1 | <?php |
||||
2 | /* Copyright (C) 2006-2014 Laurent Destailleur <[email protected]> |
||||
3 | * Copyright (C) 2011 Juanjo Menent <[email protected]> |
||||
4 | * Copyright (C) 2015 Raphaël Doursenaud <[email protected]> |
||||
5 | * |
||||
6 | * This program is free software; you can redistribute it and/or modify |
||||
7 | * it under the terms of the GNU General Public License as published by |
||||
8 | * the Free Software Foundation; either version 3 of the License, or |
||||
9 | * (at your option) any later version. |
||||
10 | * |
||||
11 | * This program is distributed in the hope that it will be useful, |
||||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
14 | * GNU General Public License for more details. |
||||
15 | * |
||||
16 | * You should have received a copy of the GNU General Public License |
||||
17 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
18 | */ |
||||
19 | |||||
20 | /** |
||||
21 | * \file htdocs/admin/tools/export.php |
||||
22 | * \brief Page to export a database into a dump file |
||||
23 | */ |
||||
24 | |||||
25 | |||||
26 | // Copyright (C) 2018 Alxarafe/Alixar <[email protected]> |
||||
27 | defined('BASE_PATH') or die('Single entry point through the index.php of the main folder'); |
||||
28 | require DOL_BASE_PATH . '/main.inc.php'; |
||||
29 | require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; |
||||
30 | require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; |
||||
31 | require_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; |
||||
32 | require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; |
||||
33 | |||||
34 | $langs->load("admin"); |
||||
35 | |||||
36 | $action=GETPOST('action','alpha'); |
||||
37 | $what=GETPOST('what','alpha'); |
||||
38 | $export_type=GETPOST('export_type','alpha'); |
||||
39 | $file=GETPOST('filename_template','alpha'); |
||||
40 | |||||
41 | $sortfield = GETPOST('sortfield','alpha'); |
||||
42 | $sortorder = GETPOST('sortorder','alpha'); |
||||
43 | $page = GETPOST("page",'int'); |
||||
44 | if (! $sortorder) $sortorder="DESC"; |
||||
45 | if (! $sortfield) $sortfield="date"; |
||||
46 | if ($page < 0) { $page = 0; } |
||||
47 | $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; |
||||
48 | $offset = $limit * $page; |
||||
49 | |||||
50 | if (! $user->admin) accessforbidden(); |
||||
51 | |||||
52 | if ($file && ! $what) |
||||
53 | { |
||||
54 | //print DOL_URL_ROOT.'/dolibarr_export.php'; |
||||
55 | header("Location: ".DOL_URL_ROOT.'/admin/tools/dolibarr_export.php?msg='.urlencode($langs->trans("ErrorFieldRequired",$langs->transnoentities("ExportMethod")))); |
||||
56 | exit; |
||||
57 | } |
||||
58 | |||||
59 | $errormsg=''; |
||||
60 | |||||
61 | |||||
62 | /* |
||||
63 | * Actions |
||||
64 | */ |
||||
65 | |||||
66 | if ($action == 'delete') |
||||
67 | { |
||||
68 | $file=$conf->admin->dir_output.'/'.GETPOST('urlfile'); |
||||
69 | $ret=dol_delete_file($file, 1); |
||||
70 | if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); |
||||
71 | else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors'); |
||||
72 | $action=''; |
||||
73 | } |
||||
74 | |||||
75 | |||||
76 | /* |
||||
77 | * View |
||||
78 | */ |
||||
79 | |||||
80 | $_SESSION["commandbackuplastdone"]=''; |
||||
81 | $_SESSION["commandbackuptorun"]=''; |
||||
82 | $_SESSION["commandbackupresult"]=''; |
||||
83 | |||||
84 | // Increase limit of time. Works only if we are not in safe mode |
||||
85 | $ExecTimeLimit=600; |
||||
86 | if (!empty($ExecTimeLimit)) |
||||
87 | { |
||||
88 | $err=error_reporting(); |
||||
89 | error_reporting(0); // Disable all errors |
||||
90 | //error_reporting(E_ALL); |
||||
91 | @set_time_limit($ExecTimeLimit); // Need more than 240 on Windows 7/64 |
||||
0 ignored issues
–
show
|
|||||
92 | error_reporting($err); |
||||
93 | } |
||||
94 | $MemoryLimit=0; |
||||
95 | if (!empty($MemoryLimit)) |
||||
96 | { |
||||
97 | @ini_set('memory_limit', $MemoryLimit); |
||||
0 ignored issues
–
show
It seems like you do not handle an error condition for
ini_set() . This can introduce security issues, and is generally not recommended.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||||
98 | } |
||||
99 | |||||
100 | $form=new Form($db); |
||||
101 | $formfile = new FormFile($db); |
||||
102 | |||||
103 | //$help_url='EN:Backups|FR:Sauvegardes|ES:Copias_de_seguridad'; |
||||
104 | //llxHeader('','',$help_url); |
||||
105 | |||||
106 | //print load_fiche_titre($langs->trans("Backup"),'','title_setup'); |
||||
107 | |||||
108 | |||||
109 | // Start with empty buffer |
||||
110 | $dump_buffer = ''; |
||||
111 | $dump_buffer_len = 0; |
||||
112 | |||||
113 | // We will send fake headers to avoid browser timeout when buffering |
||||
114 | $time_start = time(); |
||||
115 | |||||
116 | |||||
117 | $outputdir = $conf->admin->dir_output.'/backup'; |
||||
118 | $result=dol_mkdir($outputdir); |
