile');
457 }
458 else {
459 $notice .= "\n".get_string('clamdeletedfilefailed');
460 }
461 }
462 }
463 return $notice;
464}
465
466/**
467 * Replaces the given file with a string to notify that the original file had a virus.
468 * This is to avoid missing files but could result in the wrong content-type.
469 * @param file - full path to the file.
470 */
471function clam_replace_infected_file($file) {
472 $newcontents = get_string('virusplaceholder');
473 if (!$f = fopen($file,'w')) {
474 return false;
475 }
476 if (!fwrite($f,$newcontents)) {
477 return false;
478 }
479 return true;
480}
481
482
483/**
484 * If $CFG->runclamonupload is set, we scan a given file. (called from preprocess_files)
485 * This function will add on a uploadlog index in $file.
486 * @param $file - the file to scan from $files. or an absolute path to a file.
487 * @return 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
488 */
489function clam_scan_file(&$file,$course) {
490 global $CFG,$USER;
491
492 if (is_array($file) && is_uploaded_file($file['tmp_name'])) { // it's from $_FILES
493 $appendlog = true;
494 $fullpath = $file['tmp_name'];
495 }
496 else if (file_exists($file)) { // it's a path to somewhere on the filesystem!
497 $fullpath = $file;
498 }
499 else {
500 return false; // erm, what is this supposed to be then, huh?
501 }
502
96038147 503 $CFG->pathtoclam = trim($CFG->pathtoclam);
504
18b8fbfa 505 if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
506 $newreturn = 1;
507 $notice = get_string('clamlost','moodle',$CFG->pathtoclam);
508 if ($CFG->clamfailureonupload == 'actlikevirus') {
509 $notice .= "\n".get_string('clamlostandactinglikevirus');
510 $notice .= "\n".clam_handle_infected_file($fullpath);
511 $newreturn = false;
512 }
513 clam_mail_admins($notice);
96038147 514 if ($appendlog) {
515 $file['uploadlog'] .= "\n".get_string('clambroken');
516 $file['clam'] = 1;
517 }
18b8fbfa 518 return $newreturn; // return 1 if we're allowing clam failures
519 }
520
521 $cmd = $CFG->pathtoclam.' '.$fullpath." 2>&1";
522
523 // before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
524 chmod($fullpath,0644);
525
526 exec($cmd,$output,$return);
527
528
529 switch ($return) {
530 case 0: // glee! we're ok.
531 return 1; // translate clam return code into reasonable return code consistent with everything else.
532 case 1: // bad wicked evil, we have a virus.
533 if (!empty($course)) {
534 $info->course = $course->fullname;
535 }
536 else {
537 $info->course = 'No course';
538 }
539 $info->user = $USER->firstname.' '.$USER->lastname;
540 $notice = get_string('virusfound','moodle',$info);
541 $notice .= "\n\n".implode("\n",$output);
542 $notice .= "\n\n".clam_handle_infected_file($fullpath);
543 clam_mail_admins($notice);
544 if ($appendlog) {
545 $info->filename = $file['originalname'];
546 $file['uploadlog'] .= "\n".get_string('virusfounduser','moodle',$info);
547 $file['virus'] = 1;
548 }
549 return false; // in this case, 0 means bad.
550 default:
551 // error - clam failed to run or something went wrong
552 $notice .= get_string('clamfailed','moodle',get_clam_error_code($return));
553 $notice .= "\n\n".implode("\n",$output);
554 $newreturn = true;
555 if ($CFG->clamfailureonupload == 'actlikevirus') {
556 $notice .= "\n".clam_handle_infected_file($fullpath);
557 $newreturn = false;
558 }
559 clam_mail_admins($notice);
560 if ($appendlog) {
561 $file['uploadlog'] .= "\n".get_string('clambroken');
562 $file['clam'] = 1;
563 }
564 return $newreturn; // return 1 if we're allowing failures.
565 }
566}
567
568/**
569 * emails admins about a clam outcome
570 * @param notice - the body of the email.
