/** * @param void * * @return null * calls the file delivery in Class DatabaseExporter */ public function deliver_backup_file() { if (isset($_POST['action']) && 'download_file' === $_POST['action']) { $sql_file = ''; if (isset($_POST['sql_file'])) { $sql_file = $_POST['sql_file']; } $compress = FALSE; if (isset($_POST['compress'])) { $compress = $_POST['compress']; } // If file name contains path or does not end with '.sql' exit. $ext = strrchr($sql_file, '.'); if (FALSE !== strpos($sql_file, '/') || '.sql' !== $ext) { die; } $this->dbe->deliver_backup($sql_file, $compress); } }