diff --git a/source/packages/com_mokojoombackup/src/Controller/AjaxController.php b/source/packages/com_mokojoombackup/src/Controller/AjaxController.php
index 72259c6..c924acd 100644
--- a/source/packages/com_mokojoombackup/src/Controller/AjaxController.php
+++ b/source/packages/com_mokojoombackup/src/Controller/AjaxController.php
@@ -136,10 +136,21 @@ class AjaxController extends BaseController
$parent = dirname($path);
+ // Ensure parent is still within allowed boundaries
+ $parentAllowed = false;
+
+ if ($parent !== $path) {
+ if ($jRoot !== false && strpos($parent, $jRoot) === 0) {
+ $parentAllowed = true;
+ } elseif ($homeDir !== '' && strpos($parent, $homeDir) === 0) {
+ $parentAllowed = true;
+ }
+ }
+
$response = [
'error' => false,
'current' => $path,
- 'parent' => ($parent !== $path) ? $parent : null,
+ 'parent' => $parentAllowed ? $parent : null,
'dirs' => $dirs,
];
@@ -174,7 +185,7 @@ class AjaxController extends BaseController
$query = $db->getQuery(true)
->select($db->quoteName(['absolute_path', 'log']))
->from($db->quoteName('#__mokojoombackup_records'))
- ->where($db->quoteName('id') . ' = ' . $id);
+ ->where($db->quoteName('id') . ' = ' . (int) $id);
$db->setQuery($query);
$record = $db->loadObject();
diff --git a/source/packages/com_mokojoombackup/src/Engine/BackupEngine.php b/source/packages/com_mokojoombackup/src/Engine/BackupEngine.php
index 58a6089..84b3c49 100644
--- a/source/packages/com_mokojoombackup/src/Engine/BackupEngine.php
+++ b/source/packages/com_mokojoombackup/src/Engine/BackupEngine.php
@@ -530,7 +530,7 @@ class BackupEngine
$htaccess = $dir . '/.htaccess';
if (!is_file($htaccess)) {
- if (@file_put_contents($htaccess, "Order deny,allow\nDeny from all\n") === false) {
+ if (@file_put_contents($htaccess, "# Apache 2.4+\n\n Require all denied\n\n# Apache 2.2\n\n Order deny,allow\n Deny from all\n\n") === false) {
error_log('MokoJoomBackup: Could not create .htaccess in backup directory: ' . $dir);
}
}
diff --git a/source/packages/com_mokojoombackup/src/Engine/SteppedBackupEngine.php b/source/packages/com_mokojoombackup/src/Engine/SteppedBackupEngine.php
index 0eae1aa..fc5af70 100644
--- a/source/packages/com_mokojoombackup/src/Engine/SteppedBackupEngine.php
+++ b/source/packages/com_mokojoombackup/src/Engine/SteppedBackupEngine.php
@@ -572,7 +572,7 @@ class SteppedBackupEngine
$htaccess = $dir . '/.htaccess';
if (!is_file($htaccess)) {
- if (@file_put_contents($htaccess, "Order deny,allow\nDeny from all\n") === false) {
+ if (@file_put_contents($htaccess, "# Apache 2.4+\n\n Require all denied\n\n# Apache 2.2\n\n Order deny,allow\n Deny from all\n\n") === false) {
error_log('MokoJoomBackup: Could not create .htaccess in backup directory: ' . $dir);
}
}
diff --git a/source/packages/com_mokojoombackup/src/Table/ProfileTable.php b/source/packages/com_mokojoombackup/src/Table/ProfileTable.php
index b712670..78892a7 100644
--- a/source/packages/com_mokojoombackup/src/Table/ProfileTable.php
+++ b/source/packages/com_mokojoombackup/src/Table/ProfileTable.php
@@ -65,7 +65,7 @@ class ProfileTable extends Table
$htaccess = $resolved . '/.htaccess';
if (!is_file($htaccess)) {
- if (@file_put_contents($htaccess, "Order deny,allow\nDeny from all\n") === false) {
+ if (@file_put_contents($htaccess, "# Apache 2.4+\n\n Require all denied\n\n# Apache 2.2\n\n Order deny,allow\n Deny from all\n\n") === false) {
error_log('MokoJoomBackup: Could not create .htaccess in: ' . $resolved);
}
}
diff --git a/source/script.php b/source/script.php
index 18865d7..a5b776c 100644
--- a/source/script.php
+++ b/source/script.php
@@ -198,7 +198,7 @@ class Pkg_MokoJoomBackupInstallerScript
mkdir($backupDir, 0755, true);
// Protect backup directory with .htaccess
- file_put_contents($backupDir . '/.htaccess', "Order deny,allow\nDeny from all\n");
+ file_put_contents($backupDir . '/.htaccess', "# Apache 2.4+\n\n Require all denied\n\n# Apache 2.2\n\n Order deny,allow\n Deny from all\n\n");
file_put_contents($backupDir . '/index.html', '');
}
}