composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°1933: Security hardening

Browse Source
This commit is contained in:
Stephen Abello
2019-01-14 11:57:16 +01:00
parent dfe81f6272
commit ed3fd851f1
1 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
setup/backup.class.inc.php
View File

@@ -527,6 +527,8 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
* @param string $sFile * @param string $sFile
*/ */
public function DownloadBackup($sFile) public function DownloadBackup($sFile)
{
if (file_exists($sFile))
{ {
header('Content-Description: File Transfer'); header('Content-Description: File Transfer');
header('Content-Type: multipart/x-zip'); header('Content-Type: multipart/x-zip');
@@ -537,6 +539,11 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
header('Content-Length: '.filesize($sFile)); header('Content-Length: '.filesize($sFile));
readfile($sFile) ; readfile($sFile) ;
} }
else
{
throw new InvalidParameterException('Invalid file path');
}
}
/** /**
* Helper to open a Database connection * Helper to open a Database connection