search

itflow-org / itflow

Free and open-source web application for MSPs. Unifies IT documentation, ticketing, invoicing.
https://itflow.org
GNU General Public License v3.0
544 stars 141 forks source link

Update settings_backup.php #863

Closed aftechro closed 8 months ago

aftechro commented 8 months ago

Create and restore backups. Upload sql file and restore it from the backup list. TODO: More tests and more security to it. Allow plugin to admins only.

wrongecho commented 8 months ago

Test these changes at: https://patch15863.pr-review.itflow.org
(automatic message)

aftechro commented 8 months ago

to solve the sonar code analysis, config.php file needs to be changed to format:

$dbConfig = array( 'host' => 'your_db_host', 'username' => 'your_db_username', 'password' => 'your_db_password', 'database' => 'your_database_name', );

then settings_update.php change code parts:

// Database connection $mysqli = mysqli_connect($dbConfig['host'], $dbConfig['username'], $dbConfig['password'], $dbConfig['database']) or die('Database Connection Failed'); $conn = new mysqli($dbConfig['host'], $dbConfig['username'], $dbConfig['password'], $dbConfig['database']);

and then $command = "mysqldump --complete-insert --skip-comments --host={$dbConfig['host']} --user={$dbConfig['username']} --password={$dbConfig['password']} {$dbConfig['database']} > $escapedBackupPath";

@wrongecho but i suppose that will change entire itflow system, and everywhere mysqli_connect and conn is needed, needs to be updated. i suppose would be much secured, but lot of files to update with propose secure measurement

sonarcloud[bot] commented 8 months ago

Quality Gate Failed Quality Gate failed

Failed conditions

E Security Rating on New Code (required ≥ A)

See analysis details on SonarCloud

idea Catch issues before they fail your Quality Gate with our IDE extension SonarLint SonarLint