diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-01-06 16:52:47 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-01-06 16:52:47 +0100 |
| commit | 0af07d14258627449b0e9fd673ef5e437c39b88b (patch) | |
| tree | bfd3811e0d6334987ba57f792cbb70d21d560604 /phpBB/includes/acp/acp_database.php | |
| parent | 537ff0c567de293763226390ab9d968ab73d77d5 (diff) | |
| download | forums-0af07d14258627449b0e9fd673ef5e437c39b88b.tar forums-0af07d14258627449b0e9fd673ef5e437c39b88b.tar.gz forums-0af07d14258627449b0e9fd673ef5e437c39b88b.tar.bz2 forums-0af07d14258627449b0e9fd673ef5e437c39b88b.tar.xz forums-0af07d14258627449b0e9fd673ef5e437c39b88b.zip | |
[ticket/15928] Remove support for downloading backups
PHPBB3-15928
Diffstat (limited to 'phpBB/includes/acp/acp_database.php')
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 206 |
1 files changed, 107 insertions, 99 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 19c4f6e4f1..05f2b98524 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -23,6 +23,7 @@ class acp_database { var $db_tools; var $u_action; + public $page_title; function main($id, $mode) { @@ -69,18 +70,13 @@ class acp_database trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $store = $download = $structure = $schema_data = false; + $store = $structure = $schema_data = false; - if ($where == 'store_and_download' || $where == 'store') + if ($where == 'store') { $store = true; } - if ($where == 'store_and_download' || $where == 'download') - { - $download = true; - } - if ($type == 'full' || $type == 'structure') { $structure = true; @@ -98,8 +94,9 @@ class acp_database $filename = 'backup_' . $time . '_' . unique_id(); + /** @var phpbb\db\extractor\extractor_interface $extractor Database extractor */ $extractor = $phpbb_container->get('dbal.extractor'); - $extractor->init_extractor($format, $filename, $time, $download, $store); + $extractor->init_extractor($format, $filename, $time, false, $store); $extractor->write_start($table_prefix); @@ -145,11 +142,6 @@ class acp_database $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_BACKUP'); - if ($download == true) - { - exit; - } - trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action)); break; @@ -201,16 +193,10 @@ class acp_database case 'submit': $delete = $request->variable('delete', ''); $file = $request->variable('file', ''); - $download = $request->variable('download', ''); - if (!preg_match('#^backup_\d{10,}_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } + $backup_info = $this->get_backup_file($phpbb_root_path . 'store/', $file); - $file_name = $phpbb_root_path . 'store/' . $matches[0]; - - if (!file_exists($file_name) || !is_readable($file_name)) + if (empty($backup_info) || !is_readable($backup_info['file_name'])) { trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -219,7 +205,7 @@ class acp_database { if (confirm_box(true)) { - unlink($file_name); + unlink($backup_info['file_name']); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_DELETE'); trigger_error($user->lang['BACKUP_DELETE'] . adm_back_link($this->u_action)); } @@ -228,50 +214,12 @@ class acp_database confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file))); } } - else if ($download || confirm_box(true)) + else if (confirm_box(true)) { - if ($download) - { - $name = $matches[0]; - - switch ($matches[1]) - { - case 'sql': - $mimetype = 'text/x-sql'; - break; - case 'sql.bz2': - $mimetype = 'application/x-bzip2'; - break; - case 'sql.gz': - $mimetype = 'application/x-gzip'; - break; - } - - header('Cache-Control: private, no-cache'); - header("Content-Type: $mimetype; name=\"$name\""); - header("Content-disposition: attachment; filename=$name"); - - @set_time_limit(0); - - $fp = @fopen($file_name, 'rb'); - - if ($fp !