From e6dcdbd415635a57bf3e63bf38cee4b389928616 Mon Sep 17 00:00:00 2001 From: Sebastian Stehle Date: Wed, 15 Apr 2026 08:56:25 +0200 Subject: [PATCH] Fixes --- .../Backup/TempFolderBackupArchiveLocation.cs | 9 ++++++++- .../EventSourcing/Consume/EventConsumerProcessor.cs | 6 ++++-- backend/src/Squidex/Startup.cs | 2 +- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/backend/src/Squidex.Domain.Apps.Entities/Backup/TempFolderBackupArchiveLocation.cs b/backend/src/Squidex.Domain.Apps.Entities/Backup/TempFolderBackupArchiveLocation.cs index 17f0ed625..9db716232 100644 --- a/backend/src/Squidex.Domain.Apps.Entities/Backup/TempFolderBackupArchiveLocation.cs +++ b/backend/src/Squidex.Domain.Apps.Entities/Backup/TempFolderBackupArchiveLocation.cs @@ -6,6 +6,8 @@ // ========================================================================== using System.Diagnostics.CodeAnalysis; +using System.Security; +using Microsoft.Extensions.Options; using Squidex.Infrastructure; using Squidex.Infrastructure.Json; @@ -15,7 +17,7 @@ namespace Squidex.Domain.Apps.Entities.Backup; public sealed class TempFolderBackupArchiveLocation( IJsonSerializer serializer, IOptions options, - IHttpClientFactory httpClientFactory) + IHttpClientFactory httpClientFactory) : IBackupArchiveLocation { public async Task OpenReaderAsync(Uri url, DomainId id, @@ -25,6 +27,11 @@ public sealed class TempFolderBackupArchiveLocation( if (string.Equals(url.Scheme, "file", StringComparison.OrdinalIgnoreCase)) { + if (!options.Value.AllowRestoreFromLocalFiles) + { + throw new SecurityException("Downloading backups from local files not allowed. Permit them with BACKUPS__ALLOWRESTOREFROMLOCALFILES=true"); + } + stream = new FileStream(url.LocalPath, FileMode.Open, FileAccess.Read); } else diff --git a/backend/src/Squidex.Infrastructure/EventSourcing/Consume/EventConsumerProcessor.cs b/backend/src/Squidex.Infrastructure/EventSourcing/Consume/EventConsumerProcessor.cs index 2417afeb3..0c1303207 100644 --- a/backend/src/Squidex.Infrastructure/EventSourcing/Consume/EventConsumerProcessor.cs +++ b/backend/src/Squidex.Infrastructure/EventSourcing/Consume/EventConsumerProcessor.cs @@ -73,8 +73,10 @@ public class EventConsumerProcessor : IEventSubscriber } } - // Acquire the lock to ensure any in-flight UpdateAsync has fully completed before returning. - using var _ = await asyncLock.EnterAsync(); + using (await asyncLock.EnterAsync()) + { + // Acquire the lock to ensure any in-flight UpdateAsync has fully completed before returning. + } } public virtual ValueTask OnNextAsync(IEventSubscription subscription, ParsedEvents @event) diff --git a/backend/src/Squidex/Startup.cs b/backend/src/Squidex/Startup.cs index d19ebd7bb..f003ba996 100644 --- a/backend/src/Squidex/Startup.cs +++ b/backend/src/Squidex/Startup.cs @@ -37,7 +37,7 @@ public sealed class Startup(IConfiguration config) services.AddSquidexApps(config); services.AddSquidexAssetInfrastructure(config); services.AddSquidexAssets(config); - services.AddSquidexBackups(); + services.AddSquidexBackups(config); services.AddSquidexCollaborations(config); services.AddSquidexCommands(config); services.AddSquidexContents(config);