diff --git a/www/composer.lock b/www/composer.lock index ae6b613b..67bcc592 100644 --- a/www/composer.lock +++ b/www/composer.lock @@ -12,7 +12,7 @@ "dist": { "type": "path", "url": "/storage/var/www/html/developers/clemens/core_data/composer-packages/CoreLibs-Composer-All", - "reference": "1189aecae90bea76fb15893e20571910596f2b8b" + "reference": "187a012284ba8000b2d472da6a707b830bb3c0a8" }, "require": { "php": ">=8.1" diff --git a/www/vendor/composer/installed.json b/www/vendor/composer/installed.json index 147fdf84..768a8d6b 100644 --- a/www/vendor/composer/installed.json +++ b/www/vendor/composer/installed.json @@ -7,7 +7,7 @@ "dist": { "type": "path", "url": "/storage/var/www/html/developers/clemens/core_data/composer-packages/CoreLibs-Composer-All", - "reference": "1189aecae90bea76fb15893e20571910596f2b8b" + "reference": "187a012284ba8000b2d472da6a707b830bb3c0a8" }, "require": { "php": ">=8.1" diff --git a/www/vendor/composer/installed.php b/www/vendor/composer/installed.php index e336d062..1cc8ec22 100644 --- a/www/vendor/composer/installed.php +++ b/www/vendor/composer/installed.php @@ -13,7 +13,7 @@ 'egrajp/corelibs-composer-all' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '1189aecae90bea76fb15893e20571910596f2b8b', + 'reference' => '187a012284ba8000b2d472da6a707b830bb3c0a8', 'type' => 'library', 'install_path' => __DIR__ . '/../egrajp/corelibs-composer-all', 'aliases' => array(), diff --git a/www/vendor/egrajp/corelibs-composer-all/publish/last.published b/www/vendor/egrajp/corelibs-composer-all/publish/last.published index 406b8982..ac2895c5 100644 --- a/www/vendor/egrajp/corelibs-composer-all/publish/last.published +++ b/www/vendor/egrajp/corelibs-composer-all/publish/last.published @@ -1 +1 @@ -8.1.3 +8.1.4 diff --git a/www/vendor/egrajp/corelibs-composer-all/src/ACL/Login.php b/www/vendor/egrajp/corelibs-composer-all/src/ACL/Login.php index 3255606e..c4126be7 100644 --- a/www/vendor/egrajp/corelibs-composer-all/src/ACL/Login.php +++ b/www/vendor/egrajp/corelibs-composer-all/src/ACL/Login.php @@ -69,6 +69,7 @@ declare(strict_types=1); namespace CoreLibs\ACL; use CoreLibs\Check\Password; +use CoreLibs\Convert\Json; class Login { @@ -753,7 +754,10 @@ class Login // we have to get the themes in here too $q = "SELECT eu.edit_user_id, eu.username, eu.password, " . "eu.edit_group_id, " - . "eg.name AS edit_group_name, admin, " + . "eg.name AS edit_group_name, eu.admin, " + // additinal acl lists + . "eu.additional_acl AS user_additional_acl, " + . "eg.additional_acl AS group_additional_acl, " // login error + locked . "eu.login_error_count, eu.login_error_date_last, " . "eu.login_error_date_first, eu.strict, eu.locked, " @@ -901,8 +905,10 @@ class Login $_SESSION['GROUP_NAME'] = $res['edit_group_name']; $_SESSION['USER_ACL_LEVEL'] = $res['user_level']; $_SESSION['USER_ACL_TYPE'] = $res['user_type']; + $_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']); $_SESSION['GROUP_ACL_LEVEL'] = $res['group_level']; $_SESSION['GROUP_ACL_TYPE'] = $res['group_type']; + $_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']); // deprecated TEMPLATE setting $_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : ''; $_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ? @@ -1021,7 +1027,8 @@ class Login $_SESSION['PAGES'] = $pages; $_SESSION['PAGES_ACL_LEVEL'] = $pages_acl; // load the edit_access user rights - $q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default " + $q = "SELECT ea.edit_access_id, level, type, ea.name, " + . "ea.color, ea.uid, edit_default, ea.additional_acl " . "FROM edit_access_user eau, edit_access_right ear, edit_access ea " . "WHERE