Beispiel #1
0
        $action = $provided;
    } elseif (isset($_GET[$provided])) {
        $action = $provided;
    }
}
$content = '';
switch ($action) {
    case 'backup':
        if (SEC_checkToken()) {
            if ($_VARS['lglib_dbback_mysqldump']) {
                $display .= DBADMIN_backup();
            } else {
                USES_lglib_class_dbbackup();
                $backup = new dbBackup();
                $backup->perform_backup();
                $backup->Purge();
                $view = 'list';
            }
        } else {
            COM_accessLog("User {$_USER['username']} tried to illegally backup the database and failed CSRF checks.");
            echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
        }
        break;
    case 'download':
        $file = '';
        if (isset($_GET['file'])) {
            $file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($_GET['file']));
            $file = str_replace('..', '', $file);
            if (!file_exists($_CONF['backup_path'] . $file)) {
                $file = '';
            }
/**
* Perform database backup
*
* @return   string      HTML success or error message
*
*/
function DBADMIN_backup()
{
    global $_CONF, $LANG08, $LANG_DB_BACKUP, $MESSAGE, $_IMAGE_TYPE, $_DB_host, $_DB_name, $_DB_user, $_DB_pass;
    $retval = '';
    $backup = new dbBackup();
    $backup->perform_backup();
    $backup->Purge();
    $retval .= DBADMIN_list();
    return $retval;
}