diff --git a/endpoints/db/import.php b/endpoints/db/import.php index 41907f0f5..91201ecc2 100644 --- a/endpoints/db/import.php +++ b/endpoints/db/import.php @@ -10,6 +10,18 @@ ])); } +function emptyRestoreFolder() { + $files = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator('../../.tmp', RecursiveDirectoryIterator::SKIP_DOTS), + RecursiveIteratorIterator::CHILD_FIRST + ); + + foreach ($files as $fileinfo) { + $removeFunction = ($fileinfo->isDir() ? 'rmdir' : 'unlink'); + $removeFunction($fileinfo->getRealPath()); + } +} + if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_FILES['file'])) { $file = $_FILES['file']; @@ -68,21 +80,15 @@ } } - $files = new RecursiveIteratorIterator( - new RecursiveDirectoryIterator('../../.tmp', RecursiveDirectoryIterator::SKIP_DOTS), - RecursiveIteratorIterator::CHILD_FIRST - ); - - foreach ($files as $fileinfo) { - $removeFunction = ($fileinfo->isDir() ? 'rmdir' : 'unlink'); - $removeFunction($fileinfo->getRealPath()); - } + emptyRestoreFolder(); echo json_encode([ "success" => true, "message" => translate("success", $i18n) ]); } else { + emptyRestoreFolder(); + die(json_encode([ "success" => false, "message" => "wallos.db does not exist in the backup file" diff --git a/endpoints/db/restore.php b/endpoints/db/restore.php index 787295475..1fd8b41dc 100644 --- a/endpoints/db/restore.php +++ b/endpoints/db/restore.php @@ -8,6 +8,25 @@ ])); } +if ($userId !== 1) { + die(json_encode([ + "success" => false, + "message" => translate('error', $i18n) + ])); +} + +function emptyRestoreFolder() { + $files = new RecursiveIteratorIterator( + new RecursiveDirectoryIterator('../../.tmp', RecursiveDirectoryIterator::SKIP_DOTS), + RecursiveIteratorIterator::CHILD_FIRST + ); + + foreach ($files as $fileinfo) { + $removeFunction = ($fileinfo->isDir() ? 'rmdir' : 'unlink'); + $removeFunction($fileinfo->getRealPath()); + } +} + if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_FILES['file'])) { $file = $_FILES['file']; @@ -66,21 +85,15 @@ } } - $files = new RecursiveIteratorIterator( - new RecursiveDirectoryIterator('../../.tmp', RecursiveDirectoryIterator::SKIP_DOTS), - RecursiveIteratorIterator::CHILD_FIRST - ); - - foreach ($files as $fileinfo) { - $removeFunction = ($fileinfo->isDir() ? 'rmdir' : 'unlink'); - $removeFunction($fileinfo->getRealPath()); - } + emptyRestoreFolder(); echo json_encode([ "success" => true, "message" => translate("success", $i18n) ]); } else { + emptyRestoreFolder(); + die(json_encode([ "success" => false, "message" => "wallos.db does not exist in the backup file" diff --git a/includes/version.php b/includes/version.php index 1dff9dd67..8a5179ed4 100644 --- a/includes/version.php +++ b/includes/version.php @@ -1,3 +1,3 @@ \ No newline at end of file diff --git a/nginx.conf b/nginx.conf index 284ea77e1..27f74ad54 100644 --- a/nginx.conf +++ b/nginx.conf @@ -47,6 +47,11 @@ http { deny all; return 403; } + + location ~* \.tmp/.*\.php$ { + deny all; + return 403; + } } include /etc/nginx/conf.d/*.conf;