Added initial permissions check to filemanager, Added ability for sql-\>query to take arrays to allow for multiple sql language inputs ( First step towards sql.conversions removal )

2024-11-10 21:26:35 +01:00 · 2019-07-17 12:14:10 -04:00 · 2019-07-17 12:14:10 -04:00 · d0e51bf015
commit d0e51bf015
parent 99fda757be
2 changed files with 17 additions and 4 deletions
--- a/components/filemanager/controller.php
+++ b/components/filemanager/controller.php
@ -60,10 +60,12 @@ if( isset( $_GET["path"] ) ) {
 // Security Check
 //////////////////////////////////////////////////////////////////

-if ( ! checkPath( $path ) ) {
+$access = Permissions::get_access( $_GET['path'] );
+
+if ( ! Permissions::check_access( "read", $access ) ) {
 	
 	$response["status"] = "error";
-	$response["message"] = "Invalid Path";
+	$response["message"] = "Invalid access to path";
 	exit( json_encode( $response ) );
 }

--- a/components/sql/class.sql.php
+++ b/components/sql/class.sql.php
@ -388,6 +388,17 @@ class sql {
 		 * exception
 		 */
 		
+		if( is_array( $query ) ) {
+			
+			if( in_array( DBTYPE, array_keys( $query ) ) ) {
+				
+				$query = $query[DBTYPE];
+			} else {
+				
+				$query = $query["*"];
+			}
+		}
+		
 		try {
 			
 			$connection = $this->connect();