From 626a4bbaf6e58236eb1044024f20cd6f06961879 Mon Sep 17 00:00:00 2001
From: David Bailey <davidbailey.2889@gmail.com>
Date: Mon, 18 Nov 2024 22:48:28 +0100
Subject: [PATCH] feature(security): add can-upload check

---
 www/src/setup/permissions.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/www/src/setup/permissions.php b/www/src/setup/permissions.php
index 272d986..654f5a8 100644
--- a/www/src/setup/permissions.php
+++ b/www/src/setup/permissions.php
@@ -5,7 +5,10 @@ $ACCESS_PERMISSIONS = [
     "upload" => false
 ];
 
-$ACCESS_KEY = $REQUEST_QUERY['ACCESS_KEY'] ?? $_COOKIE['ACCESS_KEY'] ?? '';
+$ACCESS_KEY = $REQUEST_QUERY['ACCESS_KEY']
+    ?? $_POST['ACCESS_KEY']
+    ?? $_COOKIE['ACCESS_KEY']
+    ?? '';
 
 if($ACCESS_KEY == $SITE_CONFIG['ACCESS_KEY']) {
     $ACCESS_PERMISSIONS = [
@@ -14,4 +17,10 @@ if($ACCESS_KEY == $SITE_CONFIG['ACCESS_KEY']) {
     ];
 }
 
+function access_can_upload() {
+    global $ACCESS_PERMISSIONS;
+
+    return $ACCESS_PERMISSIONS['upload'];
+}
+
 ?>
\ No newline at end of file