We probably need something like

All the file information + you can use expression manager (this is always)

Return value could be a simple true (no virus) or false (there are issues) to prevent files from being uploaded if a plugin code determines that there are issues.

Maybe allow updating all files information: then if filename (or directory) is false : delete ?

@DenisChenu, sounds good. I will later review the pull request to double check.

@ tibor.pacalat : I'll take this one free of charge

Hi,
I'm the developer from Marcel's side.
It would be good to delete the file from server side if a "false" was return.
Additionally it would be helpful to be able to return a string as a message for the user which informs why the file wasn't accepted.

I think to add an event here : https://github.com/LimeSurvey/LimeSurvey/blob/a694c1397c36a3351216e756b08d67027d6ebc54/application/controllers/UploaderController.php#L240

Where you can return the array : success and message

Seems there are an issue : we don't delete $_FILES['uploadfile']['tmp_name'] in case of invalid extension ?
Maybe a report to do.

I agree with DenisChenu
Another point: The name beforeFileUpload is misleading. It should be "afterFileUpload". With the suggested name it appears that the file isn't uploaded yet when the event was emitted.

I like to separate too : here it public file upload, related to survey. Not happen for admin file upload.

beforeMovePublicFileUploaded ?

It's not really after : it's after file upload , but before moving from tmp to upload/survey

ok. That's of course fine by me.

I think it should be returned an array or an object which implements an interface. Otherwise the return value of the implementation would change depending on the virus check.

https://github.com/LimeSurvey/LimeSurvey/pull/3991

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=36615

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=36614