Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[6296] branches/1.0/package/webinterface/altweb/admin/ phpliteadmin.php
|
From: <abe...@us...> - 2013-11-27 22:56:28
|
Revision: 6296
http://sourceforge.net/p/astlinux/code/6296
Author: abelbeck
Date: 2013-11-27 22:56:25 +0000 (Wed, 27 Nov 2013)
Log Message:
-----------
web interface, SQL-Data tab, for 'staff' user, disable actions: table_create, view_create, table_drop, view_drop, table_empty
Modified Paths:
--------------
branches/1.0/package/webinterface/altweb/admin/phpliteadmin.php
Modified: branches/1.0/package/webinterface/altweb/admin/phpliteadmin.php
===================================================================
--- branches/1.0/package/webinterface/altweb/admin/phpliteadmin.php 2013-11-20 15:39:00 UTC (rev 6295)
+++ branches/1.0/package/webinterface/altweb/admin/phpliteadmin.php 2013-11-27 22:56:25 UTC (rev 6296)
@@ -2181,6 +2181,9 @@
//table actions
/////////////////////////////////////////////// create table
case "table_create":
+ if ($global_user === 'staff') { //AstLinux//
+ $completed = "Failed: Insufficient 'staff' user privileges for action: ".$_GET['action'];
+ } else {
$num = intval($_POST['rows']);
$name = $_POST['tablename'];
$primary_keys = array();
@@ -2236,9 +2239,13 @@
if(!$result)
$error = true;
$completed = $lang['tbl']." '".htmlencode($_POST['tablename'])."' ".$lang['created'].".<br/><span style='font-size:11px;'>".htmlencode($query)."</span>";
+ }
break;
/////////////////////////////////////////////// empty table
case "table_empty":
+ if ($global_user === 'staff') { //AstLinux//
+ $completed = "Failed: Insufficient 'staff' user privileges for action: ".$_GET['action'];
+ } else {
$query = "DELETE FROM ".$db->quote_id($_POST['tablename']);
$result = $db->query($query);
if(!$result)
@@ -2248,30 +2255,43 @@
if(!$result)
$error = true;
$completed = $lang['tbl']." '".htmlencode($_POST['tablename'])."' ".$lang['emptied'].".<br/><span style='font-size:11px;'>".htmlencode($query)."</span>";
+ }
break;
/////////////////////////////////////////////// create view
case "view_create":
+ if ($global_user === 'staff') { //AstLinux//
+ $completed = "Failed: Insufficient 'staff' user privileges for action: ".$_GET['action'];
+ } else {
$query = "CREATE VIEW ".$db->quote($_POST['viewname'])." AS ".$_POST['select'];
$result = $db->query($query);
if(!$result)
$error = true;
$completed = $lang['view']." '".htmlencode($_POST['viewname'])."' ".$lang['created'].".<br/><span style='font-size:11px;'>".htmlencode($query)."</span>";
+ }
break;
/////////////////////////////////////////////// drop table
case "table_drop":
+ if ($global_user === 'staff') { //AstLinux//
+ $completed = "Failed: Insufficient 'staff' user privileges for action: ".$_GET['action'];
+ } else {
$query = "DROP TABLE ".$db->quote_id($_POST['tablename']);
$result=$db->query($query);
if(!$result)
$error = true;
$completed = $lang['tbl']." '".htmlencode($_POST['tablename'])."' ".$lang['dropped'].".";
+ }
break;
/////////////////////////////////////////////// drop view
case "view_drop":
+ if ($global_user === 'staff') { //AstLinux//
+ $completed = "Failed: Insufficient 'staff' user privileges for action: ".$_GET['action'];
+ } else {
$query = "DROP VIEW ".$db->quote_id($_POST['viewname']);
$result=$db->query($query);
if(!$result)
$error = true;
$completed = $lang['view']." '".htmlencode($_POST['viewname'])."' ".$lang['dropped'].".";
+ }
break;
/////////////////////////////////////////////// rename table
case "table_rename":
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
