composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/support/2.5' into release/2.6

Browse Source
This commit is contained in:
Pierre Goiffon
2019-01-09 17:24:54 +01:00
parent 340cacc691 0bce9c78ea
commit effaba42d0
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
datamodels/2.x/itop-backup/ajax.backup.php
View File

@@ -184,7 +184,15 @@ EOF
$sFile = utils::ReadParam('file', '', false, 'raw_data');
$oBackup = new DBBackupScheduled();
$sBackupDir = APPROOT.'data/backups/';
$oBackup->DownloadBackup($sBackupDir.$sFile);
$sPathNoDotDotPattern = '/^((?!\/\.\.\/).)*$/';
if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
{
$oBackup->DownloadBackup($sBackupDir.$sFile);
}
else
{
throw new InvalidParameterException('Invalid file path');
}
break;
}
}