From f8717702038d16c01ca27e7f12e342c0d042b945 Mon Sep 17 00:00:00 2001
From: Stefan Schomacker <stefan.scho.android@gmail.com>
Date: Wed, 3 Oct 2018 14:50:47 +0200
Subject: [PATCH] Validate user input file path

---
 Backup.php | 22 +++++++++++++++++++---
 README.md  |  7 +++----
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/Backup.php b/Backup.php
index e193938..8296a04 100644
--- a/Backup.php
+++ b/Backup.php
@@ -1,9 +1,9 @@
 <?php
 
 /*
-$backupDir = "/var/www/html/backup/";
+$backupPath = "/var/www/html/backup/";
 
-$backup = new Backup($backupDir);
+$backup = new Backup($backupPath);
 $backup->setMail("[YOUR EMAIL]");
 $backup->setDeleteBackupsAfter(20);
 
@@ -38,7 +38,7 @@ class Backup
      */
     public function __construct(string $backupPath)
     {
-        $this->_backupDir = $backupPath;
+        $this->_backupDir = $this->validateUserInputFilePath($backupPath);
     }
 
     /**
@@ -47,6 +47,8 @@ public function __construct(string $backupPath)
      */
     public function backupDirectory(string $directoryPath) : void
     {
+        $directoryPath = $this->validateUserInputFilePath($directoryPath);
+
         //avoid php timeouts
         ini_set("max_execution_time", $this->_phpTimeoutTime);
 
@@ -274,6 +276,20 @@ private function deleteOldBackup() : array
         return $deletedFiles;
     }
 
+    /**
+     * Validates the given filePath
+     * @param string $filePath
+     * @return string
+     */
+    private function validateUserInputFilePath(string $filePath) : string
+    {
+        $result = $filePath;
+        if(substr($result, -1) !== DIRECTORY_SEPARATOR){
+            $result .= DIRECTORY_SEPARATOR;
+        }
+        return $result;
+    }
+
     //getter and setter
 
     /**
diff --git a/README.md b/README.md
index f76e5e7..9b177a9 100644
--- a/README.md
+++ b/README.md
@@ -27,17 +27,16 @@ git clone https://github.com/StefanSchomacker/PHPBackupScript
 **Sample Setup**
 
 Create a string with the path of your backup directory.
-The last `/` is important!
 
 Example:
 ```
-$backupDir = "/var/www/html/backup/";
+$backupPath = "/var/www/html/backup/";
 ```
 
 Create an object of Backup::class
 
 ```
-$backup = new Backup($backupDir);
+$backup = new Backup($backupPath);
 ```
 
 Set E-Mail for zip Archive
@@ -147,7 +146,7 @@ Feel free to create a new
 - [x] MySQL database backup
 - [x] user decide between backup files and db
 - [x] separate mail of different backups
-- [ ] validate user input
+- [x] validate user input
 - [x] set max_execution_time by function
 - [ ] backup with runwhen