projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Bug in backups.php, 'protect', fixed.
[fa-stable.git] / admin / backups.php
diff --git a/admin/backups.php b/admin/backups.php
index 5eee6256557e4bce6fe14898662553c365836c12..01ef0732acc41e8be64c2903e651c0a87a4eeec9 100644 (file)
--- a/admin/backups.php
+++ b/admin/backups.php
@@ -20,21 +20,28 @@ if (get_post('view')) {
        if (!get_post('backups')) {
                display_error(_('Select backup file first.'));
        } else {
-               $filename = BACKUP_PATH . clean_file_name(get_post('backups'));
+               $filename = $SysPrefs->backup_dir() . clean_file_name(get_post('backups'));
                if (in_ajax()) 
                        $Ajax->popup( $filename );
                else {
-                   header('Content-type: text/plain');
-               header('Content-Length: '.filesize($filename));
-                       header("Content-Disposition: inline");
-               readfile($filename);
+                       header('Content-type: text/plain');
+                       header('Content-Length: '.filesize($filename));
+                       header("Content-Disposition: inline; filename=".basename($filename));
+                       if (substr($filename, -3, 3) == '.gz')
+                               header("Content-Encoding: gzip");
+
+                       if (substr($filename, -4, 4) == '.zip')
+                               echo db_unzip('', $filename);
+                       else
+                               readfile($filename);
                        exit();
                }
        }
 };
+
 if (get_post('download')) {
        if (get_post('backups')) {
-               download_file(BACKUP_PATH . clean_file_name(get_post('backups')));
+               download_file($SysPrefs->backup_dir().clean_file_name(get_post('backups')));
                exit;
        } else
                display_error(_("Select backup file first."));
@@ -46,10 +53,12 @@ check_paths();
 
 function check_paths()
 {
-       if (!file_exists(BACKUP_PATH)) {
+  global $SysPrefs;
+
+       if (!file_exists($SysPrefs->backup_dir())) {
                display_error (_("Backup paths have not been set correctly.") 
                        ._("Please contact System Administrator.")."<br>" 
-                       . _("cannot find backup directory") . " - " . BACKUP_PATH . "<br>");
+                       . _("cannot find backup directory") . " - " . $SysPrefs->backup_dir() . "<br>");
                end_page();
                exit;
        }
@@ -57,24 +66,26 @@ function check_paths()
 
 function generate_backup($conn, $ext='no', $comm='')
 {
-       $filename = db_backup($conn, $ext, $comm);
+       global $SysPrefs;
+
+       $filename = db_backup($conn, $ext, $comm, $SysPrefs->backup_dir());
        if ($filename)
                display_notification(_("Backup successfully generated."). ' '
                        . _("Filename") . ": " . $filename);
        else
                display_error(_("Database backup failed."));
-       
+
        return $filename;
 }
 
 
 function get_backup_file_combo()
 {
-       global $path_to_root, $Ajax;
+       global $path_to_root, $Ajax, $SysPrefs;
        
        $ar_files = array();
     default_focus('backups');
-    $dh = opendir(BACKUP_PATH);
+    $dh = opendir($SysPrefs->backup_dir());
        while (($file = readdir($dh)) !== false)
                $ar_files[] = $file;
        closedir($dh);
@@ -123,21 +134,21 @@ function download_file($filename)
     return true;
 }
 
-$db_name = $_SESSION["wa_current_user"]->company;
-$conn = $db_connections[$db_name];
+$conn = $db_connections[user_company()];
 $backup_name = clean_file_name(get_post('backups'));
-$backup_path = BACKUP_PATH . $backup_name;
+$backup_path = $SysPrefs->backup_dir() . $backup_name;
 
 if (get_post('creat')) {
        generate_backup($conn, get_post('comp'), get_post('comments'));
        $Ajax->activate('backups');
+       $SysPrefs->refresh(); // re-read system setup
 };
 
 if (get_post('restore')) {
        if ($backup_name) {
-               if (db_import($backup_path, $conn))
+               if (db_import($backup_path, $conn, true, false, check_value('protect')))
                        display_notification(_("Restore backup completed."));
-               refresh_sys_prefs(); // re-read system setup
+               $SysPrefs->refresh(); // re-read system setup
        } else
                display_error(_("Select backup file first."));
 }
@@ -163,8 +174,10 @@ if (get_post('upload'))
        if ($fname) {
                if (!preg_match("/\.sql(\.zip|\.gz)?$/", $fname))
                        display_error(_("You can only upload *.sql backup files"));
+               elseif ($fname != clean_file_name($fname))
+                       display_error(_("Filename contains forbidden chars. Please rename file and try again."));
                elseif (is_uploaded_file($tmpname)) {
-                       rename($tmpname, BACKUP_PATH . $fname);
+                       rename($tmpname, $SysPrefs->backup_dir() . $fname);
                        display_notification(_("File uploaded to backup directory"));
                        $Ajax->activate('backups');
                } else
@@ -190,7 +203,7 @@ table_section_title(_("Backup scripts maintenance"));
        echo "<td style='padding-left:20px' valign='top'>";
        start_table();
        submit_row('view',_("View Backup"), false, '', '', false);
-       submit_row('download',_("Download Backup"), false, '', '', false);
+       submit_row('download',_("Download Backup"), false, '', '', 'download');
        submit_row('restore',_("Restore Backup"), false, '','', 'process');
        submit_js_confirm('restore',_("You are about to restore database from backup file.\nDo you want to continue?"));
 
@@ -201,7 +214,12 @@ table_section_title(_("Backup scripts maintenance"));
        echo "</td>";
        end_row();
 start_row();
-echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
+       echo "<td style='padding-left:20px'  cspan=2>"
+       . radio(_('Update security settings'), 'protect', 0) . '<br>'
+       . radio(_('Protect security settings'), 'protect', 1, true) . "</td>";
+end_row();
+start_row();
+       echo "<td style='padding-left:20px' align='left'><input name='uploadfile' type='file'></td>";
        submit_cells('upload',_("Upload file"),"style='padding-left:20px'", '', true);
 end_row();
 end_outer_table();
@@ -209,4 +227,3 @@ end_outer_table();
 end_form();
 
 end_page();
-?>
FrontAccounting stable branch