/**
 * Delete an issue attachment given its id.
 *
 * @param string $p_username  The name of the user trying to add an attachment to an issue.
 * @param string $p_password  The password of the user.
 * @param integer $p_issue_attachment_id  The id of the attachment to be deleted.
 * @return true: success, false: failure
 */
function mc_issue_attachment_delete( $p_username, $p_password, $p_issue_attachment_id ) {
	$t_user_id = mci_check_login( $p_username, $p_password );
	if( $t_user_id === false ) {
		return mci_soap_fault_login_failed();
	}
	$t_bug_id = file_get_field( $p_issue_attachment_id, 'bug_id' );
	if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id, $t_user_id ) ) {
		return mci_soap_fault_access_denied( $t_user_id );
	}
	return file_delete( $p_issue_attachment_id, 'bug' );
}
/**
 * Delete a project attachment given its id.
 *
 * @param string $p_username  The name of the user trying to add an attachment to an issue.
 * @param string $p_password  The password of the user.
 * @param integer $p_project_attachment_id  The id of the attachment to be deleted.
 * @return true: success, false: failure
 */
function mc_project_attachment_delete($p_username, $p_password, $p_project_attachment_id)
{
    $t_user_id = mci_check_login($p_username, $p_password);
    if ($t_user_id === false) {
        return new soap_fault('Client', '', 'Access Denied');
    }
    $t_project_id = file_get_field($p_project_attachment_id, 'project_id', 'project');
    if (!access_has_project_level(config_get('upload_project_file_threshold'), $t_project_id, $t_user_id)) {
        return new soap_fault('Client', '', 'Access Denied');
    }
    return file_delete($p_project_attachment_id, 'project');
}
/**
 * Delete an issue attachment given its id.
 *
 * @param string $p_username  The name of the user trying to add an attachment to an issue.
 * @param string $p_password  The password of the user.
 * @param integer $p_issue_attachment_id  The id of the attachment to be deleted.
 * @return true: success, false: failure
 */
function mc_issue_attachment_delete($p_username, $p_password, $p_issue_attachment_id)
{
    $t_user_id = mci_check_login($p_username, $p_password);
    if ($t_user_id === false) {
        return mci_soap_fault_login_failed();
    }
    $t_bug_id = file_get_field($p_issue_attachment_id, 'bug_id');
    # Perform access control checks
    $t_attachment_owner = file_get_field($p_issue_attachment_id, 'user_id');
    $t_current_user_is_attachment_owner = $t_attachment_owner == $t_user_id;
    # Factor in allow_delete_own_attachments=ON|OFF
    if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) {
        # Check access against delete_attachments_threshold
        if (!access_has_bug_level(config_get('delete_attachments_threshold'), $t_bug_id, $t_user_id)) {
            return mci_soap_fault_access_denied($t_user_id);
        }
    }
    return file_delete($p_issue_attachment_id, 'bug');
}
Beispiel #4
0
/**
 * Prints the preview of an image file attachment.
 * @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function
 */
function print_bug_attachment_preview_image($p_attachment)
{
    $t_preview_style = 'border: 0;';
    $t_max_width = config_get('preview_max_width');
    if ($t_max_width > 0) {
        $t_preview_style .= ' max-width:' . $t_max_width . 'px;';
    }
    $t_max_height = config_get('preview_max_height');
    if ($t_max_height > 0) {
        $t_preview_style .= ' max-height:' . $t_max_height . 'px;';
    }
    $t_title = file_get_field($p_attachment['id'], 'title');
    $t_image_url = $p_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline');
    echo "\n<div class=\"bug-attachment-preview-image\">";
    echo '<a href="' . string_attribute($p_attachment['download_url']) . '">';
    echo '<img src="' . string_attribute($t_image_url) . '" alt="' . string_attribute($t_title) . '" style="' . string_attribute($t_preview_style) . '" />';
    echo '</a></div>';
}
Beispiel #5
0
function print_bug_attachments_list($p_bug_id)
{
    $t_attachments = file_get_visible_attachments($p_bug_id);
    $t_attachments_count = count($t_attachments);
    $i = 0;
    $image_previewed = false;
    foreach ($t_attachments as $t_attachment) {
        $t_file_display_name = string_display_line($t_attachment['display_name']);
        $t_filesize = number_format($t_attachment['size']);
        $t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']);
        if ($image_previewed) {
            $image_previewed = false;
            echo '<br />';
        }
        if ($t_attachment['can_download']) {
            $t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">';
            $t_href_end = '</a>';
            $t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&amp;type=bug\" target=\"_blank\">^</a>]";
        } else {
            $t_href_start = '';
            $t_href_end = '';
            $t_href_clicket = '';
        }
        if (!$t_attachment['exists']) {
            print_file_icon($t_file_display_name);
            echo '&#160;<span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')';
        } else {
            echo $t_href_start;
            print_file_icon($t_file_display_name);
            echo $t_href_end . '&#160;' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>';
        }
        if ($t_attachment['can_delete']) {
            echo '&#160;[';
            print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small');
            echo ']';
        }
        if ($t_attachment['exists']) {
            if (FTP == config_get('file_upload_method') && $t_attachment['exists']) {
