kazhnuz/koblog
1
0
Fork 0
Code Issues 34 Pull requests 1 Projects 4 Releases Packages Wiki Activity Actions

Merge pull request #1221 from SamBrishes/patch-012

Browse source 
Validate Backup Files
This commit is contained in:
Diego Najar 2020-07-01 19:22:28 +02:00 committed by GitHub
commit 0862dee6a7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
bl-plugins/backup/plugin.php
View file

@ -211,6 +211,12 @@ class pluginBackup extends Plugin {
if (Filesystem::zip($backupDir, $backupDir.'.zip')) { if (Filesystem::zip($backupDir, $backupDir.'.zip')) {
Filesystem::deleteRecursive($backupDir); Filesystem::deleteRecursive($backupDir);
} }
// Add validation file
$zip = new ZipArchive();
$zip->open($backupDir.'.zip');
$zip->addFromString('.BLUDIT_BACKUP', md5_file($backupDir.'.zip'));
$zip->close();
} }
if (file_exists($backupDir.'.zip')) { if (file_exists($backupDir.'.zip')) {
@ -220,6 +226,40 @@ class pluginBackup extends Plugin {
return $this->response(400, $L->get("The Backup file could not be created.")); return $this->response(400, $L->get("The Backup file could not be created."));
} }
public function validateBackup($filename)
{
$tmp = PATH_TMP.'backup-'.time().'.zip';
copy($filename, $tmp);
// Check Archive
$zip = new ZipArchive();
if($zip->open($tmp) !== true) {
unlink($tmp);
return false;
}
// Check Basic Folders
if ($zip->addEmptyDir("databases") || $zip->addEmptyDir("pages") || $zip->addEmptyDir("uploads")) {
$zip->close();
unlink($tmp);
return false;
}
// Check Checksum
if (($checksum = $zip->getFromName(".BLUDIT_BACKUP")) === false) {
$zip->close();
unlink($tmp);
return false;
}
$zip->deleteName(".BLUDIT_BACKUP");
$zip->close();
$check = $checksum === md5_file($tmp);
// Return
unlink($tmp);
return $check;
}
public function restoreBackup($filename) public function restoreBackup($filename)
{ {
global $L; global $L;
@ -285,14 +325,10 @@ class pluginBackup extends Plugin {
return $this->response(400, $L->get("The passed file could not be validated.")); return $this->response(400, $L->get("The passed file could not be validated."));
} }
// Validate ZIP File // Validate Backup ZIP
$zip = new ZipArchive(); if (!$this->validateBackup($backup["tmp_name"])) {
$zip->open($backup["tmp_name"]);
if($zip->addEmptyDir("databases") || $zip->addEmptyDir("pages") || $zip->addEmptyDir("uploads")) {
$zip->close();
return $this->response(415, $L->get("The passed file is not a valid backup archive.")); return $this->response(415, $L->get("The passed file is not a valid backup archive."));
} }
$zip->close();
// File Name // File Name
$name = $backup["name"]; $name = $backup["name"];