View Issue Details

This bug affects 1 person(s).
 8
IDProjectCategoryView StatusLast Update
19758Feature requestsPluginspublic2024-09-25 10:44
ReporterMazi Assigned ToDenisChenu  
PrioritynoneSeverityfeature 
Status assignedResolutionopen 
Summary19758: New plugin event beforeFileUpload e. g. to connect virus scan or other tools
Description

The goal is to be able to take certain action once a file is uploaded using the file upload question type. This could be having a to be uploaded file checked by a virus scanner before placing it on the server.

We probably need something like

  • SID
  • SAVEDID
  • filename/path
    to be available as parameters.

Return value could be a simple true (no virus) or false (there are issues) to prevent files from being uploaded if a plugin code determines that there are issues.

TagsNo tags attached.
Bug heat8
Story point estimate0
Users affected %20

Users monitoring this issue

DenisChenu

Activities

DenisChenu

DenisChenu

2024-09-23 08:56

developer   ~81077

We probably need something like

All the file information + you can use expression manager (this is always)

Return value could be a simple true (no virus) or false (there are issues) to prevent files from being uploaded if a plugin code determines that there are issues.

Maybe allow updating all files information: then if filename (or directory) is false : delete ?

Mazi

Mazi

2024-09-23 09:04

updater   ~81078

@DenisChenu, sounds good. I will later review the pull request to double check.

DenisChenu

DenisChenu

2024-09-23 09:06

developer   ~81079

@ tibor.pacalat : I'll take this one free of charge

dschirge

dschirge

2024-09-23 09:59

reporter   ~81082

Hi,
I'm the developer from Marcel's side.
It would be good to delete the file from server side if a "false" was return.
Additionally it would be helpful to be able to return a string as a message for the user which informs why the file wasn't accepted.

DenisChenu

DenisChenu

2024-09-23 10:14

developer   ~81083

I think to add an event here : https://github.com/LimeSurvey/LimeSurvey/blob/a694c1397c36a3351216e756b08d67027d6ebc54/application/controllers/UploaderController.php#L240

Where you can return the array : success and message

Seems there are an issue : we don't delete $_FILES['uploadfile']['tmp_name'] in case of invalid extension ?
Maybe a report to do.

dschirge

dschirge

2024-09-23 14:59

reporter   ~81084

I agree with DenisChenu
Another point: The name beforeFileUpload is misleading. It should be "afterFileUpload". With the suggested name it appears that the file isn't uploaded yet when the event was emitted.

DenisChenu

DenisChenu

2024-09-23 15:04

developer   ~81088

I like to separate too : here it public file upload, related to survey. Not happen for admin file upload.

beforeMovePublicFileUploaded ?

It's not really after : it's after file upload , but before moving from tmp to upload/survey

dschirge

dschirge

2024-09-23 15:06

reporter   ~81090

ok. That's of course fine by me.

dschirge

dschirge

2024-09-25 10:44

reporter   ~81114

I think it should be returned an array or an object which implements an interface. Otherwise the return value of the implementation would change depending on the virus check.

Issue History

Date Modified Username Field Change
2024-09-20 15:05 Mazi New Issue
2024-09-23 08:54 DenisChenu Issue Monitored: DenisChenu
2024-09-23 08:54 DenisChenu Bug heat 0 => 2
2024-09-23 08:56 DenisChenu Note Added: 81077
2024-09-23 08:56 DenisChenu Bug heat 2 => 4
2024-09-23 09:04 Mazi Note Added: 81078
2024-09-23 09:04 Mazi Bug heat 4 => 6
2024-09-23 09:04 DenisChenu Assigned To => DenisChenu
2024-09-23 09:04 DenisChenu Status new => assigned
2024-09-23 09:06 DenisChenu Note Added: 81079
2024-09-23 09:59 dschirge Note Added: 81082
2024-09-23 09:59 dschirge Bug heat 6 => 8
2024-09-23 10:14 DenisChenu Note Added: 81083
2024-09-23 14:59 dschirge Note Added: 81084
2024-09-23 15:04 DenisChenu Note Added: 81088
2024-09-23 15:06 dschirge Note Added: 81090
2024-09-25 10:44 dschirge Note Added: 81114