From 17c45f8cf5767b8f937677c0c1aa19f5bd14c49b Mon Sep 17 00:00:00 2001
From: brotherand2 <547996854@qq.com>
Date: Thu, 4 Mar 2021 23:59:03 +0800
Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93shell=E6=96=B9?=
 =?UTF-8?q?=E5=BC=8F=E5=AF=BC=E5=87=BA=E6=96=87=E4=BB=B6=E4=B8=BA=E7=A9=BA?=
 =?UTF-8?q?=E5=86=85=E5=AE=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 upload/source/admincp/admincp_db.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/upload/source/admincp/admincp_db.php b/upload/source/admincp/admincp_db.php
index 6a4b38075..86ed49026 100644
--- a/upload/source/admincp/admincp_db.php
+++ b/upload/source/admincp/admincp_db.php
@@ -297,21 +297,25 @@ if($operation == 'export') {
 
 			$tablesstr = '';
 			foreach($tables as $table) {
-				$tablesstr .= '"'.$table.'" ';
+				$tablesstr .= ''.escapeshellarg($table).' ';
 			}
 
 			require DISCUZ_ROOT . './config/config_global.php';
+			$dbhost = $_config['db'][1]['dbhost'];
+			$dbname = $_config['db'][1]['dbname'];
+			$dbpw = $_config['db'][1]['dbpw'];
+			$dbuser = $_config['db'][1]['dbuser'];            
 			list($dbhost, $dbport) = explode(':', $dbhost);
 
 			$db = DB::object();
 			$query = DB::query("SHOW VARIABLES LIKE 'basedir'");
 			list(, $mysql_base) = DB::fetch($query, $db->drivertype == 'mysqli' ? MYSQLI_NUM : MYSQL_NUM);
 
-			$dumpfile = addslashes(dirname(dirname(__FILE__))).'/'.$backupfilename.'.sql';
+			$dumpfile = addslashes(dirname(dirname(dirname(__FILE__)))).'/'.$backupfilename.'.sql';
 			@unlink($dumpfile);
 
 			$mysqlbin = $mysql_base == '/' ? '' : addslashes($mysql_base).'bin/';
-			@shell_exec($mysqlbin.'mysqldump --force --quick '.($db->version() > '4.1' ? '--skip-opt --create-options' : '-all').' --add-drop-table'.($_GET['extendins'] == 1 ? ' --extended-insert' : '').''.($db->version() > '4.1' && $_GET['sqlcompat'] == 'MYSQL40' ? ' --compatible=mysql40' : '').' --host="'.$dbhost.($dbport ? (is_numeric($dbport) ? ' --port='.$dbport : ' --socket="'.$dbport.'"') : '').'" --user="'.$dbuser.'" --password="'.$dbpw.'" "'.$dbname.'" '.escapeshellarg($tablesstr).' > '.$dumpfile);
+			@shell_exec($mysqlbin.'mysqldump --force --quick '.($db->version() > '4.1' ? '--skip-opt --create-options' : '-all').' --add-drop-table'.($_GET['extendins'] == 1 ? ' --extended-insert' : '').''.($db->version() > '4.1' && $_GET['sqlcompat'] == 'MYSQL40' ? ' --compatible=mysql40' : '').' --host="'.$dbhost.($dbport ? (is_numeric($dbport) ? ' --port='.$dbport : ' --socket="'.$dbport.'"') : '').'" --user="'.$dbuser.'" --password="'.$dbpw.'" "'.$dbname.'" '.$tablesstr.' > '.$dumpfile);
 
 			if(@file_exists($dumpfile)) {
 
-- 
Gitee