feature(security): add can-upload check

2024-11-18 22:48:28 +01:00 · 2024-11-18 22:48:28 +01:00 · 626a4bbaf6
commit 626a4bbaf6
parent 2e012b4fd5
1 changed files with 10 additions and 1 deletions
--- a/www/src/setup/permissions.php
+++ b/www/src/setup/permissions.php
@ -5,7 +5,10 @@ $ACCESS_PERMISSIONS = [
    "upload" => false
 ];

-$ACCESS_KEY = $REQUEST_QUERY['ACCESS_KEY'] ?? $_COOKIE['ACCESS_KEY'] ?? '';
+$ACCESS_KEY = $REQUEST_QUERY['ACCESS_KEY']
+    ?? $_POST['ACCESS_KEY']
+    ?? $_COOKIE['ACCESS_KEY']
+    ?? '';

 if($ACCESS_KEY == $SITE_CONFIG['ACCESS_KEY']) {
    $ACCESS_PERMISSIONS = [
@ -14,4 +17,10 @@ if($ACCESS_KEY == $SITE_CONFIG['ACCESS_KEY']) {
    ];
 }

+function access_can_upload() {
+    global $ACCESS_PERMISSIONS;
+
+    return $ACCESS_PERMISSIONS['upload'];
+}
+
 ?>