Check downloaded file for size and viruses

Question

Check downloaded file for size and viruses

I want users to upload a profile image from the front-end on my WordPress blog. I found the "local avatar" plugin that can help me with the same thing (I have not tried this yet).

But I'm afraid what might happen if the user uploads a large file or a virus infected file. How can I do the following in WordPress (or PHP):

Checking the file size before saving it to the server. (Checking file size while downloading)
Scan File Content

+4

php file-upload wordpress virus-scanning

Amit gupta Apr 17 '11 at 2:54

source share

1 answer

mario · Accepted Answer · 2011-04-17T02:58:54+0000

Checking the file size before saving it to the server. (Checking file size while downloading)

The maximum file size is checked by PHP when it decodes a POST request. It is installed in php.ini using upload_max_filesize . This is usually around 10 MB or so.

But you can easily set the maximum file size of your application with a simple test:

 if ($_FILES["image"]["size"] >= 500000) {

Then follow the appropriate steps and print an error message. 500K should be more than enough for image images and avatars.

Scan File Content

Then you will need to install an anti-virus scanner on the server. There are various options. Since this is open source, many Unix / Linux servers may have clamav . It can be used as PHP:

 exec("clamscan '$filename'", $output, $result); if ($result === 0) { // everything ok }

The output state of $result will be 1 for the virus or 2 for other errors.

Check downloaded file for size and viruses

More articles: