N°1935: Security hardening

2026-04-22 18:18:46 +02:00 · 2019-01-14 11:54:46 +01:00
parent 0bce9c78ea
commit dfe81f6272
1 changed files with 1 additions and 1 deletions
--- a/datamodels/2.x/itop-backup/ajax.backup.php
+++ b/datamodels/2.x/itop-backup/ajax.backup.php
@@ -184,7 +184,7 @@ EOF
 			$sFile = utils::ReadParam('file', '', false, 'raw_data');
 			$oBackup = new DBBackupScheduled();
 			$sBackupDir = APPROOT.'data/backups/';
-			$sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/';
+			$sPathNoDotDotPattern = "/^((?![\/\\\\]\.\.[\/\\\\]).)*$/";
 			if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
 			{
 				$oBackup->DownloadBackup($sBackupDir.$sFile);