<?php
/*
This script is the AJAX callback that deletes a user's saved search
*/
define('IN_FS', true);
require_once '../../header.php';
$baseurl = dirname(dirname($baseurl)) . '/';
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'));
$user->check_account_ok();
$user->save_search();
}
} elseif (Req::has('code')) {
$_SESSION['oauth_provider'] = 'microsoft';
$do = 'oauth';
} elseif (Req::has('do') && Req::val('do') == 'tasklist') {
$do = 'index';
}
// supertask_id for add new sub-task
$supertask_id = 0;
if (Req::has('supertask')) {
$supertask_id = Req::val('supertask');
}
/* permission stuff */
if (Cookie::has('flyspray_userid') && Cookie::has('flyspray_passhash')) {
$user = new User(Cookie::val('flyspray_userid'), $proj);
$user->check_account_ok();
$user->save_search($do);
} else {
$user = new User(0, $proj);
}
if (Get::val('getfile')) {
// If a file was requested, deliver it
$result = $db->Query("SELECT t.project_id,\n a.orig_name, a.file_name, a.file_type, t.*\n FROM {attachments} a\n INNER JOIN {tasks} t ON a.task_id = t.task_id\n WHERE attachment_id = ?", array(Get::val('getfile')));
$task = $db->FetchRow($result);
list($proj_id, $orig_name, $file_name, $file_type) = $task;
// Check if file exists, and user permission to access it!
if (!is_file(BASEDIR . "/attachments/{$file_name}")) {
header('HTTP/1.1 410 Gone');
echo 'File does not exist anymore.';
exit;
}
if ($user->can_view_task($task)) {
