Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update settings_backup.php #859

Closed
wants to merge 1 commit into from
Closed

Update settings_backup.php #859

wants to merge 1 commit into from

Conversation

aftechro
Copy link
Collaborator

@aftechro aftechro commented Jan 3, 2024

Testing the script on mariadb

@aftechro
Update settings_backup.php
55489ae 
Testing the script on mariadb
@wrongecho
Copy link
Collaborator

Test these changes at: https://patch15859.pr-review.itflow.org
(automatic message)

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2024

Quality Gate Failed Quality Gate failed

Failed conditions

E Security Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 3, 2024
View reviewed changes
settings_backup.php

// Run mysqldump command to include table content
$escapedBackupPath = escapeshellarg($backupPath);
$command = "mysqldump --complete-insert --skip-comments --host=$dbhost --user=$dbusername --password=$dbpassword $database > $escapedBackupPath";

Check failure

Code scanning / SonarCloud

MySQL database passwords should not be disclosed High

Make sure this MySQL database password gets changed and removed from the code. See more on SonarCloud
settings_backup.php
$realBackupFolder = realpath($backupFolder);

if ($realBackupPath !== false && $realBackupFolder !== false && strpos($realBackupPath, $realBackupFolder) === 0) {
unlink($backupPath);

Check failure

Code scanning / SonarCloud

I/O function calls should not be vulnerable to path injection attacks High

Change this code to not construct the path from user-controlled data. See more on SonarCloud
@aftechro aftechro closed this Jan 3, 2024
@aftechro aftechro deleted the patch-15 branch January 3, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aftechro @wrongecho