From 96c21ed2ead7edeae1be8528bf1a46f7f1d5b81d Mon Sep 17 00:00:00 2001
From: Anaggh S <anagghscm@gmail.com>
Date: Thu, 1 Oct 2020 23:33:59 +0530
Subject: [PATCH] Fix #1246 Arbitrary zip/directory deletion vulnerability in
 backup plugin

---
 bl-plugins/backup/plugin.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bl-plugins/backup/plugin.php b/bl-plugins/backup/plugin.php
index c7e8d0c2..ce733d80 100644
--- a/bl-plugins/backup/plugin.php
+++ b/bl-plugins/backup/plugin.php
@@ -290,6 +290,14 @@ class pluginBackup extends Plugin {
 	{
 		global $L;
 
+		// Prevent arbitrary deletion. Check if directory/zip backup exists
+		if (! in_array(
+			$this->zip ? "$filename.zip" : $filename,
+			array_map('basename', glob($this->workspace().'*')))
+		) {
+			return $this->response(400, sprintf($L->get("Invalid Backup '%s'"), $filename));
+		}
+
 		if ($this->zip) {
 			// Zip format
 			$tmp = $this->workspace().$filename.'.zip';