From 3a42b843152109579ae5eaa64e5fc4be1339a49c Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Tue, 9 Nov 2021 00:03:39 -0800 Subject: [PATCH] Added check that backup path is not in meshcentral-data folder, #3266 --- meshcentral.js | 6 ++++++ views/default.handlebars | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/meshcentral.js b/meshcentral.js index 1ae0eb43..40a84f60 100644 --- a/meshcentral.js +++ b/meshcentral.js @@ -1747,6 +1747,12 @@ function CreateMeshCentralServer(config, args) { if (obj.config.settings.autobackup == null) { obj.config.settings.autobackup = { backupintervalhours: 24, keeplastdaysbackup: 10 }; } else if (obj.config.settings.autobackup === false) { delete obj.config.settings.autobackup; } + // Check that autobackup path is not within the "meshcentral-data" folder. + if ((typeof obj.config.settings.autobackup.backuppath == 'string') && (obj.path.normalize(obj.config.settings.autobackup.backuppath).startsWith(obj.path.normalize(obj.datapath)))) { + addServerWarning("Backup path can't be set within meshcentral-data folder, backup settings ignored.", 21); + delete obj.config.settings.autobackup; + } + // Load Intel AMT passwords from the "amtactivation.log" file obj.loadAmtActivationLogPasswords(function (amtPasswords) { obj.amtPasswords = amtPasswords; diff --git a/views/default.handlebars b/views/default.handlebars index 6b2acdf9..b92bee29 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -2219,7 +2219,8 @@ 17: "SendGrid server has limited use in LAN mode.", 18: "SMTP server has limited use in LAN mode.", 19: "SMS gateway has limited use in LAN mode.", - 20: "Invalid \"LoginCookieEncryptionKey\" in config.json." + 20: "Invalid \"LoginCookieEncryptionKey\" in config.json.", + 21: "Backup path can't be set within meshcentral-data folder, backup settings ignored." }; var x = ''; for (var i in message.warnings) {