Home Explore Help
Sign In
kolter
/
autopostgresqlbackup
mirror of https://github.com/k0lter/autopostgresqlbackup
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix code injection via unsafe database names inside eval (Debian patch 10_fix_code_injection)

Axel Beckert 5 years ago
parent
d2fb93c44d
commit
6f7aa8a8bb
1 changed files with 9 additions and 9 deletions
Split View Show Diff Stats
  1. 9 9
      autopostgresqlbackup

+ 9 - 9
autopostgresqlbackup
View File 

@@ -301,7 +301,7 @@ then
 
 	then
 
 		mkdir -p "$BACKUPDIR/latest"
 
 	fi
 
-eval rm -f "$BACKUPDIR/latest/*"
 
+rm -f "$BACKUPDIR"/latest/*
 
 fi
 
 
 # IO redirection for logging.
 
@@ -358,7 +358,7 @@ if [ "$PREBACKUP" ]
 
 	echo ======================================================================
 
 	echo "Prebackup command output."
 
 	echo
 
-	eval $PREBACKUP
 
+	$PREBACKUP
 
 	echo
 
 	echo ======================================================================
 
 	echo
 
@@ -459,7 +459,7 @@ echo ======================================================================
 
 			else
 
 				REMW=`expr $W - 5`
 
 			fi
 
-		eval rm -fv "$BACKUPDIR/weekly/$DB/${DB}_week.$REMW.*"
 
+		rm -fv "$BACKUPDIR/weekly/$DB/${DB}_week.$REMW".*
 
 		echo
 
 			dbdump "$DB" "$BACKUPDIR/weekly/$DB/${DB}_week.$W.$DATE.sql"
 
 			compression "$BACKUPDIR/weekly/$DB/${DB}_week.$W.$DATE.sql"
 
@@ -470,7 +470,7 @@ echo ======================================================================
 
 	else
 
 		echo Daily Backup of Database \( $DB \)
 
 		echo Rotating last weeks Backup...
 
-		eval rm -fv "$BACKUPDIR/daily/$DB/*.$DOW.sql*"
 
+		rm -fv "$BACKUPDIR/daily/$DB"/*."$DOW".sql.*
 
 		echo
 
 			dbdump "$DB" "$BACKUPDIR/daily/$DB/${DB}_$DATE.$DOW.sql"
 
 			compression "$BACKUPDIR/daily/$DB/${DB}_$DATE.$DOW.sql"
 
@@ -506,7 +506,7 @@ echo ======================================================================
 
 			else
 
 				REMW=`expr $W - 5`
 
 			fi
 
-		eval rm -fv "$BACKUPDIR/weekly/week.$REMW.*" 
+		rm -fv "$BACKUPDIR/weekly/week.$REMW".*
 
 		echo
 
 			dbdump "$DBNAMES" "$BACKUPDIR/weekly/week.$W.$DATE.sql"
 
 			compression "$BACKUPDIR/weekly/week.$W.$DATE.sql"
 
@@ -518,7 +518,7 @@ echo ======================================================================
 
 		echo Daily Backup of Databases \( $DBNAMES \)
 
 		echo
 
 		echo Rotating last weeks Backup...
 
-		eval rm -fv "$BACKUPDIR/daily/*.$DOW.sql*"
 
+		rm -fv "$BACKUPDIR"/daily/*."$DOW".sql.*
 
 		echo
 
 			dbdump "$DBNAMES" "$BACKUPDIR/daily/$DATE.$DOW.sql"
 
 			compression "$BACKUPDIR/daily/$DATE.$DOW.sql"
 
@@ -540,7 +540,7 @@ if [ "$POSTBACKUP" ]
 
 	echo ======================================================================
 
 	echo "Postbackup command output."
 
 	echo
 
-	eval $POSTBACKUP
 
+	$POSTBACKUP
 
 	echo
 
 	echo ======================================================================
 
 fi
 
@@ -602,7 +602,7 @@ if [ -s "$LOGERR" ]
 
 fi
 
 
 # Clean up Logfile
 
-eval rm -f "$LOGFILE"
 
-eval rm -f "$LOGERR"
 
+rm -f "$LOGFILE"
 
+rm -f "$LOGERR"
 
 
 exit $STATUS