||||
119 | |||||
120 | |||||
121 | $utils = new Utils($db); |
||||
122 | |||||
123 | |||||
124 | // MYSQL |
||||
125 | if ($what == 'mysql') |
||||
126 | { |
||||
127 | |||||
128 | $cmddump=GETPOST("mysqldump"); // Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg |
||||
129 | $cmddump=dol_sanitizePathName($cmddump); |
||||
130 | |||||
131 | if (! empty($dolibarr_main_restrict_os_commands)) |
||||
132 | { |
||||
133 | $arrayofallowedcommand=explode(',', $dolibarr_main_restrict_os_commands); |
||||
134 | $ok=0; |
||||
135 | dol_syslog("Command are restricted to ".$dolibarr_main_restrict_os_commands.". We check that one of this command is inside ".$cmddump); |
||||
136 | foreach($arrayofallowedcommand as $allowedcommand) |
||||
137 | { |
||||
138 | if (preg_match('/'.preg_quote($allowedcommand,'/').'/', $cmddump)) |
||||
139 | { |
||||
140 | $ok=1; |
||||
141 | break; |
||||
142 | } |
||||
143 | } |
||||
144 | if (! $ok) |
||||
145 | { |
||||
146 | $errormsg=$langs->trans('CommandIsNotInsideAllowedCommands'); |
||||
147 | } |
||||
148 | } |
||||
149 | |||||
150 | if (! $errormsg && $cmddump) |
||||
151 | { |
||||
152 | dolibarr_set_const($db, 'SYSTEMTOOLS_MYSQLDUMP', $cmddump,'chaine',0,'',$conf->entity); |
||||
153 | } |
||||
154 | |||||
155 | if (! $errormsg) |
||||
156 | { |
||||
157 | $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file); |
||||
158 | $errormsg=$utils->error; |
||||
159 | $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone']; |
||||
160 | $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun']; |
||||
161 | } |
||||
162 | } |
||||
163 | |||||
164 | // MYSQL NO BIN |
||||
165 | if ($what == 'mysqlnobin') |
||||
166 | { |
||||
167 | $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file); |
||||
168 | |||||
169 | $errormsg=$utils->error; |
||||
170 | $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone']; |
||||
171 | $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun']; |
||||
172 | } |
||||
173 | |||||
174 | // POSTGRESQL |
||||
175 | if ($what == 'postgresql') |
||||
176 | { |
||||
177 | $cmddump=GETPOST("postgresqldump"); // Do not sanitize here with 'alpha', will be sanitize later by dol_sanitizePathName and escapeshellarg |
||||
178 | $cmddump=dol_sanitizePathName($cmddump); |
||||
179 | |||||
180 | if (! $errormsg && $cmddump) |
||||
181 | { |
||||
182 | dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump,'chaine',0,'',$conf->entity); |
||||
183 | } |
||||
184 | |||||
185 | if (! $errormsg) |
||||
186 | { |
||||
187 | $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file); |
||||
188 | $errormsg=$utils->error; |
||||
189 | $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone']; |
||||
190 | $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun']; |
||||
191 | } |
||||
192 | |||||
193 | $what=''; // Clear to show message to run command |
||||
194 | } |
||||
195 | |||||
196 | |||||
197 | |||||
198 | if ($errormsg) |
||||
199 | { |
||||
200 | setEventMessages($langs->trans("Error")." : ".$errormsg, null, 'errors'); |
||||
201 | |||||
202 | $resultstring=''; |
||||
203 | $resultstring.='<div class="error">'.$langs->trans("Error")." : ".$errormsg.'</div>'; |
||||
204 | |||||
205 | $_SESSION["commandbackupresult"]=$resultstring; |
||||
206 | } |
||||
207 | else |
||||
208 | { |
||||
209 | if ($what) |
||||
210 | { |
||||
211 | setEventMessages($langs->trans("BackupFileSuccessfullyCreated").'.<br>'.$langs->trans("YouCanDownloadBackupFile"), null, 'mesgs'); |
||||
212 | |||||
213 | $resultstring='<div class="ok">'; |
||||
214 | $resultstring.=$langs->trans("BackupFileSuccessfullyCreated").'.<br>'; |
||||
215 | $resultstring.=$langs->trans("YouCanDownloadBackupFile"); |
||||
216 | $resultstring.='<div>'; |
||||
217 | |||||
218 | $_SESSION["commandbackupresult"]=$resultstring; |
||||
219 | } |
||||
220 | /*else |
||||
221 | { |
||||
222 | setEventMessages($langs->trans("YouMustRunCommandFromCommandLineAfterLoginToUser",$dolibarr_main_db_user,$dolibarr_main_db_user), null, 'warnings'); |
||||
223 | }*/ |
||||
224 | } |
||||
225 | |||||
226 | |||||
227 | /* |
||||
228 | $filearray=dol_dir_list($conf->admin->dir_output.'/backup','files',0,'','',$sortfield,(strtolower($sortorder)=='asc'?SORT_ASC:SORT_DESC),1); |
||||
229 | $result=$formfile->list_of_documents($filearray,null,'systemtools','',1,'backup/',1,0,($langs->trans("NoBackupFileAvailable").'<br>'.$langs->trans("ToBuildBackupFileClickHere",DOL_URL_ROOT.'/admin/tools/dolibarr_export.php')),0,$langs->trans("PreviousDumpFiles")); |
||||
230 | |||||
231 | print '<br>'; |
||||
232 | */ |
||||
233 | |||||
234 | // Redirect t backup page |
||||
235 | header("Location: dolibarr_export.php"); |
||||
236 | |||||
237 | $time_end = time(); |
||||
238 | |||||
239 | $db->close(); |
||||
240 | |||||
241 |
If you suppress an error, we recommend checking for the error condition explicitly: