Attached the uploadmanager.php which we used for debugging.
PHP debuggging without fix 2 files uploaded
In the Loop isset($inputindex) :
$tmpfile: NULL
In the Loop is_array($file) && is_uploaded_file($tmpname)
$fullpath: array(2) { [0]=> string(14) "/tmp/phpDdqaTc" [1]=> string(14)
"/tmp/phpM4aRv1" }
$escapeshellarg($fullpath): NULL
$escapeshellcmd($fullpath): NULL
$cmd: string(24) "/usr/bin/clamdscan 2>&1"
$output: array(5) { [0]=> string(28) "/htdocs/artefact/file: OK" [1]=>
string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------"
[3]=> string(17) "Infected files: 0" [4]=> string(25) "Time: 0.124 sec
(0 m 0 s)" }
$return): int(0) In the Loop isset($inputindex) : $tmpfile: NULL In the
Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: array(2) {
[0]=> string(14) "/tmp/phpDdqaTc" [1]=> string(14) "/tmp/phpM4aRv1" }
$escapeshellarg($fullpath): NULL $escapeshellcmd($fullpath): NULL $cmd:
string(24) "/usr/bin/clamdscan 2>&1" $output: array(5) { [0]=>
string(28) "/htdocs/artefact/file: OK" [1]=> string(0) "" [2]=>
string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17)
"Infected files: 0" [4]=> string(25) "Time: 0.112 sec (0 m 0 s)" }
$return): int(0)
PHP debuggging without fix 1 file uploaded
In the Loop isset($inputindex) :
$tmpfile: NULL
In the Loop is_array($file) && is_uploaded_file($tmpname)
$fullpath: array(1) { [0]=> string(14) "/tmp/php3gkh1m" }
$escapeshellarg($fullpath): NULL
$escapeshellcmd($fullpath): NULL
$cmd: string(24) "/usr/bin/clamdscan 2>&1"
$output: array(5) { [0]=> string(28) "/htdocs/artefact/file: OK" [1]=>
string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------"
[3]=> string(17) "Infected files: 0" [4]=> string(25) "Time: 0.124 sec
(0 m 0 s)" }
$return: int(0)
PHP debuggging with fix 2 files uploaded
In the Loop isset($inputindex) :
$tmpfile: NULL
In the Loop is_array($file) && is_uploaded_file($tmpname)
$fullpath: string(14) "/tmp/phpvnyvSe"
$escapeshellarg($fullpath): string(16) "'/tmp/phpvnyvSe'"
$escapeshellcmd($fullpath): string(14) "/tmp/phpvnyvSe"
$cmd: string(38) "/usr/bin/clamdscan /tmp/phpvnyvSe 2>&1"
$output: array(5) { [0]=> string(38) "/tmp/phpvnyvSe: ClamAV-Test-File
FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY
-----------" [3]=> string(17) "Infected files: 1" [4]=> string(25)
"Time: 0.258 sec (0 m 0 s)" }
$return): int(1)
In the Loop isset($inputindex) :
$tmpfile: NULL
In the Loop is_array($file) && is_uploaded_file($tmpname)
$fullpath: string(14) "/tmp/php0nP112"
$escapeshellarg($fullpath): string(16) "'/tmp/php0nP112'"
$escapeshellcmd($fullpath): string(14) "/tmp/php0nP112"
$cmd: string(38) "/usr/bin/clamdscan /tmp/php0nP112 2>&1"
$output: array(5) { [0]=> string(38) "/tmp/php0nP112: ClamAV-Test-File
FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY
-----------" [3]=> string(17) "Infected files: 1" [4]=> string(25)
"Time: 0.237 sec (0 m 0 s)" }
$return): int(1)
PHP debuggging with fix 1 file uploaded
In the Loop isset($inputindex) :
$tmpfile: NULL
In the Loop is_array($file) && is_uploaded_file($tmpname)
$fullpath: string(14) "/tmp/php8pJlgm"
$escapeshellarg($fullpath): string(16) "'/tmp/php8pJlgm'"
$escapeshellcmd($fullpath): string(14) "/tmp/php8pJlgm"
$cmd: string(38) "/usr/bin/clamdscan /tmp/php8pJlgm 2>&1"
$output: array(5) { [0]=> string(38) "/tmp/php8pJlgm: ClamAV-Test-File
FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY
-----------" [3]=> string(17) "Infected files: 1" [4]=> string(25)
"Time: 0.257 sec (0 m 0 s)" }
$return): int(1)
Also haven't investigated the scenario when the logic at line 288 is used:
else if (is_array($file)) {
$tmpname = $file['tmp_name'];
}
** Attachment added: "This is what we used to debug this issue"
https://bugs.launchpad.net/mahara/+bug/1055239/+attachment/3459475/+files/uploadmanager.php
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1055239
Title:
ClamAV doesn't support scanning multifile uploads
Status in Mahara ePortfolio:
Fix Released
Bug description:
When a user uploads using the new HTML multifile upload support, the
file is scanned by clamav. The code for this scanning assumes the
single upload still.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1055239/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
