Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update settings_backup.php #854

Closed
wants to merge 2 commits into from
Closed

Update settings_backup.php #854

wants to merge 2 commits into from

Conversation

aftechro
Copy link
Collaborator

@aftechro aftechro commented Jan 3, 2024

create uploads/backups folder if not exists. done some security. to do, restore from file

@aftechro
Update settings_backup.php
5d175b7 
create uploads/backups folder if not exists. done some security. to do, restore from file
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 3, 2024
View reviewed changes
settings_backup.php Show resolved Hide resolved
settings_backup.php Fixed Show resolved Hide resolved
@wrongecho
Copy link
Collaborator

Test these changes at: https://patch14854.pr-review.itflow.org
(automatic message)

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2024

Quality Gate Failed Quality Gate failed

Failed conditions

E Security Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 3, 2024
View reviewed changes
settings_backup.php

// Validate the file path to prevent directory traversal
if (is_file($backupPath) && strpos(realpath($backupPath), realpath($backupFolder)) === 0) {
unlink($backupPath);

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarCloud
settings_backup.php
unlink($backupPath);
} else {
// Log an error or take appropriate action for invalid paths
echo 'Invalid backup path: ' . $backupPath;

Check failure

Code scanning / SonarCloud

Endpoints should not be vulnerable to reflected cross-site scripting (XSS) attacks High

Change this code to not reflect user-controlled data. See more on SonarCloud
@aftechro aftechro closed this Jan 3, 2024
@aftechro aftechro deleted the patch-14 branch January 3, 2024 10:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aftechro @wrongecho