maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

secure shell-execution of mysqldump on installation if given database-name exists

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2020-03-04 19:35:57 +01:00
parent 6b09720ef8
commit 62ce21c9ec
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/lib/class.FroxlorInstall.php
View File

@@ -735,7 +735,7 @@ class FroxlorInstall
}
if ($do_backup) {
$command = $mysql_dump . " " . $this->_data['mysql_database'] . " -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
$output = exec($command);
if (stristr($output, "error")) {
$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);