X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fbackup.cgi;h=cac4146ab94e59e5ab93e3c06ce763b5045435c7;hb=9b86a7ec28bd2a2049e771b59dff817c0569e106;hp=0592ef82cdbd63204b98153d765d0e999f2fd23c;hpb=f31d3c1f23a4973ace55135d1a2838fe63e8e8d2;p=ipfire-2.x.git diff --git a/html/cgi-bin/backup.cgi b/html/cgi-bin/backup.cgi index 0592ef82cd..cac4146ab9 100644 --- a/html/cgi-bin/backup.cgi +++ b/html/cgi-bin/backup.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2005-2013 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,6 +24,7 @@ use strict; #use warnings; #use CGI::Carp 'fatalsToBrowser'; use File::Copy; +use File::Basename; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; @@ -35,6 +36,8 @@ my %cgiparams=(); my %checked = (); my $message = ""; my $errormessage = ""; +my @backups = ""; +my @backupisos = ""; $a = new CGI; @@ -56,27 +59,25 @@ system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ ############################################################################################################################ ############################################## System calls ohne Http Header ############################################### - -if ( $cgiparams{'ACTION'} eq "download" ) -{ - open(DLFILE, "; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n"; - print @fileholder; - exit (0); -} -if ( $cgiparams{'ACTION'} eq "downloadaddon" ) -{ - open(DLFILE, "; - print "Content-Type:application/x-download\n"; - print "Content-Disposition:attachment;filename=$cgiparams{'FILE'}\n\n"; - print @fileholder; - exit (0); -} -elsif ( $cgiparams{'ACTION'} eq "restore" ) -{ +if ($cgiparams{'ACTION'} eq "download") { + my $file = &sanitise_file($cgiparams{'FILE'}); + exit(1) unless defined($file); + + &deliver_file($file); + exit(0); +} elsif ($cgiparams{'ACTION'} eq "downloadiso") { + my $file = &sanitise_file($cgiparams{'FILE'}); + exit(1) unless defined($file); + + &deliver_file($file); + exit(0); +} elsif ($cgiparams{'ACTION'} eq "downloadaddon") { + my $file = &sanitise_file($cgiparams{'FILE'}); + exit(1) unless defined($file); + + &deliver_file($file); + exit(0); +} elsif ( $cgiparams{'ACTION'} eq "restore") { my $upload = $a->param("UPLOAD"); open UPLOADFILE, ">/tmp/restore.ipf"; binmode $upload; @@ -123,11 +124,20 @@ if ( $cgiparams{'ACTION'} eq "backup" ) } if ( $cgiparams{'ACTION'} eq "addonbackup" ) { + # Exit if there is any dots or slashes in the addon name + exit(1) if ($cgiparams{'ADDON'} =~ /(\.|\/)/); + + # Check if the addon exists + exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}"); + system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1"); } elsif ( $cgiparams{'ACTION'} eq "delete" ) { - system("/usr/local/bin/backupctrl $cgiparams{'FILE'} >/dev/null 2>&1"); + my $file = &sanitise_file($cgiparams{'FILE'}); + exit(1) unless defined($file); + + system("/usr/local/bin/backupctrl $file >/dev/null 2>&1"); } ############################################################################################################################ @@ -139,9 +149,15 @@ if ( $message ne "" ){ &Header::closebox(); } -my @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`; +if ( -e "/var/ipfire/backup/" ){ + @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`; +} + +if ( -e "/var/tmp/backupiso/" ){ + @backupisos = `cd /var/tmp/backupiso/ && ls *.iso 2>/dev/null`; +} -&Header::openbox('100%', 'center', $Lang::tr{'backup'}); +&Header::openbox('100%', 'center', ); print < @@ -151,7 +167,13 @@ print < $Lang::tr{'include logfiles'}
$Lang::tr{'exclude logfiles'}
- $Lang::tr{'generate iso'} +END +; +my $MACHINE=`uname -m`; +if ( ! ( $MACHINE =~ "arm" )) { + print" $Lang::tr{'generate iso'}
" +} +print < @@ -174,12 +196,23 @@ print <$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB
"; +my $Size = $Info[7] / 1024 / 1024; +$Size = sprintf("%0.2f", $Size); +print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB
"; +print "
"; +} +foreach (@backupisos){ +if ( $_ !~ /iso$/){next;} +chomp($_); +my $Datei = "/var/tmp/backupiso/".$_; +my @Info = stat($Datei); +my $Size = $Info[7] / 1024 / 1024; +$Size = sprintf("%0.2f", $Size); +print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB
"; print "
"; } print </dev/null`; my @addons = `ls /var/ipfire/backup/addons/backup/ 2>/dev/null`; @@ -209,9 +242,17 @@ delete $addons{$_}; my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf"; my @Info = stat($Datei); my $Size = $Info[7] / 1024; -$Size = sprintf("%2d", $Size); + if ( -e $Datei ){ -print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9]).""; + if ($Size < 1) { + $Size = sprintf("%.2f", $Size); + print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9]).""; + } else { + $Size = sprintf("%2d", $Size); + print "$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9]).""; + + } + print <
@@ -223,7 +264,7 @@ print < - + @@ -262,7 +303,7 @@ print <
- +
@@ -290,3 +331,41 @@ END &Header::closebox(); &Header::closebigbox(); &Header::closepage(); + +sub sanitise_file() { + my $file = shift; + + # Filenames cannot contain any slashes + return undef if ($file =~ /\//); + + # File must end with .ipf or .iso + return undef unless ($file =~ /\.(ipf|iso)$/); + + # Convert to absolute path + if (-e "/var/ipfire/backup/$file") { + return "/var/ipfire/backup/$file"; + } elsif (-e "/var/ipfire/backup/addons/backup/$file") { + return "/var/ipfire/backup/addons/backup/$file"; + } elsif (-e "/var/tmp/backupiso/$file") { + return "/var/tmp/backupiso/$file"; + } + + # File does not seem to exist + return undef; +} + +sub deliver_file() { + my $file = shift; + my @stat = stat($file); + + # Print headers + print "Content-Disposition: attachment; filename=" . &File::Basename::basename($file) . "\n"; + print "Content-Type: application/octet-stream\n"; + print "Content-Length: $stat[7]\n"; + print "\n"; + + # Deliver content + open(FILE, "<$file") or die "Unable to open $file: $!"; + print ; + close(FILE); +}