From 05dc02f9870cf18dddf1d3e9a62f348456ba7dd0 Mon Sep 17 00:00:00 2001
From: David Herney <davidherney@gmail.com>
Date: Tue, 22 Nov 2022 12:33:12 -0500
Subject: [PATCH] Check max upload file size and use antivirus if apply

---
 classes/file_storage.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/classes/file_storage.php b/classes/file_storage.php
index 1578371..fb20918 100644
--- a/classes/file_storage.php
+++ b/classes/file_storage.php
@@ -380,6 +380,8 @@ class file_storage implements \H5PFileStorage {
      */
     // @codingStandardsIgnoreLine
     public function saveFile($file, $contentid, $contextid = null) {
+        global $CFG;
+
         if ($contentid !== 0) {
             // Grab cm context.
             $cm = \get_coursemodule_from_instance('hvp', $contentid);
@@ -388,6 +390,26 @@ class file_storage implements \H5PFileStorage {
         } else if ($contextid === null) {
             // Check for context id in params.
             $contextid = optional_param('contextId', null, PARAM_INT);
+            $context = \context::instance_by_id($contextid);
+        }
+
+        if (!$context) {
+            \H5PCore::ajaxError(get_string('invalidcontext', 'error'));
+            return;
+        }
+
+        $maxsize = get_max_upload_file_size($CFG->maxbytes);
+        // Check size of each uploaded file and scan for viruses.
+        foreach ($_FILES as $uploadedfile) {
+            $filename = clean_param($uploadedfile['name'], PARAM_FILE);
+
+            if (!has_capability('moodle/course:ignorefilesizelimits', $context)) {
+                if ($uploadedfile['size'] > $maxsize) {
+                    \H5PCore::ajaxError(get_string('maxbytesfile', 'error', ['file' => $filename, 'size' => display_size($maxsize)]));
+                    return;
+                }
+            }
+            \core\antivirus\manager::scan_file($uploadedfile['tmp_name'], $filename, true);
         }
 
         // Files not yet related to any activities are stored in a course context
-- 
GitLab