From 4c70a79d82f64dbe7f2b4d4fd0e3caeb5ec34849 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@alternc.org>
Date: Wed, 26 Apr 2006 13:57:26 +0000
Subject: [PATCH] Prevents the overwrite of existing stats or web pages by
 webalizer daily process. Closes #89

---
 bureau/class/m_mysql.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php
index 82221ac7..38b24d2b 100644
--- a/bureau/class/m_mysql.php
+++ b/bureau/class/m_mysql.php
@@ -295,17 +295,23 @@ class m_mysql {
 
   /* ----------------------------------------------------------------- */
   /** Restore a sql backup script on a user's database.
-   * <b>TODO : </b> Add a parameter to choose which database to restore.
    */
-  function restore($file,$stdout,$r) {
+  function restore($file,$stdout,$id) {
     global $err,$bro,$mem,$L_MYSQL_HOST;
+    if (!$r=$mysql->get_mysql_details($id)) {
+      return false;
+    }
     if (!($fi=$bro->convertabsolute($file,0))) {
       $err->raise("mysql",9);
+      return false;
     }
     if (substr($fi,-3)==".gz") {
-      $exe="/bin/gzip -d -c <\"$fi\" | /usr/bin/mysql -h".$L_MYSQL_HOST." -u".$r["login"]." -p".$r["pass"]." ".$r["db"];
+      $exe="/bin/gzip -d -c <".escapeshellarg($fi)." | /usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"]);
+    } elseif (substr($fi,-4)==".bz2") {
+      $exe="/bin/bunzip2 -d -c <".escapeshellarg($fi)." | /usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"]);
     } else {
-      $exe="/usr/bin/mysql -h".$L_MYSQL_HOST." -u".$r["login"]." -p".$r["pass"]." ".$r["db"]." <".$fi;
+ {
+      $exe="/usr/bin/mysql -h".escapeshellarg($L_MYSQL_HOST)." -u".escapeshellarg($r["login"])." -p".escapeshellarg($r["pass"])." ".escapeshellarg($r["db"])." <".escapeshellarg($fi);
     }
     $exe .= " 2>&1";