== false) - { - while (!feof($fp)) - { - echo fread($fp, 8192); - } - fclose($fp); - } - - flush(); - exit; - } - - switch ($matches[1]) + switch ($backup_info['extensions']) { case 'sql': - $fp = fopen($file_name, 'rb'); + $fp = fopen($backup_info['file_name'], 'rb'); $read = 'fread'; $seek = 'fseek'; $eof = 'feof'; @@ -280,7 +228,7 @@ class acp_database break; case 'sql.bz2': - $fp = bzopen($file_name, 'r'); + $fp = bzopen($backup_info['file_name'], 'r'); $read = 'bzread'; $seek = ''; $eof = 'feof'; @@ -289,13 +237,17 @@ class acp_database break; case 'sql.gz': - $fp = gzopen($file_name, 'rb'); + $fp = gzopen($backup_info['file_name'], 'rb'); $read = 'gzread'; $seek = 'gzseek'; $eof = 'gzeof'; $close = 'gzclose'; $fgetd = 'fgetd'; break; + + default: + trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + return; } switch ($db->get_sql_layer()) @@ -375,43 +327,13 @@ class acp_database trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action)); break; } - else if (!$download) + else { confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file))); } default: - $methods = array('sql'); - $available_methods = array('sql.gz' => 'zlib', 'sql.bz2' => 'bz2'); - - foreach ($available_methods as $type => $module) - { - if (!@extension_loaded($module)) - { - continue; - } - $methods[] = $type; - } - - $dir = $phpbb_root_path . 'store/'; - $dh = @opendir($dir); - - $backup_files = array(); - - if ($dh) - { - while (($file = readdir($dh)) !== false) - { - if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - if (in_array($matches[2], $methods)) - { - $backup_files[(int) $matches[1]] = $file; - } - } - } - closedir($dh); - } + $backup_files = $this->get_file_list($phpbb_root_path . 'store/'); if (!empty($backup_files)) { @@ -420,8 +342,8 @@ class acp_database foreach ($backup_files as $name => $file) { $template->assign_block_vars('files', array( - 'FILE' => $file, - 'NAME' => $user->format_date($name, 'd-m-Y H:i:s', true), + 'FILE' => sha1($file), + 'NAME' => $user->format_date($name, 'd-m-Y H:i', true), 'SUPPORTED' => true, )); } @@ -435,6 +357,92 @@ class acp_database break; } } + + /** + * Get backup file from file hash + * + * @param string $directory Relative path to directory + * @param string $file_hash Hash of selected file + * + * @return array Backup file data or empty array if unable to find file + */ + protected function get_backup_file($directory, $file_hash) + { + $backup_data = []; + + $file_list = $this->get_file_list($directory); + $supported_extensions = $this->get_supported_extensions(); + + foreach ($file_list as $file) + { + preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches); + if (sha1($file) === $file_hash && in_array($matches[2], $supported_extensions)) + { + $backup_data = [ + 'file_name' => $directory . $file, + 'extension' => $matches[2], + ]; + break; + } + } + + return $backup_data; + } + + /** + * Get backup file list for directory + * + * @param string $directory Relative path to backup directory + * + * @return array List of backup files in specified directory + */ + protected function get_file_list($directory) + { + $supported_extensions = $this->get_supported_extensions(); + + $dh = @opendir($directory); + + $backup_files = []; + + if ($dh) + { + while (($file = readdir($dh)) !== false) + { + if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) + { + if (in_array($matches[2], $supported_extensions)) + { + $backup_files[(int) $matches[1]] = $file; + } + } + } + closedir($dh); + } + + return $backup_files; + } + + /** + * Get supported extensions for backup + * + * @return array List of supported extensions + */ + protected function get_supported_extensions() + { + $extensions = ['sql']; + $available_methods = ['sql.gz' => 'zlib', 'sql.bz2' => 'bz2']; + + foreach ($available_methods as $type => $module) + { + if (!@extension_loaded($module)) + { + continue; + } + $extensions[] = $type; + } + + return $extensions; + } } // get how much space we allow for a chunk of data, very similar to phpMyAdmin's way of doing things ;-) (hey, we only do this for MySQL anyway :P) |