github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 05:44:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for downloading backup of other users

Browse source
This commit is contained in:
Anton Reutov 2021-07-27 21:50:33 +03:00 committed by GitHub
commit 1c801b2d60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/download/backup/index.php
View file

@ -3,6 +3,13 @@
error_reporting(NULL); error_reporting(NULL);
session_start(); session_start();
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check token
if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
header('Location: /login/');
exit();
}
$backup = basename($_GET['backup']); $backup = basename($_GET['backup']);
// Check if the backup exists // Check if the backup exists