From 960133c0dff86d9dbeb062116a75dfc6817e1bd3 Mon Sep 17 00:00:00 2001 From: jf-cbd Date: Tue, 13 May 2025 16:05:39 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B08379=20-=20fix=20backup=20issue?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2.x/itop-backup/dbrestore.class.inc.php | 9 +------ datamodels/2.x/itop-backup/status.php | 10 +------ setup/backup.class.inc.php | 26 +++++++++++-------- setup/setuputils.class.inc.php | 17 ++++++------ 4 files changed, 25 insertions(+), 37 deletions(-) diff --git a/datamodels/2.x/itop-backup/dbrestore.class.inc.php b/datamodels/2.x/itop-backup/dbrestore.class.inc.php index d274047fa..34944710b 100644 --- a/datamodels/2.x/itop-backup/dbrestore.class.inc.php +++ b/datamodels/2.x/itop-backup/dbrestore.class.inc.php @@ -53,14 +53,7 @@ class DBRestore extends DBBackup $sUser = self::EscapeShellArg($this->sDBUser); $sPwd = self::EscapeShellArg($this->sDBPwd); $sDBName = self::EscapeShellArg($this->sDBName); - if (empty($this->sMySQLBinDir)) - { - $sMySQLExe = 'mysql'; - } - else - { - $sMySQLExe = '"'.$this->sMySQLBinDir.'/mysql"'; - } + $sMySQLExe = DBBackup::MakeSafeMySQLCommand($this->sMySQLBinDir, 'mysql'); if (is_null($this->iDBPort)) { $sPortOption = ''; diff --git a/datamodels/2.x/itop-backup/status.php b/datamodels/2.x/itop-backup/status.php index feeeb9b1b..6f11a2d52 100644 --- a/datamodels/2.x/itop-backup/status.php +++ b/datamodels/2.x/itop-backup/status.php @@ -56,15 +56,7 @@ try // $sMySQLBinDir = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'mysql_bindir', ''); $sMySQLBinDir = utils::ReadParam('mysql_bindir', $sMySQLBinDir, true); - if (empty($sMySQLBinDir)) - { - $sMySQLDump = 'mysqldump'; - } - else - { - //echo 'Info - Found mysql_bindir: '.$sMySQLBinDir; - $sMySQLDump = '"'.$sMySQLBinDir.'/mysqldump"'; - } + $sMySQLDump = DBBackup::MakeSafeMySQLCommand($sMySQLBinDir, 'mysqldump'); $sCommand = "$sMySQLDump -V 2>&1"; $aOutput = array(); diff --git a/setup/backup.class.inc.php b/setup/backup.class.inc.php index d03650edc..295b8dff1 100644 --- a/setup/backup.class.inc.php +++ b/setup/backup.class.inc.php @@ -104,6 +104,8 @@ class DBBackup /** @var string */ protected $sDBName; /** @var string */ + protected $sMySQLBinDir = ''; + /** @var string */ protected $sDBSubName; /** @@ -131,7 +133,6 @@ class DBBackup $this->sDBSubName = $oConfig->get('db_subname'); } - protected $sMySQLBinDir = ''; /** * Create a normalized backup name, depending on the current date/time and Database @@ -299,8 +300,9 @@ class DBBackup } $this->LogInfo("Starting backup of $this->sDBHost/$this->sDBName(suffix:'$this->sDBSubName')"); + $sMySQLBinDir = utils::ReadParam('mysql_bindir', $this->sMySQLBinDir, true); - $sMySQLDump = $this->GetMysqldumpCommand(); + $sMySQLDump = $this->MakeSafeMySQLCommand($sMySQLBinDir, 'mysqldump'); // Store the results in a temporary file $sTmpFileName = self::EscapeShellArg($sBackupFileName); @@ -557,20 +559,22 @@ EOF; /** * @return string the command to launch mysqldump (without its params) + * @throws \BackupException */ - private function GetMysqldumpCommand() + public static function MakeSafeMySQLCommand($sMySQLBinDir, string $sCmd) { - $sMySQLBinDir = utils::ReadParam('mysql_bindir', $this->sMySQLBinDir, true); - if (empty($sMySQLBinDir)) - { - $sMysqldumpCommand = 'mysqldump'; + if (empty($sMySQLBinDir)) { + $sMySQLCommand = $sCmd; } - else - { - $sMysqldumpCommand = '"'.$sMySQLBinDir.'/mysqldump"'; + else { + $sMySQLBinDir = escapeshellcmd($sMySQLBinDir); + $sMySQLCommand = '"'.$sMySQLBinDir.'/$sCmd"'; + if (!file_exists($sMySQLCommand)) { + throw new BackupException("$sCmd not found in $sMySQLBinDir"); + } } - return $sMysqldumpCommand; + return $sMySQLCommand; } } diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php index 93fcece77..9386085a7 100644 --- a/setup/setuputils.class.inc.php +++ b/setup/setuputils.class.inc.php @@ -484,16 +484,15 @@ class SetupUtils { $sMySQLBinDir = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'mysql_bindir', ''); } - - if (empty($sMySQLBinDir)) - { - $sMySQLDump = 'mysqldump'; - } - else - { - SetupPage::log('Info - Found mysql_bindir: '.$sMySQLBinDir); - $sMySQLDump = '"'.$sMySQLBinDir.'/mysqldump"'; + try { + $sMySQLDump = DBBackup::MakeSafeMySQLCommand($sMySQLBinDir, 'mysqldump'); + } catch (Exception $e) { + $aResult[] = new CheckResult(CheckResult::ERROR, $e->getMessage()); + return $aResult; } + if (!empty($sMySQLBinDir)) { + SetupPage::log('Info - Found mysql_bindir: '.$sMySQLBinDir); + } $sCommand = "$sMySQLDump -V 2>&1"; $aOutput = array();