[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 02/06: Securité : amélioration pour les back
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 02/06: Securité : amélioration pour les backups |
|
Date: |
Thu, 11 Sep 2014 17:07:10 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 132e44e6ff65944148855203b134612bdf2d51a7
Author: Dany De Bontridder <address@hidden>
Date: Thu Aug 28 22:57:34 2014 +0200
Securité : amélioration pour les backups
---
html/backup.php | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/html/backup.php b/html/backup.php
index 7bb1193..127a5a0 100644
--- a/html/backup.php
+++ b/html/backup.php
@@ -34,7 +34,11 @@ if ($User->admin != 1)
echo "<script>alert('"._("Vous n\'êtes pas administrateur")."') </script>";
return;
}
-
+$dossier_number=HtmlInput::default_value_request("d", 0);
+if ($dossier_number == 0
+ || isNumber($dossier_number) ==0 ) {
+ die ('Invalid folder number');
+}
/*!\file
* \brief Make and restore backup
*/
@@ -44,8 +48,7 @@ if ( isset ($_REQUEST['sa']) )
putenv("PATH=".PG_PATH);
- if ( ! isset ($_REQUEST['d']) ||
- ! isset($_REQUEST['t']))
+ if ( ! isset($_REQUEST['t']))
{
echo "Erreur : paramètre manquant ";
exit();
@@ -74,7 +77,7 @@ if ( isset ($_REQUEST['sa']) )
if ( $_REQUEST['t'] == 'd' )
{
- $database=domaine."dossier".$_REQUEST['d'];
+ $database=domaine."dossier".$dossier_number;
$args= " -Fc -Z9 --no-owner -h ".getenv("PGHOST")." -p
".getenv("PGPORT")." ".$database;
header('Content-type: application/octet');
header('Content-Disposition:attachment;filename="'.$database.'.bin"',FALSE);
@@ -85,7 +88,7 @@ if ( isset ($_REQUEST['sa']) )
if ( $_REQUEST['t'] == 'm' )
{
- $database=domaine."mod".$_REQUEST['d'];
+ $database=domaine."mod".$dossier_number;
$args= " -Fc -Z9 --no-owner -h ".getenv("PGHOST")." -p
".getenv("PGPORT")." ".$database;
header('Content-type: bin/x-application');
header('Content-Disposition:
attachment;filename="'.$database.'.bin"',FALSE);
- [Noalyss-commit] [noalyss] branch master updated (12d6119 -> 59e76cb), Dany De Bontridder, 2014/09/11
- [Noalyss-commit] [noalyss] 06/06: Database::make_array ajoute un paramètre dans le cas où le SQL admet une condition, Dany De Bontridder, 2014/09/11
- [Noalyss-commit] [noalyss] 05/06: Replace PhpCompta_SQL by NOALYSS_SQL Add the method in NOALYSS_SQL collect_objects, Dany De Bontridder, 2014/09/11
- [Noalyss-commit] [noalyss] 03/06: Replace message error_box, Dany De Bontridder, 2014/09/11
- [Noalyss-commit] [noalyss] 01/06: Formatage code, Dany De Bontridder, 2014/09/11
- [Noalyss-commit] [noalyss] 02/06: Securité : amélioration pour les backups,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 04/06: Reformat code, Dany De Bontridder, 2014/09/11