X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fbackups.php;h=01ef0732acc41e8be64c2903e651c0a87a4eeec9;hb=7e6e0807990447d2977b970c3a0fd28dc9250194;hp=0c039dea42205b6a2f482b2d226b09a90f96c8c9;hpb=99c698c6fca8ef2fd7933eac66f9b7fbf24f45d7;p=fa-stable.git

diff --git a/admin/backups.php b/admin/backups.php
index 0c039dea..01ef0732 100644
--- a/admin/backups.php
+++ b/admin/backups.php
@@ -20,18 +20,25 @@ if (get_post('view')) {
 	if (!get_post('backups')) {
 		display_error(_('Select backup file first.'));
 	} else {
-		$filename = $SysPrefs->backup_dir().clean_file_name(get_post('backups'));
+		$filename = $SysPrefs->backup_dir() . clean_file_name(get_post('backups'));
 		if (in_ajax()) 
 			$Ajax->popup( $filename );
 		else {
-		    header('Content-type: text/plain');
-    		header('Content-Length: '.filesize($filename));
-			header("Content-Disposition: inline");
-    		readfile($filename);
+			header('Content-type: text/plain');
+			header('Content-Length: '.filesize($filename));
+			header("Content-Disposition: inline; filename=".basename($filename));
+			if (substr($filename, -3, 3) == '.gz')
+				header("Content-Encoding: gzip");
+
+			if (substr($filename, -4, 4) == '.zip')
+				echo db_unzip('', $filename);
+			else
+				readfile($filename);
 			exit();
 		}
 	}
 };
+
 if (get_post('download')) {
 	if (get_post('backups')) {
 		download_file($SysPrefs->backup_dir().clean_file_name(get_post('backups')));
@@ -67,7 +74,7 @@ function generate_backup($conn, $ext='no', $comm='')
 			. _("Filename") . ": " . $filename);
 	else
 		display_error(_("Database backup failed."));
-	
+
 	return $filename;
 }
 
@@ -134,13 +141,14 @@ $backup_path = $SysPrefs->backup_dir() . $backup_name;
 if (get_post('creat')) {
 	generate_backup($conn, get_post('comp'), get_post('comments'));
 	$Ajax->activate('backups');
+	$SysPrefs->refresh(); // re-read system setup
 };
 
 if (get_post('restore')) {
 	if ($backup_name) {
-		if (db_import($backup_path, $conn))
+		if (db_import($backup_path, $conn, true, false, check_value('protect')))
 			display_notification(_("Restore backup completed."));
-		$SysPrefs->refesh(); // re-read system setup
+		$SysPrefs->refresh(); // re-read system setup
 	} else
 		display_error(_("Select backup file first."));
 }
@@ -166,6 +174,8 @@ if (get_post('upload'))
 	if ($fname) {
 		if (!preg_match("/\.sql(\.zip|\.gz)?$/", $fname))
 			display_error(_("You can only upload *.sql backup files"));
+		elseif ($fname != clean_file_name($fname))
+			display_error(_("Filename contains forbidden chars. Please rename file and try again."));
 		elseif (is_uploaded_file($tmpname)) {
 			rename($tmpname, $SysPrefs->backup_dir() . $fname);
 			display_notification(_("File uploaded to backup directory"));
@@ -193,7 +203,7 @@ table_section_title(_("Backup scripts maintenance"));
 	echo "<td style='padding-left:20px' valign='top'>";
 	start_table();
 	submit_row('view',_("View Backup"), false, '', '', false);
-	submit_row('download',_("Download Backup"), false, '', '', false);
+	submit_row('download',_("Download Backup"), false, '', '', 'download');
 	submit_row('restore',_("Restore Backup"), false, '','', 'process');
 	submit_js_confirm('restore',_("You are about to restore database from backup file.\nDo you want to continue?"));
 
@@ -204,7 +214,12 @@ table_section_title(_("Backup scripts maintenance"));
 	echo "</td>";
 	end_row();
 start_row();
-echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
+	echo "<td style='padding-left:20px'  cspan=2>"
+	. radio(_('Update security settings'), 'protect', 0) . '<br>'
+	. radio(_('Protect security settings'), 'protect', 1, true) . "</td>";
+end_row();
+start_row();
+	echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
 	submit_cells('upload',_("Upload file"),"style='padding-left:20px'", '', true);
 end_row();
 end_outer_table();