diff --git a/datamodels/2.x/itop-backup/ajax.backup.php b/datamodels/2.x/itop-backup/ajax.backup.php
index 97b4859ed2..c228294fc8 100644
--- a/datamodels/2.x/itop-backup/ajax.backup.php
+++ b/datamodels/2.x/itop-backup/ajax.backup.php
@@ -184,7 +184,15 @@ EOF
 			$sFile = utils::ReadParam('file', '', false, 'raw_data');
 			$oBackup = new DBBackupScheduled();
 			$sBackupDir = APPROOT.'data/backups/';
-			$oBackup->DownloadBackup($sBackupDir.$sFile);
+			$sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/';
+			if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
+			{
+				$oBackup->DownloadBackup($sBackupDir.$sFile);
+			}
+			else
+			{
+				throw new InvalidParameterException('Invalid file path');
+			}
 			break;
 	}
 }
diff --git a/setup/phpcheck.php b/setup/phpcheck.php
new file mode 100644
index 0000000000..34f5ccf580
--- /dev/null
+++ b/setup/phpcheck.php
@@ -0,0 +1,2 @@
+<?php
+echo '<h1>PHP works!</h1>';
\ No newline at end of file
diff --git a/setup/phpinfo.php b/setup/phpinfo.php
index cf6086080a..4590b291ef 100644
--- a/setup/phpinfo.php
+++ b/setup/phpinfo.php
@@ -1,3 +1,9 @@
 <?php
+require_once('../approot.inc.php');
+
+require_once(APPROOT.'/application/startup.inc.php');
+
+require_once(APPROOT.'/application/loginwebpage.class.inc.php');
+LoginWebPage::DoLogin(true); // Check user rights and prompt if needed
 phpinfo();
 ?>