Added initial permissions check to filemanager, Added ability for sql-\>query to take arrays to allow for multiple sql language inputs ( First step towards sql.conversions removal )

2024-09-21 10:21:32 +02:00 · 2019-07-17 12:14:10 -04:00 · 2019-07-17 12:14:10 -04:00 · d0e51bf015
commit d0e51bf015
parent 99fda757be
2 changed files with 17 additions and 4 deletions
--- a/components/filemanager/controller.php
+++ b/components/filemanager/controller.php
@ -23,7 +23,7 @@ $response = array(
 	"status" => "none",
 );

-if (!empty($_GET['action'])) {
+if( ! empty($_GET['action'] ) ) {
 	
 	$action = $_GET['action'];
 } else {
@ -39,7 +39,7 @@ if (!empty($_GET['action'])) {
 // Ensure Project Has Been Loaded
 //////////////////////////////////////////////////////////////////

-if ( ! isset( $_SESSION['project'] ) ) {
+if( ! isset( $_SESSION['project'] ) ) {
 	
 	$_GET['action'] = 'get_current';
 	$_GET['no_return'] = 'true';
@ -60,10 +60,12 @@ if( isset( $_GET["path"] ) ) {
 // Security Check
 //////////////////////////////////////////////////////////////////

-if ( ! checkPath( $path ) ) {
+$access = Permissions::get_access( $_GET['path'] );
+
+if ( ! Permissions::check_access( "read", $access ) ) {
 	
 	$response["status"] = "error";
-	$response["message"] = "Invalid Path";
+	$response["message"] = "Invalid access to path";
 	exit( json_encode( $response ) );
 }

--- a/components/sql/class.sql.php
+++ b/components/sql/class.sql.php
@ -388,6 +388,17 @@ class sql {
 		 * exception
 		 */
 		
+		if( is_array( $query ) ) {
+			
+			if( in_array( DBTYPE, array_keys( $query ) ) ) {
+				
+				$query = $query[DBTYPE];
+			} else {
+				
+				$query = $query["*"];
+			}
+		}
+		
 		try {
 			
 			$connection = $this->connect();