###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2005-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
use File::Copy;
+use File::Basename;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
my %checked = ();
my $message = "";
my $errormessage = "";
+my @backups = "";
+my @backupisos = "";
$a = new CGI;
############################################################################################################################
############################################## System calls ohne Http Header ###############################################
-# Replace slashes from filename
-$cgiparams{'FILE'} =~ s/\///;
-
-if ( $cgiparams{'ACTION'} eq "download" )
-{
- open(DLFILE, "</var/ipfire/backup/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-if ( $cgiparams{'ACTION'} eq "downloadiso" )
-{
- open(DLFILE, "</var/tmp/backupiso/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-if ( $cgiparams{'ACTION'} eq "downloadaddon" )
-{
- open(DLFILE, "</var/ipfire/backup/addons/backup/$cgiparams{'FILE'}") or die "Unable to open $cgiparams{'FILE'}: $!";
- my @fileholder = <DLFILE>;
- print "Content-Type:application/x-download\n";
- print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n";
- print @fileholder;
- exit (0);
-}
-elsif ( $cgiparams{'ACTION'} eq "restore" )
-{
+if ($cgiparams{'ACTION'} eq "download") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ($cgiparams{'ACTION'} eq "downloadiso") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ($cgiparams{'ACTION'} eq "downloadaddon") {
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ &deliver_file($file);
+ exit(0);
+} elsif ( $cgiparams{'ACTION'} eq "restore") {
my $upload = $a->param("UPLOAD");
open UPLOADFILE, ">/tmp/restore.ipf";
binmode $upload;
}
if ( $cgiparams{'ACTION'} eq "addonbackup" )
{
+ # Exit if there is any dots or slashes in the addon name
+ exit(1) if ($cgiparams{'ADDON'} =~ /(\.|\/)/);
+
+ # Check if the addon exists
+ exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
+
system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
}
elsif ( $cgiparams{'ACTION'} eq "delete" )
{
- system("/usr/local/bin/backupctrl $cgiparams{'FILE'} >/dev/null 2>&1");
+ my $file = &sanitise_file($cgiparams{'FILE'});
+ exit(1) unless defined($file);
+
+ system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
}
############################################################################################################################
&Header::closebox();
}
-my @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`;
-my @backupisos = `cd /var/tmp/backupiso/ && ls *.iso 2>/dev/null`;
+if ( -e "/var/ipfire/backup/" ){
+ @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`;
+}
-&Header::openbox('100%', 'center', $Lang::tr{'backup'});
+if ( -e "/var/tmp/backupiso/" ){
+ @backupisos = `cd /var/tmp/backupiso/ && ls *.iso 2>/dev/null`;
+}
+
+&Header::openbox('100%', 'center', );
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td align='left'>
<input type='radio' name='BACKUPLOGS' value='include'/> $Lang::tr{'include logfiles'}<br/>
<input type='radio' name='BACKUPLOGS' value='exclude' checked='checked'/> $Lang::tr{'exclude logfiles'}<br/>
- <input type='radio' name='BACKUPLOGS' value='iso' /> $Lang::tr{'generate iso'}
+END
+;
+my $MACHINE=`uname -m`;
+if ( ! ( $MACHINE =~ "arm" )) {
+ print" <input type='radio' name='BACKUPLOGS' value='iso' /> $Lang::tr{'generate iso'}<br/>"
+}
+print <<END
</td>
</tr>
<tr><td align='center' colspan='2'>
END
;
foreach (@backups){
+if ( $_ !~ /ipf$/){next;}
chomp($_);
my $Datei = "/var/ipfire/backup/".$_;
my @Info = stat($Datei);
-my $Size = $Info[7] / 1024;
-$Size = sprintf("%02d", $Size);
-print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='download' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
+my $Size = $Info[7] / 1024 / 1024;
+$Size = sprintf("%0.2f", $Size);
+print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='download' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
print "<td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='delete' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /></form></td></tr>";
}
foreach (@backupisos){
+if ( $_ !~ /iso$/){next;}
chomp($_);
my $Datei = "/var/tmp/backupiso/".$_;
my @Info = stat($Datei);
-my $Size = $Info[7] / 1024;
-$Size = sprintf("%02d", $Size);
-print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='downloadiso' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
+my $Size = $Info[7] / 1024 / 1024;
+$Size = sprintf("%0.2f", $Size);
+print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='downloadiso' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
print "<td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='delete' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /></form></td></tr>";
}
print <<END
############################################################################################################################
############################################# Backups von Addons erstellen #################################################
-&Header::openbox('100%', 'center', 'addons');
+&Header::openbox('100%', 'center', $Lang::tr{'addons'});
my @addonincluds = `ls /var/ipfire/backup/addons/includes/ 2>/dev/null`;
my @addons = `ls /var/ipfire/backup/addons/backup/ 2>/dev/null`;
my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf";
my @Info = stat($Datei);
my $Size = $Info[7] / 1024;
-$Size = sprintf("%2d", $Size);
+
if ( -e $Datei ){
-print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
+ if ($Size < 1) {
+ $Size = sprintf("%.2f", $Size);
+ print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
+ } else {
+ $Size = sprintf("%2d", $Size);
+ print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
+
+ }
+
print <<END
<td align='right' width='5'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<td align='right' width='5'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='delete' />
- <input type='hidden' name='FILE' value='addons/backup/$_.ipf' />
+ <input type='hidden' name='FILE' value='$_.ipf' />
<input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
</form>
</td>
<td align='right' width='5'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='delete' />
- <input type='hidden' name='FILE' value='addons/backup/$_.ipf' />
+ <input type='hidden' name='FILE' value='$_.ipf' />
<input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
</form>
</td>
&Header::closebox();
&Header::closebigbox();
&Header::closepage();
+
+sub sanitise_file() {
+ my $file = shift;
+
+ # Filenames cannot contain any slashes
+ return undef if ($file =~ /\//);
+
+ # File must end with .ipf or .iso
+ return undef unless ($file =~ /\.(ipf|iso)$/);
+
+ # Convert to absolute path
+ if (-e "/var/ipfire/backup/$file") {
+ return "/var/ipfire/backup/$file";
+ } elsif (-e "/var/ipfire/backup/addons/backup/$file") {
+ return "/var/ipfire/backup/addons/backup/$file";
+ } elsif (-e "/var/tmp/backupiso/$file") {
+ return "/var/tmp/backupiso/$file";
+ }
+
+ # File does not seem to exist
+ return undef;
+}
+
+sub deliver_file() {
+ my $file = shift;
+ my @stat = stat($file);
+
+ # Print headers
+ print "Content-Disposition: attachment; filename=" . &File::Basename::basename($file) . "\n";
+ print "Content-Type: application/octet-stream\n";
+ print "Content-Length: $stat[7]\n";
+ print "\n";
+
+ # Deliver content
+ open(FILE, "<$file") or die "Unable to open $file: $!";
+ print <FILE>;
+ close(FILE);
+}