}
if ( $cgiparams{'ACTION'} eq "addonbackup" )
{
+ # Exit if there is any dots or slashes in the addon name
+ exit(1) if ($cgiparams{'ADDON'} =~ /(\.|\/)/);
+
+ # Check if the addon exists
+ exit(1) unless (-e "/var/ipfire/backup/addons/includes/$cgiparams{'ADDON'}");
+
system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
}
elsif ( $cgiparams{'ACTION'} eq "delete" )
my $file = &sanitise_file($cgiparams{'FILE'});
exit(1) unless defined($file);
- $file = &File::Basename::basename($file);
-
system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
}
<td align='right' width='5'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='delete' />
- <input type='hidden' name='FILE' value='addons//backup/$_.ipf' />
+ <input type='hidden' name='FILE' value='$_.ipf' />
<input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
</form>
</td>
<td align='right' width='5'>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='delete' />
- <input type='hidden' name='FILE' value='addons//backup/$_.ipf' />
+ <input type='hidden' name='FILE' value='$_.ipf' />
<input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
</form>
</td>