MDL-69257 H5P: Check size of uploaded files and virus scan
authorMartin Gauk <gauk@math.tu-berlin.de>
Tue, 29 Sep 2020 09:08:45 +0000 (09:08 +0000)
committerMihail Geshoski <mihail@moodle.com>
Fri, 9 Oct 2020 02:36:01 +0000 (10:36 +0800)
h5p/ajax.php

index 929d518..5c55a5f 100644 (file)
@@ -78,6 +78,17 @@ switch ($action) {
         $token = required_param('token', PARAM_RAW);
         $contentid = required_param('contentId', PARAM_INT);
 
         $token = required_param('token', PARAM_RAW);
         $contentid = required_param('contentId', PARAM_INT);
 
+        // Check size of each uploaded file and scan for viruses.
+        foreach ($_FILES as $uploadedfile) {
+            $filename = clean_param($uploadedfile['name'], PARAM_FILE);
+            $maxsize = get_max_upload_file_size($CFG->maxbytes);
+            if ($uploadedfile['size'] > $maxsize) {
+                H5PCore::ajaxError(get_string('maxbytesfile', 'error', ['file' => $filename, 'size' => display_size($maxsize)]));
+                return;
+            }
+            \core\antivirus\manager::scan_file($uploadedfile['tmp_name'], $filename, true);
+        }
+
         $editor->ajax->action(H5PEditorEndpoints::FILES, $token, $contentid);
         break;
 
         $editor->ajax->action(H5PEditorEndpoints::FILES, $token, $contentid);
         break;