From f9cfd80565bc062ffb6e23ebd2c5b57c8916ca91 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 01 Jul 2016 03:56:17 -0400
Subject: [PATCH] - fixed client welcome message, fixed #3993

---
 server/plugins-available/backup_plugin.inc.php |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/server/plugins-available/backup_plugin.inc.php b/server/plugins-available/backup_plugin.inc.php
index 167ef42..7ae4660 100644
--- a/server/plugins-available/backup_plugin.inc.php
+++ b/server/plugins-available/backup_plugin.inc.php
@@ -87,6 +87,7 @@
 					if(file_exists($backup_dir.'/'.$backup['filename']) && file_exists($web['document_root'].'/backup/') && !stristr($backup_dir.'/'.$backup['filename'], '..') && !stristr($backup_dir.'/'.$backup['filename'], 'etc')) {
 						copy($backup_dir.'/'.$backup['filename'], $web['document_root'].'/backup/'.$backup['filename']);
 						chgrp($web['document_root'].'/backup/'.$backup['filename'], $web['system_group']);
+						chmod($web['document_root'].'/backup/'.$backup['filename'],0600);
 						$app->log('cp '.$backup_dir.'/'.$backup['filename'].' '.$web['document_root'].'/backup/'.$backup['filename'], LOGLEVEL_DEBUG);
 					}
 				}
@@ -127,7 +128,7 @@
 						//$db_name = $parts[1];
 						preg_match('@^db_(.+)_\d{4}-\d{2}-\d{2}_\d{2}-\d{2}\.sql\.gz$@', $backup['filename'], $matches);
 						$db_name = $matches[1];
-						$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellcmd($clientdb_host)."' -u '".escapeshellcmd($clientdb_user)."' -p'".escapeshellcmd($clientdb_password)."' '".$db_name."'";
+						$command = "gunzip --stdout ".escapeshellarg($backup_dir.'/'.$backup['filename'])." | mysql -h '".escapeshellarg($clientdb_host)."' -u '".escapeshellarg($clientdb_user)."' -p'".escapeshellarg($clientdb_password)."' '".$db_name."'";
 						exec($command);
 					}
 					unset($clientdb_host);

--
Gitblit v1.9.1