1<?php 2/** 3 * 2007-2016 PrestaShop 4 * 5 * thirty bees is an extension to the PrestaShop e-commerce software developed by PrestaShop SA 6 * Copyright (C) 2017-2018 thirty bees 7 * 8 * NOTICE OF LICENSE 9 * 10 * This source file is subject to the Open Software License (OSL 3.0) 11 * that is bundled with this package in the file LICENSE.txt. 12 * It is also available through the world-wide-web at this URL: 13 * http://opensource.org/licenses/osl-3.0.php 14 * If you did not receive a copy of the license and are unable to 15 * obtain it through the world-wide-web, please send an email 16 * to license@thirtybees.com so we can send you a copy immediately. 17 * 18 * DISCLAIMER 19 * 20 * Do not edit or add to this file if you wish to upgrade PrestaShop to newer 21 * versions in the future. If you wish to customize PrestaShop for your 22 * needs please refer to https://www.thirtybees.com for more information. 23 * 24 * @author thirty bees <contact@thirtybees.com> 25 * @author PrestaShop SA <contact@prestashop.com> 26 * @copyright 2017-2018 thirty bees 27 * @copyright 2007-2016 PrestaShop SA 28 * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) 29 * PrestaShop is an internationally registered trademark & property of PrestaShop SA 30 */ 31 32if (!defined('_PS_ADMIN_DIR_')) { 33 define('_PS_ADMIN_DIR_', getcwd()); 34} 35include(_PS_ADMIN_DIR_.'/../config/config.inc.php'); 36 37if (!Context::getContext()->employee->isLoggedBack()) { 38 Tools::redirectAdmin(Context::getContext()->link->getAdminLink('AdminLogin')); 39} 40 41$tabAccess = Profile::getProfileAccess(Context::getContext()->employee->id_profile, 42 Tab::getIdFromClassName('AdminBackup')); 43 44if ($tabAccess['view'] !== '1') { 45 die(Tools::displayError('You do not have permission to view this.')); 46} 47 48$backupdir = realpath(PrestaShopBackup::getBackupPath()); 49 50if ($backupdir === false) { 51 die(Tools::displayError('There is no "/backup" directory.')); 52} 53 54if (!$backupfile = Tools::getValue('filename')) { 55 die(Tools::displayError('No file has been specified.')); 56} 57 58// Check the realpath so we can validate the backup file is under the backup directory 59$backupfile = realpath($backupdir.DIRECTORY_SEPARATOR.$backupfile); 60 61if ($backupfile === false or strncmp($backupdir, $backupfile, strlen($backupdir)) != 0) { 62 die('The backup file does not exist.'); 63} 64 65if (substr($backupfile, -4) == '.bz2') { 66 $contentType = 'application/x-bzip2'; 67} elseif (substr($backupfile, -3) == '.gz') { 68 $contentType = 'application/x-gzip'; 69} else { 70 $contentType = 'text/x-sql'; 71} 72$fp = @fopen($backupfile, 'r'); 73 74if ($fp === false) { 75 die(Tools::displayError('Unable to open backup file(s).').' "'.addslashes($backupfile).'"'); 76} 77 78// Add the correct headers, this forces the file is saved 79header('Content-Type: '.$contentType); 80header('Content-Disposition: attachment; filename="'.Tools::getValue('filename'). '"'); 81 82if (ob_get_level() && ob_get_length() > 0) { 83 ob_clean(); 84} 85$ret = @fpassthru($fp); 86 87fclose($fp); 88 89if ($ret === false) { 90 die(Tools::displayError('Unable to display backup file(s).').' "'.addslashes($backupfile).'"'); 91} 92