dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make streams more admin group safe.

This commit is contained in:
FusionPBX 2022-12-22 00:13:06 -07:00 committed by GitHub
parent a44ca60441
commit ba8adb9df6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
app/streams/streams.php
View File

@ -82,26 +82,36 @@
$order = $_GET["order"];
//add the search term
if (isset($_GET["search"])) {
$search = strtolower($_GET["search"]);
if (strlen($search) > 0) {
$sql_search = "and (";
$sql_search .= "lower(stream_name) like :search ";
$sql_search .= "or lower(stream_location) like :search ";
$sql_search .= "or lower(stream_enabled) like :search ";
$sql_search .= "or lower(stream_description) like :search ";
$sql_search .= ") ";
$parameters['search'] = '%'.$search.'%';
}
//prepare to page the results
$sql = "select count(stream_uuid) from v_streams where true ";
$sql .= $sql_search;
if (!($_GET['show'] == "all" && permission_exists('stream_all'))) {
$sql = "select count(stream_uuid) from v_streams ";
$sql .= "where true ";
if (isset($search) && $search != '') {
$sql = "and (";
$sql .= "lower(stream_name) like :search ";
$sql .= "or lower(stream_location) like :search ";
$sql .= "or lower(stream_enabled) like :search ";
$sql .= "or lower(stream_description) like :search ";
$sql .= ") ";
$parameters['search'] = '%'.$search.'%';
}
if (permission_exists('stream_all') && $_GET['show'] == "all") {
//show all
}
elseif (permission_exists('stream_all')) {
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
$parameters['domain_uuid'] = $domain_uuid;
}
else {
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $domain_uuid;
}
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
unset($parameters);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@ -114,7 +124,28 @@
$offset = $rows_per_page * $page;
//get the list
$sql = str_replace('count(stream_uuid)', '*', $sql);
$sql = "select * from v_streams ";
$sql .= "where true ";
if (isset($search) && $search != '') {
$sql = "and (";
$sql .= " lower(stream_name) like :search ";
$sql .= " or lower(stream_location) like :search ";
$sql .= " or lower(stream_enabled) like :search ";
$sql .= " or lower(stream_description) like :search ";
$sql .= ") ";
$parameters['search'] = '%'.$search.'%';
}
if (permission_exists('stream_all') && $_GET['show'] == "all") {
//show all
}
elseif (permission_exists('stream_all')) {
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
$parameters['domain_uuid'] = $domain_uuid;
}
else {
$sql .= "and domain_uuid = :domain_uuid ";
$parameters['domain_uuid'] = $domain_uuid;
}
$sql .= order_by($order_by, $order, 'stream_name', 'asc');
$sql .= limit_offset($rows_per_page, $offset);
$database = new database;