Mirror/codiad
1
0
Fork 0
mirror of https://github.com/xevidos/codiad.git synced 2024-11-10 21:26:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added initial permissions check to filemanager, Added ability for sql-\>query to take arrays to allow for multiple sql language inputs ( First step towards sql.conversions removal )

Browse Source
This commit is contained in:
xevidos 2019-07-17 12:14:10 -04:00
parent 99fda757be
commit d0e51bf015
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
components/filemanager/controller.php
View File

@ -60,10 +60,12 @@ if( isset( $_GET["path"] ) ) {
// Security Check // Security Check
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
if ( ! checkPath( $path ) ) { $access = Permissions::get_access( $_GET['path'] );
if ( ! Permissions::check_access( "read", $access ) ) {
$response["status"] = "error"; $response["status"] = "error";
$response["message"] = "Invalid Path"; $response["message"] = "Invalid access to path";
exit( json_encode( $response ) ); exit( json_encode( $response ) );
} }

11
components/sql/class.sql.php
View File

@ -388,6 +388,17 @@ class sql {
* exception * exception
*/ */
if( is_array( $query ) ) {
if( in_array( DBTYPE, array_keys( $query ) ) ) {
$query = $query[DBTYPE];
} else {
$query = $query["*"];
}
}
try { try {
$connection = $this->connect(); $connection = $this->connect();