Downloading a backup moves it

  • Resolved David Anderson

    (@davidanderson)


    1 year, 5 months ago

    Hi,

    I notice by reading the code of this plugin that attempting to download a backup will move the file out of the UpdraftPlus directory. That means that if the user attempts to download or restore it within UpdraftPlus, then that operation will fail – and the user will have no idea why.

    It’s also insecure – by moving the backup into a potentially publicly accessible directory, it can be accessed by any random Internet user. You should instead spool the file to the client, like UpdraftPlus does.

    David

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author backupsheep

    (@backupsheep)

    1 year, 4 months ago

    Hi David. The backup file name is different for every backup run and files are immediately deleted after we download them. However, this is not perfect. In the next release, we will add a .htaccess file to limit requests from our IPs only.

    We tried serving files through PHP. However, it didn’t work well because of PHP memory and timeout limits on different hosting providers.

    We use UpDraft just to generate backups. The list you see in Updraft is just a cached list; if you rescan those backups will go away. We already added code to clear that cache so users don’t see a list of ghost backups. To restore backup you can just upload files to UpDraft plugin.

    Early next year we will remove our dependency on UpDraft plugin and it will be a bit more clean solution 🙂

    Thread Starter David Anderson

    (@davidanderson)

    1 year, 4 months ago

    > We tried serving files through PHP. However, it didn’t work well because of PHP memory and timeout limits on different hosting providers.

    The way to deal with this is to send in chunks, and use the HTTP “Range” header.

    David

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Downloading a backup moves it’ is closed to new replies.