From d0e51bf015d3829aff65972abe6fdc1efcdafa7c Mon Sep 17 00:00:00 2001 From: xevidos Date: Wed, 17 Jul 2019 12:14:10 -0400 Subject: [PATCH] Added initial permissions check to filemanager, Added ability for sql-\>query to take arrays to allow for multiple sql language inputs ( First step towards sql.conversions removal ) --- components/filemanager/controller.php | 10 ++++++---- components/sql/class.sql.php | 11 +++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/components/filemanager/controller.php b/components/filemanager/controller.php index 2d95cc7..1bcad17 100755 --- a/components/filemanager/controller.php +++ b/components/filemanager/controller.php @@ -23,7 +23,7 @@ $response = array( "status" => "none", ); -if (!empty($_GET['action'])) { +if( ! empty($_GET['action'] ) ) { $action = $_GET['action']; } else { @@ -39,7 +39,7 @@ if (!empty($_GET['action'])) { // Ensure Project Has Been Loaded ////////////////////////////////////////////////////////////////// -if ( ! isset( $_SESSION['project'] ) ) { +if( ! isset( $_SESSION['project'] ) ) { $_GET['action'] = 'get_current'; $_GET['no_return'] = 'true'; @@ -60,10 +60,12 @@ if( isset( $_GET["path"] ) ) { // Security Check ////////////////////////////////////////////////////////////////// -if ( ! checkPath( $path ) ) { +$access = Permissions::get_access( $_GET['path'] ); + +if ( ! Permissions::check_access( "read", $access ) ) { $response["status"] = "error"; - $response["message"] = "Invalid Path"; + $response["message"] = "Invalid access to path"; exit( json_encode( $response ) ); } diff --git a/components/sql/class.sql.php b/components/sql/class.sql.php index f48c3e6..5494c37 100755 --- a/components/sql/class.sql.php +++ b/components/sql/class.sql.php @@ -388,6 +388,17 @@ class sql { * exception */ + if( is_array( $query ) ) { + + if( in_array( DBTYPE, array_keys( $query ) ) ) { + + $query = $query[DBTYPE]; + } else { + + $query = $query["*"]; + } + } + try { $connection = $this->connect();