Created
October 13, 2017 18:13
-
-
Save mehh/f8077e531675ae75b8402ff54437419d to your computer and use it in GitHub Desktop.
Scan Gravity Forms uploads with ClamAV - WordPress Raw
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Scan Gravity Forms uploads with ClamAV | |
| * Based on 'Custom Scan AV function by Kris Chase' | |
| * https://krischase.com/detect-and-prevent-malware-in-gravity-forms-file-upload-with-php-clamav/ | |
| * Requires clamav and php-clamav installed and enabled | |
| */ | |
| function myfunc_uploads_clamav( $validation_result ) { | |
| if ( $_FILES ) { | |
| $form = $validation_result['form']; | |
| foreach ( $_FILES as $file_input => $file_data ) { | |
| // Grab the file while it's still in /tmp/ | |
| $fileLocation = $file_data['tmp_name']; | |
| // Scan the file for malware | |
| $retcode = cl_scanfile( $fileLocation, $virus_name ); | |
| // If we have a virus | |
| if ( $retcode === CL_VIRUS ) { | |
| //if ( true == true ) { | |
| // set the form validation to false | |
| $validation_result['is_valid'] = false; | |
| // Mark relevant field as failed validation | |
| foreach( $form['fields'] as &$field ) { | |
| if ( $field->id == str_replace( 'input_', '', $file_input ) ) { | |
| $field->failed_validation = true; | |
| $field->validation_message = 'Error: Malicious File Detected.'; | |
| break; | |
| } | |
| } | |
| // Assign modified $form object back to the validation result | |
| $validation_result['form'] = $form; | |
| return $validation_result; | |
| } | |
| else{ | |
| return $validation_result; | |
| } | |
| } | |
| } | |
| } | |
| add_filter( 'gform_validation', 'myfunc_uploads_clamav' ); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment