From 0e41dea8cc54d691ffc805b996606d701d66785e Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 13 Aug 2014 10:42:46 -0400
Subject: [PATCH] - disallow ` in table names when using ?? placeholder in query

---
 interface/lib/classes/tform_base.inc.php |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 6cfdfe0..329f1ef 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -270,6 +270,7 @@
 			unset($tmp_recordid);
 
 			$querystring = str_replace("{AUTHSQL}", $this->getAuthSQL('r'), $querystring);
+			$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', array($this, 'table_auth_sql'), $querystring);
 
 			// Getting the records
 			$tmp_records = $app->db->queryAllRecords($querystring);
@@ -311,6 +312,9 @@
 
 	}
 
+	function table_auth_sql($matches){
+		return $this->getAuthSQL('r', $matches[1]);
+	}
 
 	/**
 	 * Get the key => value array of a form filled from a datasource definitiom
@@ -1366,7 +1370,7 @@
 	}
 
 	function getAuthSQL($perm, $table = '') {
-		if($_SESSION["s"]["user"]["typ"] == 'admin') {
+		if($_SESSION["s"]["user"]["typ"] == 'admin' || $_SESSION['s']['user']['mailuser_id'] > 0) {
 			return '1';
 		} else {
 			if ($table != ''){

--
Gitblit v1.9.1