// MAIN ======================================================================== $action = ''; $expected = array('dobackup', 'fragment', 'backup', 'download', 'delete', 'config', 'saveconfig'); foreach ($expected as $provided) { if (isset($_POST[$provided])) { $action = $provided; } elseif (isset($_GET[$provided])) { $action = $provided; } } $content = ''; switch ($action) { case 'backup': if (SEC_checkToken()) { if ($_VARS['lglib_dbback_mysqldump']) { $display .= DBADMIN_backup(); } else { USES_lglib_class_dbbackup(); $backup = new dbBackup(); $backup->perform_backup(); $backup->Purge(); $view = 'list'; } } else { COM_accessLog("User {$_USER['username']} tried to illegally backup the database and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'download': $file = ''; if (isset($_GET['file'])) {
if (isset($_POST[$provided])) { $action = $provided; } elseif (isset($_GET[$provided])) { $action = $provided; } } if (isset($_POST['dbcancelbutton'])) { $action = ''; } switch ($action) { case 'config': $page = DBADMIN_configBackup(); break; case 'backup': if (SEC_checkToken()) { $page .= DBADMIN_backup(); } else { COM_accessLog("User {$_USER['username']} tried to access the DB administration and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'backupdb': $page .= DBADMIN_backupPrompt(); break; case 'download': $file = ''; if (isset($_GET['file'])) { $file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($_GET['file'])); $file = str_replace('..', '', $file); if (!file_exists($_CONF['backup_path'] . $file)) { $file = '';