Skip to content

Commit

Permalink
Dev : blocked the possibility to backup config.php
Browse files Browse the repository at this point in the history
  • Loading branch information
LouisGac committed Oct 15, 2015
1 parent ed07889 commit 62e44e6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion application/models/UpdateForm.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ public function backupFiles($updateinfos)
// To block the access to subdirectories
$sFileToZip = str_replace("..", "", $file->file);

if (is_file($this->publicdir.$sFileToZip)===true)
if (is_file($this->publicdir.$sFileToZip)===true && $basename($sFileToZip)!='config.php')
{
$filestozip[]=$this->publicdir.$sFileToZip;
}
Expand Down

2 comments on commit 62e44e6

@Shnoulle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not baking up config.php ? Some user , after a broken update can : delete directory, try to upload the zip uncompressed. Try to come back to admin .... and don't remind the DB access.

@LouisGac
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The list of files to backup is generated with git, on the base of the changed files between two builds.
configuration.php will never be changed by any update.

Please sign in to comment.