From 645d4666f26746934a67ef9577e9ece8259ea5ef Mon Sep 17 00:00:00 2001
From: DiscuzX <153619335@qq.com>
Date: Sat, 10 Jul 2021 07:36:37 +0000
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=95=B0=E6=8D=AE=E5=BA=93?=
 =?UTF-8?q?=E6=81=A2=E5=A4=8D=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 utility/restore.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/utility/restore.php b/utility/restore.php
index 246dd2a3e..f8bff67cc 100644
--- a/utility/restore.php
+++ b/utility/restore.php
@@ -143,9 +143,8 @@ if($operation == 'import') {
 			$query = $db->query("SHOW VARIABLES LIKE 'basedir'");
 			list(, $mysql_base) = $db->fetch_array($query, $db->drivertype == 'mysqli' ? MYSQLI_NUM : MYSQL_NUM);
 			$datafile = addslashes(dirname(dirname(__FILE__))).str_replace('..', '', $datafile);
-			$datafile = escapeshellarg($datafile);
 			$mysqlbin = $mysql_base == '/' ? '' : addslashes(rtrim($mysql_base, '/\\')).'/bin/';
-			@shell_exec($mysqlbin.'mysql --host="'.$dbhost.'"'.($dbport ? (is_numeric($dbport) ? ' --port='.$dbport : ' --socket="'.$dbport.'"') : '').' --user="'.$dbuser.'" --password="'.$dbpw.'" "'.$dbname.'" < '.$datafile);
+			@shell_exec(escapeshellarg($mysqlbin.'mysql').' --host='.escapeshellarg($dbhost).($dbport ? (is_numeric($dbport) ? ' --port='.escapeshellarg($dbport) : ' --socket='.escapeshellarg($dbport).'') : '').' --user='.escapeshellarg($dbuser).' --password='.escapeshellarg($dbpw).' '.escapeshellarg($dbname).' < '.escapeshellarg($datafile));
 			if($delunzip) {
 				@unlink($datafile);
 			}
-- 
Gitee