From 1c801b2d6041394a14ab03da53405bc1c50a1e0c Mon Sep 17 00:00:00 2001
From: Anton Reutov <a.reutov@outlook.com>
Date: Tue, 27 Jul 2021 21:50:33 +0300
Subject: [PATCH] Fix for downloading backup of other users

---
 web/download/backup/index.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/download/backup/index.php b/web/download/backup/index.php
index 068467148..f71131a1c 100644
--- a/web/download/backup/index.php
+++ b/web/download/backup/index.php
@@ -3,6 +3,13 @@
 error_reporting(NULL);
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('Location: /login/');
+    exit();
+}
+
 $backup = basename($_GET['backup']);
 
 // Check if the backup exists