From 0d2d8797b6c45d5a1d261170da31674a230643bb Mon Sep 17 00:00:00 2001
From: cpradio <forums@cpradio.com>
Date: Fri, 16 Sep 2016 15:20:42 -0400
Subject: [PATCH 1/2] FIX: Backup validation wasn't escaping hyphens

---
 app/controllers/admin/backups_controller.rb       | 2 +-
 spec/controllers/admin/backups_controller_spec.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/admin/backups_controller.rb b/app/controllers/admin/backups_controller.rb
index 6222fc2b0..82aebfc6c 100644
--- a/app/controllers/admin/backups_controller.rb
+++ b/app/controllers/admin/backups_controller.rb
@@ -119,7 +119,7 @@ class Admin::BackupsController < Admin::AdminController
 
     return render status: 415, text: I18n.t("backup.backup_file_should_be_tar_gz") unless /\.(tar\.gz|t?gz)$/i =~ filename
     return render status: 415, text: I18n.t("backup.not_enough_space_on_disk")     unless has_enough_space_on_disk?(total_size)
-    return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\.-_]+$/ =~ filename)
+    return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._-]+$/ =~ filename)
 
     file               = params.fetch(:file)
     identifier         = params.fetch(:resumableIdentifier)
diff --git a/spec/controllers/admin/backups_controller_spec.rb b/spec/controllers/admin/backups_controller_spec.rb
index 092a945bc..080f4eb6c 100644
--- a/spec/controllers/admin/backups_controller_spec.rb
+++ b/spec/controllers/admin/backups_controller_spec.rb
@@ -212,7 +212,7 @@ describe Admin::BackupsController do
           described_class.any_instance.expects(:has_enough_space_on_disk?).returns(true)
 
           xhr :post, :upload_backup_chunk,
-            resumableFilename: 'test.tar.gz',
+            resumableFilename: 'test_Site-0123456789.tar.gz',
             resumableTotalSize: 1,
             resumableIdentifier: 'test',
             resumableChunkNumber: '1',

From 2eddeab66b756c0766dcd49a9e485279b4beb118 Mon Sep 17 00:00:00 2001
From: cpradio <forums@cpradio.com>
Date: Fri, 16 Sep 2016 19:07:46 -0400
Subject: [PATCH 2/2] Escape the hyphen

---
 app/controllers/admin/backups_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/admin/backups_controller.rb b/app/controllers/admin/backups_controller.rb
index 82aebfc6c..3c7855668 100644
--- a/app/controllers/admin/backups_controller.rb
+++ b/app/controllers/admin/backups_controller.rb
@@ -119,7 +119,7 @@ class Admin::BackupsController < Admin::AdminController
 
     return render status: 415, text: I18n.t("backup.backup_file_should_be_tar_gz") unless /\.(tar\.gz|t?gz)$/i =~ filename
     return render status: 415, text: I18n.t("backup.not_enough_space_on_disk")     unless has_enough_space_on_disk?(total_size)
-    return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._-]+$/ =~ filename)
+    return render status: 415, text: I18n.t("backup.invalid_filename") unless !!(/^[a-zA-Z0-9\._\-]+$/ =~ filename)
 
     file               = params.fetch(:file)
     identifier         = params.fetch(:resumableIdentifier)