get_capability_row(lang_get('delete_own_bugnotes'), 'bugnote_user_delete_threshold'); get_capability_row(lang_get('view_private_notes'), 'private_bugnote_threshold'); get_capability_row(lang_get('change_view_state_own_bugnotes'), 'bugnote_user_change_view_state_threshold'); get_section_end(); # Others get_section_begin_mcwt(lang_get('others')); get_capability_row(lang_get('view') . ' ' . lang_get('changelog_link'), 'view_changelog_threshold'); get_capability_row(lang_get('view') . ' ' . lang_get('assigned_to'), 'view_handler_threshold'); get_capability_row(lang_get('view') . ' ' . lang_get('bug_history'), 'view_history_threshold'); get_capability_row(lang_get('send_reminders'), 'bug_reminder_threshold'); get_section_end(); if ($t_show_submit) { echo "<input type=\"submit\" class=\"button\" value=\"" . lang_get('change_configuration') . "\" />\n"; } echo "</form>\n"; if ($t_show_submit && 0 < count($t_overrides)) { echo "<div class=\"right\"><form name=\"threshold_config_action\" method=\"post\" action=\"manage_config_revert.php\">\n"; echo form_security_field('manage_config_revert'); echo "<input name=\"revert\" type=\"hidden\" value=\"" . implode(',', $t_overrides) . "\"></input>"; echo "<input name=\"project\" type=\"hidden\" value=\"{$t_project_id}\"></input>"; echo "<input name=\"return\" type=\"hidden\" value=\"" . form_action_self() . "\"></input>"; echo "<input type=\"submit\" class=\"button\" value=\""; if (ALL_PROJECTS == $t_project_id) { echo lang_get('revert_to_system'); } else { echo lang_get('revert_to_all_project'); } echo "\" />\n"; echo "</form></div>\n"; } html_page_bottom();
/** * Generate the intermediate authentication page. * @param integer User ID * @param string Username * @return bool * @access public */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top(); ?> <div align="center"> <p> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br/><font color="red">', lang_get('login_error'), '</font>'; } ?> </p> <form name="reauth_form" method="post" action="<?php echo form_action_self(); ?> "> <?php # CSRF protection not required here - user needs to enter password # (confirmation step) before the form is accepted. print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); ?> <input type="hidden" name="_authenticate" value="1" /> <table class="width50 center"> <tr> <td class="form-title" colspan="2"><?php echo lang_get('reauthenticate_title'); ?> </td> </tr> <tr class="row-1"> <th class="category"><?php echo lang_get('username'); ?> </th> <td><input type="text" disabled="disabled" size="32" maxlength="<?php echo USERLEN; ?> " value="<?php echo string_attribute($p_username); ?> " /></td> </tr> <tr class="row-2"> <th class="category"><?php echo lang_get('password'); ?> </th> <td><input type="password" name="password" size="16" maxlength="<?php echo PASSLEN; ?> " class="autofocus" /></td> </tr> <tr> <td class="center" colspan="2"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></td> </tr> </table> </form> </div> <?php html_page_bottom(); exit; }
} get_capability_row_for_email(lang_get('email_on_relationship_changed'), 'relation'); $t_statuses = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string')); foreach ($t_statuses as $t_status => $t_label) { get_capability_row_for_email(lang_get('status_changed_to') . ' \'' . get_enum_element('status', $t_status) . '\'', $t_label); } get_section_end_for_email(); if ($g_can_change_flags || $g_can_change_defaults) { echo '<p>' . lang_get('notify_actions_change_access') . "\n"; echo '<select name="notify_actions_access">' . "\n"; print_enum_string_option_list('access_levels', config_get_access('notify_flags')); echo "\n</select></p>"; echo '<input type="submit" class="button" value="' . lang_get('change_configuration') . '" />' . "\n"; echo "</form>\n"; echo '<div class="right">' . "\n"; echo '<form id="mail_config_action" method="post" action="manage_config_revert.php">' . "\n"; echo form_security_field('manage_config_revert') . "\n"; echo '<input name="revert" type="hidden" value="notify_flags,default_notify_flags" />' . "\n"; echo '<input name="project" type="hidden" value="' . $t_project . '" />' . "\n"; echo '<input name="return" type="hidden" value="' . string_attribute(form_action_self()) . '" />' . "\n"; echo '<input type="submit" class="button" value="'; if (ALL_PROJECTS == $t_project) { echo lang_get('revert_to_system'); } else { echo lang_get('revert_to_all_project'); } echo '" />' . "\n"; echo "</form></div>\n"; } } html_page_bottom();
