From bfb2b23e8705b0d746f2a9fa34f75ffc594a419c Mon Sep 17 00:00:00 2001 From: Banana Date: Tue, 22 Oct 2019 09:14:41 +0200 Subject: [PATCH] display, edit a link only of we have auth --- webroot/lib/link.class.php | 52 +++++++++++++++++--------------- webroot/lib/management.class.php | 8 +++++ webroot/view/editlink.inc.php | 3 +- webroot/view/linkinfo.inc.php | 3 +- 4 files changed, 40 insertions(+), 26 deletions(-) diff --git a/webroot/lib/link.class.php b/webroot/lib/link.class.php index f73f357..70eb169 100644 --- a/webroot/lib/link.class.php +++ b/webroot/lib/link.class.php @@ -39,10 +39,26 @@ class Link { */ private $_data; + /** + * Show private links too + * @var bool + */ + private $_showPrivate = false; + public function __construct($databaseConnectionObject) { $this->DB = $databaseConnectionObject; } + /** + * Show private links or not + * @param $bool + */ + public function setShowPrivate($bool) { + if(is_bool($bool)) { + $this->_showPrivate = $bool; + } + } + /** * load all the info we have about a link by given hash * @param string $hash @@ -65,6 +81,12 @@ class Link { any_value(`hash`) as hash FROM `".DB_PREFIX."_link` WHERE `hash` = '".$this->DB->real_escape_string($hash)."'"; + if($this->_showPrivate === true) { + $queryStr .= " AND `status` IN (2,1)"; + } + else { + $queryStr .= " AND `status` = 2"; + } $query = $this->DB->query($queryStr); if(!empty($query) && $query->num_rows == 1) { $this->_data = $query->fetch_assoc(); @@ -99,6 +121,12 @@ class Link { any_value(`hash`) as hash FROM `".DB_PREFIX."_link` WHERE `hash` = '".$this->DB->real_escape_string($hash)."'"; + if($this->_showPrivate === true) { + $queryStr .= " AND `status` IN (2,1)"; + } + else { + $queryStr .= " AND `status` = 2"; + } $query = $this->DB->query($queryStr); if(!empty($query) && $query->num_rows == 1) { $this->_data = $query->fetch_assoc(); @@ -248,30 +276,6 @@ class Link { return $ret; } - /** - * check if the given URL exists in the DB - * if so return the hash. If not, return false - * @param string $link - * @return string - */ - public function exists($link) { - $ret = false; - - if(!empty($link)) { - $queryStr = "SELECT - any_value(`hash`) as hash - FROM `".DB_PREFIX."_link` - WHERE `link` = '".$this->DB->real_escape_string($link)."'"; - $query = $this->DB->query($queryStr); - if(!empty($query) && $query->num_rows > 0) { - $result = $query->fetch_assoc(); - $ret = $result['hash']; - } - } - - return $ret; - } - /** * load all the tags we have to the already loaded link * needs $this->load called first diff --git a/webroot/lib/management.class.php b/webroot/lib/management.class.php index 7431953..68d5602 100644 --- a/webroot/lib/management.class.php +++ b/webroot/lib/management.class.php @@ -33,6 +33,10 @@ class Management { */ private $DB; + /** + * Show private links too + * @var bool + */ private $_showPrivate = false; protected $COMBINED_SELECT_VALUES = "any_value(`id`) as id, @@ -264,6 +268,7 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); + $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } @@ -317,6 +322,7 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); + $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } @@ -356,6 +362,7 @@ class Management { if(!empty($query) && $query->num_rows > 0) { while($result = $query->fetch_assoc()) { $linkObj = new Link($this->DB); + $linkObj->setShowPrivate($this->_showPrivate); $ret['results'][] = $linkObj->loadShortInfo($result['hash']); unset($linkObj); } @@ -468,6 +475,7 @@ class Management { if(!empty($allLinks)) { foreach($allLinks as $link) { $LinkObj = new Link($this->DB); + $LinkObj->setShowPrivate($this->_showPrivate); $l = $LinkObj->load($link['hash']); $searchStr = $l['title']; diff --git a/webroot/view/editlink.inc.php b/webroot/view/editlink.inc.php index b819360..48dd0ee 100644 --- a/webroot/view/editlink.inc.php +++ b/webroot/view/editlink.inc.php @@ -25,6 +25,7 @@ * along with this program. If not, see http://www.gnu.org/licenses/gpl-3.0. * */ + $submitFeedback = false; $formData = false; @@ -32,7 +33,6 @@ $formData = false; # can/should be extended in the future. Summoner::simpleAuth(); - $_id = false; if(isset($_GET['id']) && !empty($_GET['id'])) { $_id = trim($_GET['id']); @@ -40,6 +40,7 @@ if(isset($_GET['id']) && !empty($_GET['id'])) { } $linkObj = new Link($DB); +$linkObj->setShowPrivate(Summoner::simpleAuthCheck()); $linkObj->load($_id); $linkData = $linkObj->getData(); if(empty($linkData)) { diff --git a/webroot/view/linkinfo.inc.php b/webroot/view/linkinfo.inc.php index 00c9cdb..a310e9c 100644 --- a/webroot/view/linkinfo.inc.php +++ b/webroot/view/linkinfo.inc.php @@ -3,7 +3,7 @@ * Insipid * Personal web-bookmark-system * - * Copyright 2016-2017 Johannes Keßler + * Copyright 2016-2019 Johannes Keßler * * Development starting from 2011: Johannes Keßler * https://www.bananas-playground.net/projekt/insipid/ @@ -33,6 +33,7 @@ if(isset($_GET['id']) && !empty($_GET['id'])) { } $linkObj = new Link($DB); +$linkObj->setShowPrivate(Summoner::simpleAuthCheck()); $linkData = $linkObj->load($_id); if(empty($linkData)) { header("HTTP/1.0 404 Not Found"); -- 2.39.5