diff --git a/modules/backup/mysql-restore-to-sql.sh b/modules/backup/mysql-restore-to-sql.sh index 1ec099f..fbe6577 100755 --- a/modules/backup/mysql-restore-to-sql.sh +++ b/modules/backup/mysql-restore-to-sql.sh @@ -1318,13 +1318,22 @@ step1_detect_datadir() { exit 0 fi + # SECURITY: Validate path to prevent traversal + if [[ "$custom_dir" == *"../"* ]] || [[ "$custom_dir" == *"/.."* ]]; then + print_error "Invalid path: contains path traversal sequence (..)" + press_enter + return 1 + fi + if [ ! -d "$custom_dir" ]; then print_error "Directory does not exist: $custom_dir" press_enter return 1 fi - LIVE_DATADIR="$custom_dir" + # Resolve to absolute path + local resolved_custom=$(cd "$custom_dir" && pwd) + LIVE_DATADIR="$resolved_custom" print_success "Updated data directory: $LIVE_DATADIR" fi @@ -1611,7 +1620,12 @@ step3_select_database() { if [[ "$selection" =~ ^[0-9]+$ ]] && [ "$selection" -ge 1 ] && [ "$selection" -le "${#databases[@]}" ]; then DATABASE_NAME="${databases[$((selection - 1))]}" else - # Manual entry + # Manual entry - validate to prevent path traversal + if [[ "$selection" == *"/"* ]] || [[ "$selection" == *".."* ]]; then + print_error "Invalid database name: contains invalid characters (/, ..)" + press_enter + return 1 + fi DATABASE_NAME="$selection" fi @@ -1640,7 +1654,12 @@ step4_configure_options() { echo -n "Ticket number (optional, press Enter to skip): " read -r ticket if [ -n "$ticket" ]; then - TICKET_NUMBER="$ticket" + # SECURITY: Validate ticket contains only alphanumeric and common safe chars + if [[ "$ticket" =~ ^[a-zA-Z0-9_\-]+$ ]]; then + TICKET_NUMBER="$ticket" + else + print_warning "Ticket number contains invalid characters, skipping" + fi fi # Force recovery mode