                echo ' (' . lang_get('cached') . ')';
            }
            if ($t_attachment['preview'] && $t_attachment['type'] == 'text') {
                $c_id = db_prepare_int($t_attachment['id']);
                $t_bug_file_table = db_get_table('mantis_bug_file_table');
                echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>";
                echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>";
                echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]";
                echo "<pre>";
                /** @todo Refactor into a method that gets contents for download / preview. */
                switch (config_get('file_upload_method')) {
                    case DISK:
                        if ($t_attachment['exists']) {
                            $v_content = file_get_contents($t_attachment['diskfile']);
                        }
                        break;
                    case FTP:
                        if (file_exists($t_attachment['exists'])) {
                            file_get_contents($t_attachment['diskfile']);
                        } else {
                            $ftp = file_ftp_connect();
                            file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']);
                            file_ftp_disconnect($ftp);
                            $v_content = file_get_contents($t_attachment['diskfile']);
                        }
                        break;
                    default:
                        $query = "SELECT *\n\t                  \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t            \t\t\tWHERE id=" . db_param();
                        $result = db_query_bound($query, array($c_id));
                        $row = db_fetch_array($result);
                        $v_content = $row['content'];
                }
                echo htmlspecialchars($v_content);
                echo "</pre></span>\n";
            }
            if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') {
                $t_preview_style = 'border: 0;';
                $t_max_width = config_get('preview_max_width');
                if ($t_max_width > 0) {
                    $t_preview_style .= ' max-width:' . $t_max_width . 'px;';
                }
                $t_max_height = config_get('preview_max_height');
                if ($t_max_height > 0) {
                    $t_preview_style .= ' max-height:' . $t_max_height . 'px;';
                }
                $t_preview_style = 'style="' . $t_preview_style . '"';
                $t_title = file_get_field($t_attachment['id'], 'title');
                $t_image_url = $t_attachment['download_url'] . '&amp;show_inline=1' . form_security_param('file_show_inline');
                echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}";
                $image_previewed = true;
            }
        }
        if ($i != $t_attachments_count - 1) {
            echo "<br />\n";
            $i++;
        }
    }
}
require_api('database_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('utility_api.php');
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) {
    access_denied();
}
$f_file_id = gpc_get_int('file_id');
$c_file_id = db_prepare_int($f_file_id);
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
$t_proj_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\tFROM {$t_proj_file_table}\n\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_file_id));
$row = db_fetch_array($result);
extract($row, EXTR_PREFIX_ALL, 'v');
$v_title = string_attribute($v_title);
$v_description = string_textarea($v_description);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
html_page_top();
?>

<br />
<div>
<form method="post" enctype="multipart/form-data" action="proj_doc_update.php">
Beispiel #7
0
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
if (is_blank($f_title)) {
    trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$c_file_id = db_prepare_int($f_file_id);
$c_title = db_prepare_string($f_title);
$c_description = db_prepare_string($f_description);
$t_project_file_table = db_get_table('mantis_project_file_table');
/** @todo (thraxisp) this code should probably be integrated into file_api to share methods used to store files */
file_ensure_uploaded($f_file);
extract($f_file, EXTR_PREFIX_ALL, 'v');
if (is_uploaded_file($v_tmp_name)) {
    $t_project_id = helper_get_current_project();
    # grab the original file path and name
    $t_disk_file_name = file_get_field($f_file_id, 'diskfile', 'project');
    $t_file_path = dirname($t_disk_file_name);
    # prepare variables for insertion
    $c_file_name = db_prepare_string($v_name);
    $c_file_type = db_prepare_string($v_type);
    $t_file_size = filesize($v_tmp_name);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
Beispiel #8
0
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: bug_file_delete.php,v 1.30.14.1 2007-10-13 22:32:38 giallu Exp $
# --------------------------------------------------------
# Delete a file from a bug and then view the bug
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'file_api.php';
# helper_ensure_post();
$f_file_id = gpc_get_int('file_id');
$t_bug_id = file_get_field($f_file_id, 'bug_id');
access_ensure_bug_level(config_get('update_bug_threshold'), $t_bug_id);
$t_bug = bug_get($t_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
helper_ensure_confirmed(lang_get('delete_attachment_sure_msg'), lang_get('delete_attachment_button'));
file_delete($f_file_id, 'bug');
print_header_redirect_view($t_bug_id);
Beispiel #9
0
/**
 * Delete File
 * @param integer $p_file_id File identifier.
