From 9e8be3fa507d132675ba1053d4475090b875422a Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Wed, 17 Jan 2018 16:15:33 -0800
Subject: [PATCH] do basic backupId validation

---
 webadmin/src/js/restore.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/webadmin/src/js/restore.js b/webadmin/src/js/restore.js
index 2f2942c09..e07fc6c1a 100644
--- a/webadmin/src/js/restore.js
+++ b/webadmin/src/js/restore.js
@@ -127,7 +127,20 @@ app.controller('RestoreController', ['$scope', '$http', 'Client', function ($sco
             backupConfig.backupFolder = $scope.backupFolder;
         }
 
+        if ($scope.backupId.indexOf('/') === -1) {
+            $scope.error.generic = 'Backup id must include the directory path';
+            $scope.error.backupId = true;
+            $scope.busy = false;
+            return;
+        }
+
         var version = $scope.backupId.match(/_v(\d+.\d+.\d+)/);
+        if (!version) {
+            $scope.error.generic = 'Backup id is missing version information';
+            $scope.error.backupId = true;
+            $scope.busy = false;
+            return;
+        }
 
         Client.restore(backupConfig, $scope.backupId.replace(/\.tar\.gz(\.enc)?$/, ''), version ? version[1] : '', function (error) {
             $scope.busy = false;