github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix share URL permissions. (#1745)

Browse Source 
* Fix share URL permissions.

* Add sql param logic.

* Add permissions to edit website.

* Update permissions.

* Move parameters to param injection.

* Sanitize eventdata.

* Remove caret.

* Fix avg.
This commit is contained in:
Brian Cao
2023-01-18 15:09:49 -08:00
committed by GitHub
parent 558ce268a0
commit 922c3acab3
16 changed files with 139 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
queries/analytics/pageview/getPageviewParams.js
View File

@@ -9,8 +9,8 @@ export async function getPageviewParams(...args) {
}
async function relationalQuery(websiteId, start_at, end_at, column, table, filters = {}) {
const { parseFilters, rawQuery } = prisma;
const params = [start_at, end_at];
const { parseFilters, rawQuery, toUuid } = prisma;
const params = [websiteId, start_at, end_at];
const { pageviewQuery, sessionQuery, eventQuery, joinSession } = parseFilters(
table,
column,
@@ -24,8 +24,8 @@ async function relationalQuery(websiteId, start_at, end_at, column, table, filte
from ${table}
${` join website on ${table}.website_id = website.website_id`}
${joinSession}
where website.website_uuid='${websiteId}'
and ${table}.created_at between $1 and $2
where website.website_uuid = $1${toUuid()}
and ${table}.created_at between $2 and $3
and ${table}.url like '%?%'
${pageviewQuery}
${joinSession && sessionQuery}