eau.edit_access_id = ea.edit_access_id " . "AND eau.edit_access_right_id = ear.edit_access_right_id " @@ -1048,6 +1055,7 @@ class Login 'uid' => $res['uid'], 'color' => $res['color'], 'default' => $res['edit_default'], + 'additional_acl' => Json::jsonConvertToArray($res['additional_acl']), 'data' => $ea_data ]; // set the default unit @@ -1122,6 +1130,11 @@ class Login // username (login), group name $this->acl['user_name'] = $_SESSION['USER_NAME']; $this->acl['group_name'] = $_SESSION['GROUP_NAME']; + // set additional acl + $this->acl['additional_acl'] = [ + 'user' => $_SESSION['USER_ADDITIONAL_ACL'], + 'group' => $_SESSION['GROUP_ADDITIONAL_ACL'], + ]; // we start with the default acl $this->acl['base'] = $this->default_acl_level; @@ -1184,7 +1197,8 @@ class Login 'uid' => $unit['uid'], 'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1, 'default' => $unit['default'], - 'data' => $unit['data'] + 'data' => $unit['data'], + 'additional_acl' => $unit['additional_acl'] ]; // set default if (!empty($unit['default'])) { diff --git a/www/vendor/egrajp/corelibs-composer-all/src/DB/IO.php b/www/vendor/egrajp/corelibs-composer-all/src/DB/IO.php index 6e2b8814..b2b0b8d1 100644 --- a/www/vendor/egrajp/corelibs-composer-all/src/DB/IO.php +++ b/www/vendor/egrajp/corelibs-composer-all/src/DB/IO.php @@ -279,8 +279,20 @@ class IO public const NO_CACHE = 3; /** @var string default hash type */ public const ERROR_HASH_TYPE = 'adler32'; + /** + * @var string regex for params: only stand alone $number allowed + * never allowed to start with ' + * must be after space/tab, =, ( + */ + public const REGEX_PARAMS = '/[^\'][\s(=](\$[0-9]{1,})/'; /** @var string regex to get returning with matches at position 1 */ public const REGEX_RETURNING = '/\s+returning\s+(.+\s*(?:.+\s*)+);?$/i'; + // REGEX_SELECT + // REGEX_UPDATE + // REGEX INSERT + // REGEX_INSERT_UPDATE_DELETE + // REGEX_FROM_TABLE + // REGEX_INSERT_UPDATE_DELETE_TABLE // recommend to set private/protected and only allow setting via method // can bet set from outside @@ -1017,7 +1029,7 @@ class IO { // search for $1, $2, in the query and push it into the control array // skip counts for same eg $1, $1, $2 = 2 and not 3 - preg_match_all('/(\$[0-9]{1,})/', $query, $match); + preg_match_all(self::REGEX_PARAMS, $query, $match); $placeholder_count = count(array_unique($match[1])); if ($params_count != $placeholder_count) { $this->__dbError( @@ -2588,7 +2600,7 @@ class IO $match = []; // search for $1, $2, in the query and push it into the control array // skip counts for same eg $1, $1, $2 = 2 and not 3 - preg_match_all('/(\$[0-9]{1,})/', $query, $match); + preg_match_all(self::REGEX_PARAMS, $query, $match); $this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1])); $this->prepare_cursor[$stm_name]['query'] = $query; $result = $this->db_functions->__dbPrepare($stm_name, $query); diff --git a/www/vendor/egrajp/corelibs-composer-all/test/phpunit/ACL/CoreLibsACLLoginTest.php b/www/vendor/egrajp/corelibs-composer-all/test/phpunit/ACL/CoreLibsACLLoginTest.php index bd55d223..5ca89254 100644 --- a/www/vendor/egrajp/corelibs-composer-all/test/phpunit/ACL/CoreLibsACLLoginTest.php +++ b/www/vendor/egrajp/corelibs-composer-all/test/phpunit/ACL/CoreLibsACLLoginTest.php @@ -267,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase 'GROUP_ACL_LEVEL' => -1, 'PAGES_ACL_LEVEL' => [], 'USER_ACL_LEVEL' => -1, + 'USER_ADDITIONAL_ACL' => [], + 'GROUP_ADDITIONAL_ACL' => [], 'UNIT_UID' => [ 'AdminAccess' => 1, ], @@ -280,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase 'data' => [ 'test' => 'value', ], + 'additional_acl' => [] ], ], // 'UNIT_DEFAULT' => '',