]> git.ipfire.org Git - people/ms/ipfire-2.x.git/blob - html/cgi-bin/backup.cgi
projects / people / ms / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
backup: Sanitise FILE parameter
[people/ms/ipfire-2.x.git] / html / cgi-bin / backup.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2005-2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 # enable only the following on debugging purpose
24 #use warnings;
25 #use CGI::Carp 'fatalsToBrowser';
26 use File::Copy;
27 use File::Basename;
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/lang.pl";
31 require "${General::swroot}/header.pl";
32
33 my %color = ();
34 my %mainsettings = ();
35 my %cgiparams=();
36 my %checked = ();
37 my $message = "";
38 my $errormessage = "";
39 my @backups = "";
40 my @backupisos = "";
41
42 $a = new CGI;
43
44 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
45 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
46
47 $cgiparams{'ACTION'} = '';
48 $cgiparams{'FILE'} = '';
49 $cgiparams{'UPLOAD'} = '';
50 $cgiparams{'BACKUPLOGS'} = '';
51
52 &Header::getcgihash(\%cgiparams);
53
54 ############################################################################################################################
55 ################################################ Workaround for Directories ################################################
56
57 system("/usr/local/bin/backupctrl makedirs >/dev/null 2>&1 ") unless ( -e '/var/ipfire/backup/addons/backup') ;
58
59 ############################################################################################################################
60 ############################################## System calls ohne Http Header ###############################################
61
62 if ($cgiparams{'ACTION'} eq "download") {
63 my $file = &sanitise_file($cgiparams{'FILE'});
64 exit(1) unless defined($file);
65
66 &deliver_file($file);
67 exit(0);
68 } elsif ($cgiparams{'ACTION'} eq "downloadiso") {
69 my $file = &sanitise_file($cgiparams{'FILE'});
70 exit(1) unless defined($file);
71
72 &deliver_file($file);
73 exit(0);
74 } elsif ($cgiparams{'ACTION'} eq "downloadaddon") {
75 my $file = &sanitise_file($cgiparams{'FILE'});
76 exit(1) unless defined($file);
77
78 &deliver_file($file);
79 exit(0);
80 } elsif ( $cgiparams{'ACTION'} eq "restore") {
81 my $upload = $a->param("UPLOAD");
82 open UPLOADFILE, ">/tmp/restore.ipf";
83 binmode $upload;
84 while ( <$upload> ) {
85 print UPLOADFILE;
86 }
87 close UPLOADFILE;
88 system("/usr/local/bin/backupctrl restore >/dev/null 2>&1");
89 }
90 elsif ( $cgiparams{'ACTION'} eq "restoreaddon" )
91 {
92 chomp($cgiparams{'UPLOAD'});
93 # we need to fix cause IE7 gives the full path and FF only the filename
94 my @temp = split(/\\/,$cgiparams{'UPLOAD'});
95 my $upload = $a->param("UPLOAD");
96 open UPLOADFILE, ">/tmp/".$temp[$#temp];
97 binmode $upload;
98 while ( <$upload> ) {
99 print UPLOADFILE;
100 }
101 close UPLOADFILE;
102 system("/usr/local/bin/backupctrl restoreaddon ".$temp[$#temp]." >/dev/null 2>&1");
103 }
104
105 &Header::showhttpheaders();
106
107 sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();}
108
109 &Header::openpage($Lang::tr{'backup'}, 1, "");
110 &Header::openbigbox('100%', 'left', '', $errormessage);
111
112 ############################################################################################################################
113 ################################################### Default System calls ###################################################
114
115 if ( $cgiparams{'ACTION'} eq "backup" )
116 {
117 if ( $cgiparams{'BACKUPLOGS'} eq "include" ) {
118 system("/usr/local/bin/backupctrl include >/dev/null 2>&1");
119 } elsif ( $cgiparams{'BACKUPLOGS'} eq "exclude" ) {
120 system("/usr/local/bin/backupctrl exclude >/dev/null 2>&1");
121 } elsif ( $cgiparams{'BACKUPLOGS'} eq "iso" ) {
122 system("/usr/local/bin/backupctrl iso >/dev/null 2>&1");
123 }
124 }
125 if ( $cgiparams{'ACTION'} eq "addonbackup" )
126 {
127 system("/usr/local/bin/backupctrl addonbackup $cgiparams{'ADDON'} >/dev/null 2>&1");
128 }
129 elsif ( $cgiparams{'ACTION'} eq "delete" )
130 {
131 my $file = &sanitise_file($cgiparams{'FILE'});
132 exit(1) unless defined($file);
133
134 $file = &File::Basename::basename($file);
135
136 system("/usr/local/bin/backupctrl $file >/dev/null 2>&1");
137 }
138
139 ############################################################################################################################
140 ############################################ Backups des Systems erstellen #################################################
141
142 if ( $message ne "" ){
143 &Header::openbox('100%','left',$Lang::tr{'error messages'});
144 print "<font color='red'>$message</font>\n";
145 &Header::closebox();
146 }
147
148 if ( -e "/var/ipfire/backup/" ){
149 @backups = `cd /var/ipfire/backup/ && ls *.ipf 2>/dev/null`;
150 }
151
152 if ( -e "/var/tmp/backupiso/" ){
153 @backupisos = `cd /var/tmp/backupiso/ && ls *.iso 2>/dev/null`;
154 }
155
156 &Header::openbox('100%', 'center', );
157
158 print <<END
159 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
160 <table width='95%' cellspacing='0'>
161 <tr>
162 <td align='left' width='40%'>$Lang::tr{'logs'}</td>
163 <td align='left'>
164 <input type='radio' name='BACKUPLOGS' value='include'/> $Lang::tr{'include logfiles'}<br/>
165 <input type='radio' name='BACKUPLOGS' value='exclude' checked='checked'/> $Lang::tr{'exclude logfiles'}<br/>
166 END
167 ;
168 my $MACHINE=`uname -m`;
169 if ( ! ( $MACHINE =~ "arm" )) {
170 print" <input type='radio' name='BACKUPLOGS' value='iso' /> $Lang::tr{'generate iso'}<br/>"
171 }
172 print <<END
173 </td>
174 </tr>
175 <tr><td align='center' colspan='2'>
176 <input type='hidden' name='ACTION' value='backup' />
177 <input type='image' alt='$Lang::tr{'backup'}' title='$Lang::tr{'backup'}' src='/images/document-save.png' />
178 </td></tr>
179 </table>
180 </form>
181 END
182 ;
183 &Header::closebox();
184
185 ############################################################################################################################
186 ############################################ Backups des Systems downloaden ################################################
187
188 &Header::openbox('100%', 'center', $Lang::tr{'backups'});
189
190 print <<END
191 <table width='95%' cellspacing='0'>
192 END
193 ;
194 foreach (@backups){
195 if ( $_ !~ /ipf$/){next;}
196 chomp($_);
197 my $Datei = "/var/ipfire/backup/".$_;
198 my @Info = stat($Datei);
199 my $Size = $Info[7] / 1024 / 1024;
200 $Size = sprintf("%0.2f", $Size);
201 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='download' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
202 print "<td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='delete' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /></form></td></tr>";
203 }
204 foreach (@backupisos){
205 if ( $_ !~ /iso$/){next;}
206 chomp($_);
207 my $Datei = "/var/tmp/backupiso/".$_;
208 my @Info = stat($Datei);
209 my $Size = $Info[7] / 1024 / 1024;
210 $Size = sprintf("%0.2f", $Size);
211 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size MB</td><td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='downloadiso' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' /></form></td>";
212 print "<td width='5'><form method='post' action='$ENV{'SCRIPT_NAME'}'><input type='hidden' name='ACTION' value='delete' /><input type='hidden' name='FILE' value='$_' /><input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' /></form></td></tr>";
213 }
214 print <<END
215 </table>
216 END
217 ;
218 &Header::closebox();
219
220 ############################################################################################################################
221 ############################################# Backups von Addons erstellen #################################################
222
223 &Header::openbox('100%', 'center', $Lang::tr{'addons'});
224
225 my @addonincluds = `ls /var/ipfire/backup/addons/includes/ 2>/dev/null`;
226 my @addons = `ls /var/ipfire/backup/addons/backup/ 2>/dev/null`;
227 my %addons;
228
229 foreach (@addons){
230 my $addon=substr($_,0,length($_)-5);
231 $addons{$addon}='';
232 }
233
234 print "<table width='95%' cellspacing='0'>";
235 foreach (@addonincluds){
236 chomp($_);
237 delete $addons{$_};
238 my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf";
239 my @Info = stat($Datei);
240 my $Size = $Info[7] / 1024;
241
242 if ( -e $Datei ){
243 if ($Size < 1) {
244 $Size = sprintf("%.2f", $Size);
245 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
246 } else {
247 $Size = sprintf("%2d", $Size);
248 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
249
250 }
251
252 print <<END
253 <td align='right' width='5'>
254 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
255 <input type='hidden' name='ACTION' value='downloadaddon' />
256 <input type='hidden' name='FILE' value='$_.ipf' />
257 <input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' />
258 </form>
259 </td>
260 <td align='right' width='5'>
261 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
262 <input type='hidden' name='ACTION' value='delete' />
263 <input type='hidden' name='FILE' value='addons//backup/$_.ipf' />
264 <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
265 </form>
266 </td>
267 END
268 ;
269 }
270 else{
271 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ </td><td width='5' align='right'></td><td width='5' align='right'></td>";
272 }
273 print <<END
274 <td align='right' width='5'>
275 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
276 <input type='hidden' name='ACTION' value='addonbackup' />
277 <input type='hidden' name='ADDON' value='$_' />
278 <input type='image' alt='$Lang::tr{'backup'}' title='$Lang::tr{'backup'}' src='/images/document-save.png' />
279 </form>
280 </td></tr>
281 END
282 ;
283 }
284 foreach (keys(%addons)){
285 chomp($_);
286 my $Datei = "/var/ipfire/backup/addons/backup/".$_.".ipf";
287 my @Info = stat($Datei);
288 my $Size = $Info[7] / 1024;
289 $Size = sprintf("%2d", $Size);
290 print "<tr><td align='center'>$Lang::tr{'backup from'} $_ $Lang::tr{'size'} $Size KB $Lang::tr{'date'} ".localtime($Info[9])."</td>";
291 print <<END
292 <td align='right' width='5'>
293 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
294 <input type='hidden' name='ACTION' value='downloadaddon' />
295 <input type='hidden' name='FILE' value='$_.ipf' />
296 <input type='image' alt='$Lang::tr{'download'}' title='$Lang::tr{'download'}' src='/images/package-x-generic.png' />
297 </form>
298 </td>
299 <td align='right' width='5'>
300 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
301 <input type='hidden' name='ACTION' value='delete' />
302 <input type='hidden' name='FILE' value='addons//backup/$_.ipf' />
303 <input type='image' alt='$Lang::tr{'delete'}' title='$Lang::tr{'delete'}' src='/images/user-trash.png' />
304 </form>
305 </td>
306 <td align='right' width='5'></td></tr>
307 END
308 ;
309 }
310
311 print "</table>";
312 &Header::closebox();
313
314 ############################################################################################################################
315 ####################################### Backups des Systems wiederherstellen ###############################################
316
317 &Header::openbox('100%', 'center', $Lang::tr{'restore'});
318
319 print <<END
320 <table width='95%' cellspacing='0'>
321 <tr><td align='center' colspan='2'><font color='red'><br />$Lang::tr{'backupwarning'}</font><br /><br /></td></tr>
322 <tr><td align='left'>$Lang::tr{'backup'}</td><td align='left'><form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'><input type="file" size='50' name="UPLOAD" /><input type='hidden' name='ACTION' value='restore' /><input type='hidden' name='FILE' /><input type='image' alt='$Lang::tr{'restore'}' title='$Lang::tr{'restore'}' src='/images/media-floppy.png' /></form></td></tr>
323 <tr><td align='left'>$Lang::tr{'backupaddon'}</td><td align='left'><form method='post' enctype='multipart/form-data' action='$ENV{'SCRIPT_NAME'}'><input type="file" size='50' name="UPLOAD" /><input type='hidden' name='ACTION' value='restoreaddon' /><input type='hidden' name='FILE' /><input type='image' alt='$Lang::tr{'restore'}' title='$Lang::tr{'restore'}' src='/images/media-floppy.png' /></form></td></tr>
324 </table>
325 END
326 ;
327 &Header::closebox();
328 &Header::closebigbox();
329 &Header::closepage();
330
331 sub sanitise_file() {
332 my $file = shift;
333
334 # Filenames cannot contain any slashes
335 return undef if ($file =~ /\//);
336
337 # File must end with .ipf or .iso
338 return undef unless ($file =~ /\.(ipf|iso)$/);
339
340 # Convert to absolute path
341 if (-e "/var/ipfire/backup/$file") {
342 return "/var/ipfire/backup/$file";
343 } elsif (-e "/var/ipfire/backup/addons/backup/$file") {
344 return "/var/ipfire/backup/addons/backup/$file";
345 } elsif (-e "/var/tmp/backupiso/$file") {
346 return "/var/tmp/backupiso/$file";
347 }
348
349 # File does not seem to exist
350 return undef;
351 }
352
353 sub deliver_file() {
354 my $file = shift;
355 my @stat = stat($file);
356
357 # Print headers
358 print "Content-Disposition: attachment; filename=" . &File::Basename::basename($file) . "\n";
359 print "Content-Type: application/octet-stream\n";
360 print "Content-Length: $stat[7]\n";
361 print "\n";
362
363 # Deliver content
364 open(FILE, "<$file") or die "Unable to open $file: $!";
365 print <FILE>;
366 close(FILE);
367 }
Michael's tree of IPFire 2.x.