get_capability_row_for_email(lang_get('email_on_sponsorship_changed'), 'sponsor'); } get_capability_row_for_email(lang_get('email_on_relationship_changed'), 'relation'); $t_statuses = MantisEnum::getAssocArrayIndexedByValues(config_get('status_enum_string')); foreach ($t_statuses as $t_status => $t_label) { get_capability_row_for_email(lang_get('status_changed_to') . ' \'' . get_enum_element('status', $t_status) . '\'', $t_label); } get_section_end_for_email(); if ($t_can_change_flags || $t_can_change_defaults) { echo '<p>' . lang_get('notify_actions_change_access'); echo '<select name="notify_actions_access">'; print_enum_string_option_list('access_levels', config_get_access('notify_flags')); echo '</select> </p>'; echo "<input type=\"submit\" class=\"button\" value=\"" . lang_get('change_configuration') . "\" />\n"; echo "</form>\n"; echo "<div class=\"right\"><form name=\"mail_config_action\" method=\"post\" action=\"manage_config_revert.php\">\n"; echo form_security_field('manage_config_revert'); echo "<input name=\"revert\" type=\"hidden\" value=\"notify_flags,default_notify_flags\"></input>"; echo "<input name=\"project\" type=\"hidden\" value=\"{$t_project}\"></input>"; echo "<input name=\"return\" type=\"hidden\" value=\"" . string_attribute(form_action_self()) . "\"></input>"; echo "<input type=\"submit\" class=\"button\" value=\""; if (ALL_PROJECTS == $t_project) { echo lang_get('revert_to_system'); } else { echo lang_get('revert_to_all_project'); } echo "\" />\n"; echo "</form></div>\n"; } } html_page_bottom();
$t_bugnote_stats_to_y = gpc_get_int('end_year', $t_bugnote_stats_to_def_y); $f_get_bugnote_stats_button = gpc_get_string('get_bugnote_stats_button', ''); # Retrieve the cost as a string and convert to floating point $f_bugnote_cost = floatval(gpc_get_string('bugnote_cost', '')); $f_project_id = helper_get_current_project(); if (ON == config_get('time_tracking_with_billing')) { $t_cost_col = true; } else { $t_cost_col = false; } # Time tracking date range input form # CSRF protection not required here - form does not result in modifications ?> <form method="post" action="<?php echo string_attribute(form_action_self()); ?> "> <input type="hidden" name="id" value="<?php echo isset($f_bug_id) ? $f_bug_id : 0; ?> " /> <table border="0" class="width100" cellspacing="0"> <tr> <td class="form-title" colspan="4"> <?php collapse_icon('bugnotestats'); echo lang_get('time_tracking'); ?> </td> </tr>
/** * Check whether the user has confirmed this action. * * If the user has not confirmed the action, generate a page which asks * the user to confirm and then submits a form back to the current page * with all the GET and POST data and an additional field called _confirmed * to indicate that confirmation has been done. * @param string $p_message * @param string $p_button_label * @return bool * @todo improve this formatting - to only be about 50% of the screen width so that it doesn't become hard to read. */ function helper_ensure_confirmed($p_message, $p_button_label) { if (true == gpc_get_bool('_confirmed')) { return true; } html_page_top(); echo "<br />\n<div align=\"center\">\n"; print_hr(); echo "\n{$p_message}\n"; echo '<form method="post" action="' . string_attribute(form_action_self()) . "\">\n"; # CSRF protection not required here - user needs to confirm action # before the form is accepted. print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); echo "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n"; echo '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />'; echo "\n</form>\n"; print_hr(); echo "</div>\n"; html_page_bottom(); exit; }
$t_bugnote_stats_from_y = gpc_get_string('start_year', $t_bugnote_stats_from_def_y); $t_bugnote_stats_to_def = date("d:m:Y"); $t_bugnote_stats_to_def_ar = explode(":", $t_bugnote_stats_to_def); $t_bugnote_stats_to_def_d = $t_bugnote_stats_to_def_ar[0]; $t_bugnote_stats_to_def_m = $t_bugnote_stats_to_def_ar[1]; $t_bugnote_stats_to_def_y = $t_bugnote_stats_to_def_ar[2]; $t_bugnote_stats_to_d = gpc_get_string('end_day', $t_bugnote_stats_to_def_d); $t_bugnote_stats_to_m = gpc_get_string('end_month', $t_bugnote_stats_to_def_m); $t_bugnote_stats_to_y = gpc_get_string('end_year', $t_bugnote_stats_to_def_y); $f_get_bugnote_stats_button = gpc_get_string('get_bugnote_stats_button', ''); # Time tracking date range input form # CSRF protection not required here - form does not result in modifications ?> <form method="post" action="<?php echo string_attribute(form_action_self() . '#bugnotestats'); ?> "> <input type="hidden" name="id" value="<?php echo $f_bug_id; ?> " /> <table border=0 class="width100" cellspacing="0"> <tr> <td class="form-title" colspan="4"> <?php collapse_icon('bugnotestats'); echo lang_get('time_tracking'); ?> </td> </tr>
$t_bugnote_stats_to_def_m = $t_bugnote_stats_to_def_ar[1]; $t_bugnote_stats_to_def_y = $t_bugnote_stats_to_def_ar[2]; $t_bugnote_stats_to_d = gpc_get_int('end_day', $t_bugnote_stats_to_def_d); $t_bugnote_stats_to_m = gpc_get_int('end_month', $t_bugnote_stats_to_def_m); $t_bugnote_stats_to_y = gpc_get_int('end_year', $t_bugnote_stats_to_def_y); $f_get_bugnote_stats_button = gpc_get_string('get_bugnote_stats_button', ''); $f_bugnote_cost = gpc_get_int('bugnote_cost', ''); $f_project_id = helper_get_current_project(); if (ON == config_get('time_tracking_with_billing')) { $t_cost_col = true; } else { $t_cost_col = false; } ?> <form method="post" action="<?php echo form_action_self(); ?> "> <?php # CSRF protection not required here - form does not result in modifications ?> <input type="hidden" name="id" value="<?php echo isset($f_bug_id) ? $f_bug_id : 0; ?> " /> <table border="0" class="width100" cellspacing="0"> <tr> <td class="form-title" colspan="4"> <?php collapse_icon('bugnotestats'); ?>