From 4df23adb13dc833c12963a88982b8922c1de37a9 Mon Sep 17 00:00:00 2001
From: System Void <void@sysvoid.co>
Date: Tue, 24 Nov 2015 07:48:50 +0000
Subject: [PATCH] +backup directory check, -closing PHP tag.

I added a backup directory check (as of now, you can download fake backups).

I also removed the closing PHP tag that isn't needed.
---
 web/download/backup/index.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/download/backup/index.php b/web/download/backup/index.php
index fd5ed69c9..cbfd95a76 100644
--- a/web/download/backup/index.php
+++ b/web/download/backup/index.php
@@ -5,6 +5,11 @@ session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 $backup = $_GET['backup'];
 
+// Check if the backup exists
+if (!file_exists($backup)) {
+    exit(0);
+}
+
 // Data
 if ($_SESSION['user'] == 'admin') {
     header('Content-type: application/gzip');
@@ -19,5 +24,3 @@ if ((!empty($_SESSION['user'])) && ($_SESSION['user'] != 'admin')) {
         header("X-Accel-Redirect: /backup/" . $backup);
     }
 }
-
-?>