571 */
572function clam_mail_admins($notice) {
573
574 $site = get_site();
575
576 $subject = get_string('clamemailsubject','moodle',$site->fullname);
577 $admins = get_admins();
578 foreach ($admins as $admin) {
579 email_to_user($admin,get_admin(),$subject,$notice);
580 }
581}
582
583
584function get_clam_error_code($returncode) {
585 $returncodes = array();
586 $returncodes[0] = 'No virus found.';
587 $returncodes[1] = 'Virus(es) found.';
588 $returncodes[2] = ' An error occured'; // specific to clamdscan
589 // all after here are specific to clamscan
590 $returncodes[40] = 'Unknown option passed.';
591 $returncodes[50] = 'Database initialization error.';
592 $returncodes[52] = 'Not supported file type.';
593 $returncodes[53] = 'Can\'t open directory.';
594 $returncodes[54] = 'Can\'t open file. (ofm)';
595 $returncodes[55] = 'Error reading file. (ofm)';
596 $returncodes[56] = 'Can\'t stat input file / directory.';
597 $returncodes[57] = 'Can\'t get absolute path name of current working directory.';
598 $returncodes[58] = 'I/O error, please check your filesystem.';
599 $returncodes[59] = 'Can\'t get information about current user from /etc/passwd.';
600 $returncodes[60] = 'Can\'t get information about user \'clamav\' (default name) from /etc/passwd.';
601 $returncodes[61] = 'Can\'t fork.';
602 $returncodes[63] = 'Can\'t create temporary files/directories (check permissions).';
603 $returncodes[64] = 'Can\'t write to temporary directory (please specify another one).';
604 $returncodes[70] = 'Can\'t allocate and clear memory (calloc).';
605 $returncodes[71] = 'Can\'t allocate memory (malloc).';
606 if ($returncodes[$returncode])
607 return $returncodes[$returncode];
608 return get_string('clamunknownerror');
609
610}
611
612/**
613 * adds a file upload to the log table so that clam can resolve the filename to the user later if necessary
614 */
8930f900 615function clam_log_upload($newfilepath,$course=null,$nourl=false) {
18b8fbfa 616 global $CFG,$USER;
617 // get rid of any double // that might have appeared
618 $newfilepath = preg_replace('/\/\//','/',$newfilepath);
619 if (strpos($newfilepath,$CFG->dataroot) === false) {
620 $newfilepath = $CFG->dataroot.'/'.$newfilepath;
621 }
18b8fbfa 622 $courseid = 0;
623 if ($course) {
624 $courseid = $course->id;
625 }
8930f900 626 add_to_log($courseid,"upload","upload",((!$nourl) ? substr($_SERVER['HTTP_REFERER'],0,100) : ''),$newfilepath);
18b8fbfa 627}
628
7604c7db 629/**
630 * This function logs to error_log and to the log table that an infected file has been found and what's happened to it.
631 * @param $oldfilepath - full path to the infected file before it was moved.
632 * @param $newfilepath - full path to the infected file since it was moved to the quarantine directory (if the file was deleted, leave empty).
633 * @param $userid - id of user who uploaded the file.
634 */
635function clam_log_infected($oldfilepath='',$newfilepath='',$userid=0) {
636
c80b7585 637 add_to_log(0,"upload","infected",$_SERVER['HTTP_REFERER'],$oldfilepath,0,$userid);
7604c7db 638
639 $user = get_record('user','id',$userid);
640
641 $errorstr = 'Clam AV has found a file that is infected with a virus. It was uploaded by '
642 . ((empty($user) ? ' an unknown user ' : $user->firstname. ' '.$user->lastname))
643 . ((empty($oldfilepath)) ? '. The infected file was caught on upload ('.$oldfilepath.')'
644 : '. The original file path of the infected file was '.$oldfilepath)
645 . ((empty($newfilepath)) ? '. The file has been deleted ' : '. The file has been moved to a quarantine directory and the new path is '.$newfilepath);
646
647 error_log($errorstr);
648}
649
650
18b8fbfa 651/**
652 * some of the modules allow moving attachments (glossary), in which case we need to hunt down an original log and change the path.
8930f900 653 * @param oldpath - the old path to the file (should be in the log)
654 * @param newpath - new path
655 * @param update - if true, will overwrite old record (used for forum moving etc).
18b8fbfa 656 */
8930f900 657function clam_change_log($oldpath,$newpath,$update=true) {
18b8fbfa 658 global $CFG;
8930f900 659
660 if (!$record = get_record("log","info",$oldpath,"module","upload")) {
661 error_log("couldn't find record");
662 return false;
663 }
664 $record->info = $newpath;
665 if ($update) {
666 if (update_record("log",$record)) {
667 error_log("updated record");
668 }
669 }
670 else {
671 unset($record->id);
672 if (insert_record("log",$record)) {
673 error_log("inserted record");
674 }
675 }
18b8fbfa 676}
09e8a2f8 677?>
Moodle official production repository