Skip to content
Permalink
Browse files Browse the repository at this point in the history
secure shell-execution of mysqldump on installation if given database…
…-name exists

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
  • Loading branch information
d00p committed Mar 4, 2020
1 parent 6b09720 commit 62ce21c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion install/lib/class.FroxlorInstall.php
Expand Up @@ -735,7 +735,7 @@ private function _backupExistingDatabase(&$db_root)
}

if ($do_backup) {
$command = $mysql_dump . " " . $this->_data['mysql_database'] . " -u " . $this->_data['mysql_root_user'] . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
$command = $mysql_dump . " " . escapeshellarg($this->_data['mysql_database']) . " -u " . escapeshellarg($this->_data['mysql_root_user']) . " --password='" . $this->_data['mysql_root_pass'] . "' --result-file=" . $filename;
$output = exec($command);
if (stristr($output, "error")) {
$content .= $this->_status_message('red', $this->_lng['install']['backup_failed']);
Expand Down

0 comments on commit 62ce21c

Please sign in to comment.