Created
August 8, 2016 17:21
-
-
Save phlbnks/5d96f76abf6aac8e746dd3e8817a397f to your computer and use it in GitHub Desktop.
Scan Gravity Forms uploads with ClamAV - WordPress
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Scan Gravity Forms uploads with ClamAV | |
| * Based on 'Custom Scan AV function by Kris Chase' | |
| * https://krischase.com/detect-and-prevent-malware-in-gravity-forms-file-upload-with-php-clamav/ | |
| * Requires clamav and php-clamav installed and enabled | |
| */ | |
| function myfunc_uploads_clamav( $validation_result ) { | |
| if ( $_FILES ) { | |
| $form = $validation_result['form']; | |
| foreach ( $_FILES as $file_input => $file_data ) { | |
| // Grab the file while it's still in /tmp/ | |
| $fileLocation = $file_data['tmp_name']; | |
| // Scan the file for malware | |
| $retcode = cl_scanfile( $fileLocation, $virus_name ); | |
| // If we have a virus | |
| if ( $retcode === CL_VIRUS ) { | |
| //if ( true == true ) { | |
| // set the form validation to false | |
| $validation_result['is_valid'] = false; | |
| // Mark relevant field as failed validation | |
| foreach( $form['fields'] as &$field ) { | |
| if ( $field->id == str_replace( 'input_', '', $file_input ) ) { | |
| $field->failed_validation = true; | |
| $field->validation_message = 'Error: Malicious File Detected.'; | |
| break; | |
| } | |
| } | |
| // Assign modified $form object back to the validation result | |
| $validation_result['form'] = $form; | |
| return $validation_result; | |
| } | |
| else{ | |
| return $validation_result; | |
| } | |
| } | |
| } | |
| } | |
| add_filter( 'gform_validation', 'myfunc_uploads_clamav' ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment