From 5da09d9c5be028b66d13be61bbfc0abcd6969c47 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sat, 12 Dec 2020 12:54:06 +0100
Subject: [PATCH] Fix for downloading backup of other users

---
 web/download/backup/index.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/download/backup/index.php b/web/download/backup/index.php
index 06846714..f71131a1 100644
--- a/web/download/backup/index.php
+++ b/web/download/backup/index.php
@@ -3,6 +3,13 @@
 error_reporting(NULL);
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('Location: /login/');
+    exit();
+}
+
 $backup = basename($_GET['backup']);
 
 // Check if the backup exists