 * @param string  $p_table   Table identifier.
 * @return boolean
 */
function file_delete($p_file_id, $p_table = 'bug')
{
    $t_upload_method = config_get('file_upload_method');
    $c_file_id = (int) $p_file_id;
    $t_filename = file_get_field($p_file_id, 'filename', $p_table);
    $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
    if ($p_table == 'bug') {
        $t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table);
        $t_project_id = bug_get_field($t_bug_id, 'project_id');
    } else {
        $t_project_id = file_get_field($p_file_id, 'project_id', $p_table);
    }
    if (DISK == $t_upload_method) {
        $t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id);
        if (file_exists($t_local_disk_file)) {
            file_delete_local($t_local_disk_file);
        }
    }
    if ('bug' == $p_table) {
        # log file deletion
        history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_query = 'DELETE FROM ' . $t_file_table . ' WHERE id=' . db_param();
    db_query($t_query, array($c_file_id));
    return true;
}
Beispiel #10
0
function file_delete($p_file_id, $p_table = 'bug')
{
    $t_upload_method = config_get('file_upload_method');
    $c_file_id = db_prepare_int($p_file_id);
    $t_filename = file_get_field($p_file_id, 'filename', $p_table);
    $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
    if ($p_table == 'bug') {
        $t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table);
        $t_project_id = bug_get_field($t_bug_id, 'project_id');
    } else {
        $t_project_id = file_get_field($p_file_id, 'project_id', $p_table);
    }
    if (DISK == $t_upload_method || FTP == $t_upload_method) {
        if (FTP == $t_upload_method) {
            $ftp = file_ftp_connect();
            file_ftp_delete($ftp, $t_diskfile);
            file_ftp_disconnect($ftp);
        }
        $t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id);
        if (file_exists($t_local_disk_file)) {
            file_delete_local($t_local_disk_file);
        }
    }
    if ('bug' == $p_table) {
        # log file deletion
        history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
    }
    $t_file_table = db_get_table('mantis_' . $p_table . '_file_table');
    $query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id=" . db_param();
    db_query_bound($query, array($c_file_id));
    return true;
}
Beispiel #11
0
 * @uses lang_api.php
 * @uses print_api.php
 */
require_once 'core.php';
require_api('access_api.php');
require_api('bug_api.php');
require_api('config_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('bug_file_delete');
$f_file_id = gpc_get_int('file_id');
$t_bug_id = file_get_field($f_file_id, 'bug_id');
$t_bug = bug_get($t_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
    # in case the current project is not the same project of the bug we are viewing...
    # ... override the current project. This to avoid problems with categories and handlers lists etc.
    $g_project_override = $t_bug->project_id;
}
$t_attachment_owner = file_get_field($f_file_id, 'user_id');
$t_current_user_is_attachment_owner = $t_attachment_owner == auth_get_current_user_id();
if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) {
    access_ensure_bug_level(config_get('delete_attachments_threshold'), $t_bug_id);
}
helper_ensure_confirmed(lang_get('delete_attachment_sure_msg'), lang_get('delete_attachment_button'));
file_delete($f_file_id, 'bug');
form_security_purge('bug_file_delete');
print_header_redirect_view($t_bug_id);
Beispiel #12
0
function file_delete($p_file_id, $p_table = 'bug')
{
    $t_upload_method = config_get('file_upload_method');
    $c_file_id = db_prepare_int($p_file_id);
    $t_filename = file_get_field($p_file_id, 'filename', $p_table);
    $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
    if (DISK == $t_upload_method || FTP == $t_upload_method) {
        if (FTP == $t_upload_method) {
            $ftp = file_ftp_connect();
            file_ftp_delete($ftp, $t_diskfile);
            file_ftp_disconnect($ftp);
        }
        if (file_exists($t_diskfile)) {
            file_delete_local($t_diskfile);
        }
    }
    if ('bug' == $p_table) {
        # log file deletion
        $t_bug_id = file_get_field($p_file_id, 'bug_id', 'bug');
        history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
    }
    $t_file_table = config_get('mantis_' . $p_table . '_file_table');
    $query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id='{$c_file_id}'";
    db_query($query);
    return true;
}