Strict backup filename check.

Flatta · Flatta · commit dac0b5c68619 · 2015-11-23T23:37:01.000+09:00
diff --git a/web/download/backup/index.php b/web/download/backup/index.php
@@ -13,7 +13,7 @@
 }
 
 if ((!empty($_SESSION['user'])) && ($_SESSION['user'] != 'admin')) {
-    if (preg_match("/^".$user."/i", $backup)) {
+    if (strpos($backup, $user.'.') === 0) {
         header('Content-type: application/gzip');
         header("Content-Disposition: attachment; filename=\"".$backup."\";" ); 
         header("X-Accel-Redirect: /backup/" . $backup);

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`if ((!empty($_SESSION['user'])) && ($_SESSION['user'] != 'admin')) {`
`16`		`- if (preg_match("/^".$user."/i", $backup)) {`
	`16`	`+ if (strpos($backup, $user.'.') === 0) {`
`17`	`17`	`header('Content-type: application/gzip');`
`18`	`18`	`header("Content-Disposition: attachment; filename=\"".$backup."\";" );`
`19`	`19`	`header("X-Accel-Redirect: /backup/" . $backup);`