Attached the uploadmanager.php which we used for debugging. PHP debuggging without fix 2 files uploaded
In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: array(2) { [0]=> string(14) "/tmp/phpDdqaTc" [1]=> string(14) "/tmp/phpM4aRv1" } $escapeshellarg($fullpath): NULL $escapeshellcmd($fullpath): NULL $cmd: string(24) "/usr/bin/clamdscan 2>&1" $output: array(5) { [0]=> string(28) "/htdocs/artefact/file: OK" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 0" [4]=> string(25) "Time: 0.124 sec (0 m 0 s)" } $return): int(0) In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: array(2) { [0]=> string(14) "/tmp/phpDdqaTc" [1]=> string(14) "/tmp/phpM4aRv1" } $escapeshellarg($fullpath): NULL $escapeshellcmd($fullpath): NULL $cmd: string(24) "/usr/bin/clamdscan 2>&1" $output: array(5) { [0]=> string(28) "/htdocs/artefact/file: OK" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 0" [4]=> string(25) "Time: 0.112 sec (0 m 0 s)" } $return): int(0) PHP debuggging without fix 1 file uploaded In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: array(1) { [0]=> string(14) "/tmp/php3gkh1m" } $escapeshellarg($fullpath): NULL $escapeshellcmd($fullpath): NULL $cmd: string(24) "/usr/bin/clamdscan 2>&1" $output: array(5) { [0]=> string(28) "/htdocs/artefact/file: OK" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 0" [4]=> string(25) "Time: 0.124 sec (0 m 0 s)" } $return: int(0) PHP debuggging with fix 2 files uploaded In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: string(14) "/tmp/phpvnyvSe" $escapeshellarg($fullpath): string(16) "'/tmp/phpvnyvSe'" $escapeshellcmd($fullpath): string(14) "/tmp/phpvnyvSe" $cmd: string(38) "/usr/bin/clamdscan /tmp/phpvnyvSe 2>&1" $output: array(5) { [0]=> string(38) "/tmp/phpvnyvSe: ClamAV-Test-File FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 1" [4]=> string(25) "Time: 0.258 sec (0 m 0 s)" } $return): int(1) In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: string(14) "/tmp/php0nP112" $escapeshellarg($fullpath): string(16) "'/tmp/php0nP112'" $escapeshellcmd($fullpath): string(14) "/tmp/php0nP112" $cmd: string(38) "/usr/bin/clamdscan /tmp/php0nP112 2>&1" $output: array(5) { [0]=> string(38) "/tmp/php0nP112: ClamAV-Test-File FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 1" [4]=> string(25) "Time: 0.237 sec (0 m 0 s)" } $return): int(1) PHP debuggging with fix 1 file uploaded In the Loop isset($inputindex) : $tmpfile: NULL In the Loop is_array($file) && is_uploaded_file($tmpname) $fullpath: string(14) "/tmp/php8pJlgm" $escapeshellarg($fullpath): string(16) "'/tmp/php8pJlgm'" $escapeshellcmd($fullpath): string(14) "/tmp/php8pJlgm" $cmd: string(38) "/usr/bin/clamdscan /tmp/php8pJlgm 2>&1" $output: array(5) { [0]=> string(38) "/tmp/php8pJlgm: ClamAV-Test-File FOUND" [1]=> string(0) "" [2]=> string(36) "----------- SCAN SUMMARY -----------" [3]=> string(17) "Infected files: 1" [4]=> string(25) "Time: 0.257 sec (0 m 0 s)" } $return): int(1) Also haven't investigated the scenario when the logic at line 288 is used: else if (is_array($file)) { $tmpname = $file['tmp_name']; } ** Attachment added: "This is what we used to debug this issue" https://bugs.launchpad.net/mahara/+bug/1055239/+attachment/3459475/+files/uploadmanager.php -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/1055239 Title: ClamAV doesn't support scanning multifile uploads Status in Mahara ePortfolio: Fix Released Bug description: When a user uploads using the new HTML multifile upload support, the file is scanned by clamav. The code for this scanning assumes the single upload still. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1055239/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp