Project

General

Profile

Bug #11098 » backup.php

Untested Potential Fix (Line 57 added --exclude) - Privacy Please, 11/24/2020 01:33 PM

 
1
<?php
2
/*
3
 * backup.php
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2015-2020 Rubicon Communications, LLC (Netgate)
7
 * Copyright (c) 2008 Mark J Crane
8
 * All rights reserved.
9
 *
10
 * Licensed under the Apache License, Version 2.0 (the "License");
11
 * you may not use this file except in compliance with the License.
12
 * You may obtain a copy of the License at
13
 *
14
 * http://www.apache.org/licenses/LICENSE-2.0
15
 *
16
 * Unless required by applicable law or agreed to in writing, software
17
 * distributed under the License is distributed on an "AS IS" BASIS,
18
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19
 * See the License for the specific language governing permissions and
20
 * limitations under the License.
21
 */
22
require_once("guiconfig.inc");
23
require_once("/usr/local/pkg/backup.inc");
24

    
25
global $config, $backup_dir, $backup_filename, $backup_path;
26

    
27
if (!is_array($config['installedpackages']['backup'])) {
28
	$config['installedpackages']['backup'] = array();
29
}
30

    
31
if (!is_array($config['installedpackages']['backup']['config'])) {
32
	$config['installedpackages']['backup']['config'] = array();
33
}
34

    
35
$a_backup = &$config['installedpackages']['backup']['config'];
36
$backup_dir = "/root/backup";
37
$backup_filename = "pfsense.bak.tgz";
38
$backup_path = "{$backup_dir}/{$backup_filename}";
39

    
40
if ($_GET['act'] == "del") {
41
	if ($_GET['type'] == 'backup') {
42
		if ($a_backup[$_GET['id']]) {
43
			unset($a_backup[$_GET['id']]);
44
			write_config();
45
			header("Location: backup.php");
46
			exit;
47
		}
48
	}
49
}
50

    
51
if ($_GET['a'] == "download") {
52
	if ($_GET['t'] == "backup") {
53

    
54
		$i = 0;
55
		if (count($a_backup) > 0) {
56
			/* Do NOT remove the trailing space after / from $backup_cmd below!!! */
57
			$backup_cmd = "/usr/bin/tar --create --verbose --gzip --file {$backup_path} --exclude {$backup_path} --directory / ";
58
			foreach ($a_backup as $ent) {
59
				if ($ent['enabled'] == "true") {
60
					$backup_cmd .= escapeshellarg($ent['path']) . ' ';
61
				}
62
				$i++;
63
			}
64
			system($backup_cmd);
65
		}
66

    
67
		session_cache_limiter('public');
68
		$fd = fopen("{$backup_path}", "rb");
69
		header("Content-Type: application/force-download");
70
		header("Content-Type: binary/octet-stream");
71
		header("Content-Type: application/download");
72
		header("Content-Description: File Transfer");
73
		header('Content-Disposition: attachment; filename="' . $backup_filename . '"');
74
		header("Cache-Control: no-cache, must-revalidate");
75
		header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
76
		header("Content-Length: " . filesize($backup_path));
77
		fpassthru($fd);
78

    
79
		exit;
80
	}
81
}
82

    
83
if ($_GET['a'] == "other") {
84
	if ($_GET['t'] == "restore") {
85
		// Extract the tgz file
86
		if (file_exists($backup_path)) {
87
			system("/usr/bin/tar -xpzC / -f {$backup_path}");
88
			header("Location: backup.php?savemsg=Backup+has+been+restored.");
89
		} else {
90
			header("Location: backup.php?savemsg=Restore+failed.+Backup+file+not+found.");
91
		}
92
		exit;
93
	}
94
}
95

    
96
if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
97
	move_uploaded_file($_FILES['ulfile']['tmp_name'], "{$backup_path}");
98
	$savemsg = "Uploaded file to {$backup_dir}" . htmlentities($_FILES['ulfile']['name']);
99
	system("/usr/bin/tar -xpzC / -f {$backup_path}");
100
}
101

    
102
$pgtitle = array(gettext("Diagnostics"), gettext("Backup Files and Directories"), gettext("Settings"));
103
include("head.inc");
104

    
105
if ($_GET["savemsg"]) {
106
	print_info_box($_GET["savemsg"]);
107
}
108

    
109
$tab_array = array();
110
$tab_array[] = array(gettext("Settings"), true, "/packages/backup/backup.php");
111
$tab_array[] = array(gettext("Add"), false, "/packages/backup/backup_edit.php");
112
display_top_tabs($tab_array);
113
?>
114
<div class="panel panel-default">
115
	<div class="panel-heading"><h2 class="panel-title">Backups</h2></div>
116
	<div class="panel-body">
117
		<div class="table-responsive">
118
			<table class="table table-hover">
119
				<tr>
120
					<td>Use this to tool to backup files and directories. The following directories are recommended for backup:
121
						<table>
122
							<tr><td><strong>pfSense Config:</strong></td><td>/cf/conf</td></tr>
123
							<tr><td><strong>RRD Graph Data Files:</strong></td><td>/var/db/rrd</td></tr>
124
						</table>
125
					</td>
126
				</tr>
127
			</table>
128
		</div>
129
	</div>
130
	<div class="panel-heading"><h2 class="panel-title">Upload Archive</h2></div>
131
	<div class="panel-body">
132
		<div class="table-responsive">
133
			<form action="backup.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit="">
134
				<table class="table table-hover">
135
				<tr>
136
					<td colspan="2">
137
						Restore a backup by selecting the backup archive and clicking <strong>Upload</strong>.
138
					</td>
139
				</tr>
140
				<tr>
141
					<td>File to upload:</td>
142
					<td>
143
						<input name="ulfile" type="file" class="btn btn-info" id="ulfile" />
144
						<br />
145
						<button name="submit" type="submit" class="btn btn-primary" id="upload" value="Upload">
146
							<i class="fa fa-upload icon-embed-btn"></i>
147
							Upload
148
						</button>
149
					</td>
150
				</tr>
151
				</table>
152
			</form>
153
		</div>
154
	</div>
155
	<div class="panel-heading"><h2 class="panel-title">Backup and Restore</h2></div>
156
	<div class="panel-body">
157
		<div class="table-responsive">
158
			<form action="backup.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit="">
159
			<table class="table table-hover">
160
				<tr>
161
					<td>
162
					The 'Backup' button compresses the directories that are listed below to /root/backup/pfsense.bak.tgz; after that it presents the file for download.<br />
163
					If the backup file does not exist in /root/backup/pfsense.bak.tgz then the 'Restore' button will be hidden.
164
					</td>
165
				</tr>
166
				<tr>
167
					<td>
168
						<button type='button' class="btn btn-primary" value='Backup' onclick="document.location.href='backup.php?a=download&amp;t=backup';">
169
							<i class="fa fa-download icon-embed-btn"></i>
170
							Backup
171
						</button>
172
						<?php	if (file_exists($backup_path)) { ?>
173
								<button type="button" class="btn btn-warning" value="Restore" onclick="document.location.href='backup.php?a=other&amp;t=restore';">
174
									<i class="fa fa-undo icon-embed-btn"></i>
175
									Restore
176
								</button>
177
						<?php 	} ?>
178
					</td>
179
				</tr>
180
			</table>
181
			</form>
182
		</div>
183
	</div>
184
	<div class="panel-heading"><h2 class="panel-title">Backup Locations</h2></div>
185
	<div class="panel-body">
186
		<div class="table-responsive">
187
			<form action="backup_edit.php" method="post" name="iform" id="iform">
188
			<table class="table table-striped table-hover table-condensed">
189
				<thead>
190
					<tr>
191
						<td width="20%">Name</td>
192
						<td width="25%">Path</td>
193
						<td width="5%">Enabled</td>
194
						<td width="40%">Description</td>
195
						<td width="10%">Actions</td>
196
					</tr>
197
				</thead>
198
				<tbody>
199
<?php
200
$i = 0;
201
if (count($a_backup) > 0):
202
	foreach ($a_backup as $ent): ?>
203
					<tr>
204
						<td><?=$ent['name']?>&nbsp;</td>
205
						<td><?=$ent['path']?>&nbsp;</td>
206
						<td><? echo ($ent['enabled'] == "true") ? "Enabled" : "Disabled";?>&nbsp;</td>
207
						<td><?=htmlspecialchars($ent['description'])?>&nbsp;</td>
208
						<td>
209
							<a href="backup_edit.php?id=<?=$i?>"><i class="fa fa-pencil" alt="edit"></i></a>
210
							<a href="backup_edit.php?type=backup&amp;act=del&amp;id=<?=$i?>"><i class="fa fa-trash" alt="delete"></i></a>
211
						</td>
212
					</tr>
213
<?	$i++;
214
	endforeach;
215
endif; ?>
216
					<tr>
217
						<td colspan="5"></td>
218
						<td>
219
							<a class="btn btn-small btn-success" href="backup_edit.php"><i class="fa fa-plus" alt="add"></i> Add</a>
220
						</td>
221
					</tr>
222
				</tbody>
223

    
224
			</form>
225
		</div>
226
	</div>
227
</div>
228

    
229
<?php include("foot.inc"); ?>
(1-1/2)