aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/database.php
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-05-30 21:54:53 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-05-30 21:54:53 +0000
commit86d7c660c4582de4c7530aacbacbd47c013f80cc (patch)
tree53f50f6614e8992bf320839e835db902861aa341 /engine/lib/database.php
parent84224be7064514ab93d9fa9b641507cff23fea25 (diff)
downloadelgg-86d7c660c4582de4c7530aacbacbd47c013f80cc.tar.gz
elgg-86d7c660c4582de4c7530aacbacbd47c013f80cc.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Bugfix on gatekeeper and forcing data functions to privileged only git-svn-id: https://code.elgg.org/elgg/trunk@765 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/database.php')
-rw-r--r--engine/lib/database.php25
1 files changed, 20 insertions, 5 deletions
diff --git a/engine/lib/database.php b/engine/lib/database.php
index 03770f4bf..41c514b69 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -670,7 +670,10 @@
function get_data($query, $callback = "") {
- global $CONFIG, $dbcalls;
+ global $CONFIG, $dbcalls;
+
+ if (!callpath_gatekeeper($CONFIG->path . "engine/", true, true))
+ throw new DatabaseException("Access to privileged function 'get_data()' is denied.");
$dblink = get_db_link('read');
@@ -712,7 +715,10 @@
function get_data_row($query) {
- global $CONFIG, $dbcalls;
+ global $CONFIG, $dbcalls;
+
+ if (!callpath_gatekeeper($CONFIG->path . "engine/", true, true))
+ throw new DatabaseException("Access to privileged function 'get_data_row()' is denied.");
$dblink = get_db_link('read');
@@ -748,7 +754,10 @@
function insert_data($query) {
- global $dbcalls;
+ global $dbcalls;
+
+ if (!callpath_gatekeeper($CONFIG->path . "engine/", true, true))
+ throw new DatabaseException("Access to privileged function 'insert_data()' is denied.");
$dblink = get_db_link('write');
@@ -772,7 +781,10 @@
function update_data($query) {
- global $dbcalls;
+ global $dbcalls, $CONFIG;
+
+ if (!callpath_gatekeeper($CONFIG->path . "engine/", true, true))
+ throw new DatabaseException("Access to privileged function 'update_data()' is denied.");
$dblink = get_db_link('write');
@@ -797,7 +809,10 @@
function delete_data($query) {
- global $dbcalls;
+ global $dbcalls, $CONFIG;
+
+ if (!callpath_gatekeeper($CONFIG->path . "engine/", true, true))
+ throw new DatabaseException("Access to privileged function 'delete_data()' is denied.");
$dblink = get_db_link('write');