diff options
Diffstat (limited to 'www/functions/func_select.php')
| -rwxr-xr-x | www/functions/func_select.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/www/functions/func_select.php b/www/functions/func_select.php index 5181b9a..1599b9b 100755 --- a/www/functions/func_select.php +++ b/www/functions/func_select.php @@ -1,5 +1,5 @@ <?php -function select_file_id($db, $owner){ +function select_file_id($db, $owner, $folder_path){ if($_SESSION["login"] && $_SESSION["userid"] == $owner){ // TODO: Check if loged in user really the user who does the query - fix 12.3.14 $share=""; // to print all files, even hidden ones @@ -7,7 +7,7 @@ function select_file_id($db, $owner){ $share ="AND share='PUBLIC'"; // just use files with the correct permissions } - $folder_array_unsafe = explode("/",$_GET["folder"]); + $folder_array_unsafe = explode("/",$folder_path); $length = count($folder_array_unsafe); $root_db = $db->query("SELECT id FROM files WHERE parent=0 AND owner=" . $owner . " AND folder='DIRECTORY' " . $share . ";"); @@ -23,12 +23,13 @@ function select_file_id($db, $owner){ } for($i=0; $i<$length; $i++){ - + $parentdir_db = $db->query("SELECT id, parent FROM files WHERE owner=" . $owner . " AND folder='DIRECTORY' " . $share . " AND parent=" . $parentdir . " AND name='" . SQLite3::escapeString($folder_array_unsafe[$i]) . "';"); $prim_id = $parentdir_db->fetchArray(SQLITE3_NUM); - if(empty($prim_id)){ - failure("Database error."); + + if(empty($prim_id[0])){ + return $parentdir; } if($parentdir != $prim_id[1]){ |