#!/usr/bin/perl -wT
use strict;

### These 2 files should be absolute references
my %file;
$file{1} = '/path/to/backup.sql';
$file{2} = '/path/to/backup.bck';
my %db;
$db{prog} = '/usr/bin/mysqldump';
$db{host} = 'mysql.host.com';
$db{user} = 'user';
$db{password} = 'pass';
$db{database} = 'database';

### END of configuration section

### Declare global variables
my $file1_data;

### Check the file paths for dangerous stuff
foreach (keys %file) {
    # Check it starts with a '/'
    if ($file{"$_"} !~ /^\//) {
	print "insecure file path";
	exit;
    }
    # Check it doesn't have any double dots
    if ($file{"$_"} =~ /\.\./) {
	print "insecure file path";
	exit;
    }
}

### Check the db vars
foreach (keys %db) {
    # Allowed chars are: A-Za-z0-9 _/.-
    unless ($db{"$_"} =~ /^[a-zA-Z0-9_\.\/-]+$/) {
	print "insecure database config";
	exit;
    }
}

### Any other security stuff
$ENV{'PATH'} = undef;

### Back up the file, if it exists
if ( open(FILE1, "< $file{1}") ) {
    open(FILE2, "> $file{2}");
    while (<FILE1>) {
	$file1_data .= $_;
    }
    close (FILE1);
    print FILE2 $file1_data;
    close (FILE2);
}

### Copy the database
system("$db{'prog'} --opt -h $db{'host'} -u $db{'user'} --password=$db{'password'} $db{'database'} > $file{'1'}");
exit;