Uploader disappears after custom validation

Hey,

I’ll have to setup clamav to test this out, it will probably take me a few days.

But I can say that the files uploaded through this plugin aren’t accessible using $_FILES because they’ve already been uploaded (hance the ajax).

I would have expected that script to just run as normal, but will see if I can test it out and work out what’s going wrong.

Hi,

Thanks for the quick reply. It turns out this was a bit of a rabbit hole – I wasn’t returning the $validation_result; when no error was found in my validation function… So the plugin definitely works when using custom validation on a form.

However, it still leaves me back at the point of wanting to add a custom validation function into your plugin.
At a quick look the only way I could see would be to modify the plugin to override the UploadHandler’s validate() within your ITSG_AjaxUpload_UploadHandler. Obviously modifying your plugin isn’t a great idea as it would break on update… Is there an official / better way?

Thanks a lot!

If I’ve understood this right – you’re looking to run the uploaded file through an anti-virus and return an error, if applicable.

I think in this case it’s not so much about form validation, more so about hooking into the upload process and post upload JavaScript.

There’s an action hook for the upload script – itsg_gf_ajaxupload_post_upload

But how well this would cover your needs I’m not sure.

Then if it did discover a virus and the file was removed – I don’t think there’s a way to get the message through to the JavaScript so that the client side processes don’t run or to get an error message to appear.

Do you know of an easy way for me to get ClamAV installed so I can test this out? Can you install it on a local Windows WebMatrix install?

Hi,

Yes you’ve understood me right.

I’ve been playing with this today and think I have part of a solution – if you add this on line 631 of gravity-forms-ajax-upload.php (immediately after initialising the upload handler):

$upload_handler = apply_filters( 'itsg_gf_ajaxupload_validation', $upload_handler );
if ( $upload_handler->response['files'][0]->error ) {
	@unlink( $target_path['dirname'] . $upload_handler->response['files'][0]->name );
	if ( $upload_handler->response['files'][0]->thumbnailUrl ) {
		@unlink( $target_path['dirname'] . '/thumbnail/' . $upload_handler->response['files'][0]->name );
	}
}

This allows a filter to be used to pass in a custom error to the object returned by the UploadHandler, and if so, delete the image and thumbnail. Doing it at this stage, rather than using ‘itsg_gf_ajaxupload_post_upload’ means that it happens before the file is added to the Media Library, and importantly the error message you set is shown to the user as a javascript alert.

Example filter use:

function example_callback( $upload_handler ) {
    // Run virus scan etc here
    $upload_handler->response['files'][0]->error = 'Custom validation error string';
    return $upload_handler;
}
add_filter( 'itsg_gf_ajaxupload_validation', 'example_callback' );

However. I haven’t yet looked at how to make the script stop processing at this point and bypass the if ( $ajax_upload_options['import_media_library'] ) function without modifying it. The simple way would be to make it if ( ! $upload_handler->response['files'][0]->error && $ajax_upload_options['import_media_library'] ), but there may be a better way?

What do you think? For my use I could make it work if you just added the filter. Handling the file deletion through the filter in my functions.php would be a bit of a hack but fine if it wasn’t a feature you wanted to add to your plugin. But I’d appreciate any advice on bypassing the Media Library function.

I’m afraid I have no idea about Windows WebMatrix and getting ClamAV running on it. It does run on Windows – you can build it yourself of there is ClamWin or Immunet which may be able to be called by PHP the same as ClamAV on Linux. Sorry I can’t be more help!

Cheers,
Phil