}
        ?>
		</th>
		<td>
			<?php 
        print_custom_field_input($t_def, $f_master_bug_id === 0 ? null : $f_master_bug_id);
        ?>
		</td>
	</tr>
<?php 
    }
}
# foreach( $t_related_custom_field_ids as $t_id )
# File Upload (if enabled)
if ($t_show_attachments) {
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    $t_file_upload_max_num = max(1, config_get('file_upload_max_num'));
    ?>
	<tr>
		<th class="category">
			<label for="file"><?php 
    echo lang_get($t_file_upload_max_num == 1 ? 'upload_file' : 'upload_files');
    ?>
</label>
			<br />
			<?php 
    echo print_max_filesize($t_max_file_size);
    ?>
		</th>
		<td>
			<input type="hidden" name="max_file_size" value="<?php 
}
test_database_utf8();
print_test_row('Checking Register Globals is set to off', !ini_get_bool('register_globals'));
print_test_row('Checking CRYPT_FULL_SALT is NOT logon method', !(CRYPT_FULL_SALT == config_get_global('login_method')));
print_test_warn_row('Warn if passwords are stored in PLAIN text', !(PLAIN == config_get_global('login_method')));
print_test_warn_row('Warn if CRYPT is used (not MD5) for passwords', !(CRYPT == config_get_global('login_method')));
if (config_get_global('allow_file_upload')) {
    print_test_row('Checking that fileuploads are allowed in php (enabled in mantis config)', ini_get_bool('file_uploads'));
    print_info_row('PHP variable "upload_max_filesize"', ini_get_number('upload_max_filesize'));
    print_info_row('PHP variable "post_max_size"', ini_get_number('post_max_size'));
    print_info_row('MantisBT variable "max_file_size"', config_get_global('max_file_size'));
    print_test_row('Checking MantisBT upload file size is less than php', config_get_global('max_file_size') <= ini_get_number('post_max_size') && config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'));
    switch (config_get_global('file_upload_method')) {
        case DATABASE:
            print_info_row('There may also be settings in your web server and database that prevent you from  uploading files or limit the maximum file size.  See the documentation for those packages if you need more information.');
            if (500 < min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get_global('max_file_size'))) {
                print_info_row('<span class="error">Your current settings will most likely need adjustments to the PHP max_execution_time or memory_limit settings, the MySQL max_allowed_packet setting, or equivalent.');
            }
            break;
        case DISK:
            $t_upload_path = config_get_global('absolute_path_default_upload_folder');
            print_test_row('Checking that absolute_path_default_upload_folder has a trailing directory separator: "' . $t_upload_path . '"', DIRECTORY_SEPARATOR == substr($t_upload_path, -1, 1));
            break;
    }
    print_info_row('There may also be settings in your web server that prevent you from  uploading files or limit the maximum file size.  See the documentation for those packages if you need more information.');
}
?>
</table>
<?php 
if ($g_failed_test) {
    ?>
Beispiel #3
0
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
    if (!file_type_check($p_name)) {
        return new soap_fault('Client', '', 'File type not allowed.');
    }
    if (!file_is_name_unique($p_name, $p_id)) {
        return new soap_fault('Client', '', 'Duplicate filename.');
    }
    $t_file_size = strlen($p_content);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        return new soap_fault('Client', '', 'File is too big.');
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_id, 'project_id');
        $t_issue_id = bug_format_id($p_id);
    } else {
        $t_project_id = $p_id;
        $t_issue_id = 0;
    }
    # prepare variables for insertion
    $c_issue_id = db_prepare_int($t_issue_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file_type);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($p_user_id === null) {
        $c_user_id = auth_get_current_user_id();
    } else {
        $c_user_id = (int) $p_user_id;
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if ($t_file_path == '') {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($p_name);
    $t_file_hash = $t_issue_id;
    $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path);
    $c_disk_file_name = db_prepare_string($t_disk_file_name);
    $t_file_size = strlen($p_content);
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
                return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist.");
            }
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                mci_file_write_local($t_disk_file_name, $p_content);
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name);
                    file_ftp_disconnect($conn_id);
                    file_delete_local($t_disk_file_name);
                } else {
                    chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                }
                $c_content = "''";
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string($p_content);
            break;
    }
    $t_file_table = db_get_table($p_table . '_file');
    $c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
    db_query($query);
    # get attachment id
    $t_attachment_id = db_insert_id($t_file_table);
    if ('bug' == $p_table) {
        # updated the last_updated date
        $result = bug_update_date($c_issue_id);
        # log new bug
        history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name);
    }
    return $t_attachment_id;
}
Beispiel #4
0
/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id          The bug id (should be 0 when adding project doc).
 * @param array   $p_file            The uploaded file info, as retrieved from gpc_get_file().
 * @param string  $p_table           Either 'bug' or 'project' depending on attachment type.
 * @param string  $p_title           File title.
 * @param string  $p_desc            File description.
 * @param integer $p_user_id         User id (defaults to current user).
 * @param integer $p_date_added      Date added.
 * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bug attachments).
 * @return void
 */
function file_add($p_bug_id, array $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    $t_org_filename = $t_file_name;
    $t_suffix_id = 1;
    while (!file_is_name_unique($t_file_name, $p_bug_id)) {
        $t_suffix_id++;
        $t_dot_index = strripos($t_org_filename, '.');
        if ($t_dot_index === false) {
            $t_file_name = $t_org_filename . '-' . $t_suffix_id;
        } else {
            $t_extension = substr($t_org_filename, $t_dot_index, strlen($t_org_filename) - $t_dot_index);
            $t_file_name = substr($t_org_filename, 0, $t_dot_index) . '-' . $t_suffix_id . $t_extension;
        }
    }
    antispam_check();
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_id = (int) $p_bug_id;
    } else {
        $t_project_id = helper_get_current_project();
        $t_id = $t_project_id;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($p_date_added <= 0) {
        $p_date_added = db_now();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_unique_name = file_generate_unique_name($t_file_path);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            $t_disk_file_name = $t_file_path . $t_unique_name;
            if (!file_exists($t_disk_file_name)) {
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            $t_file_path = '';
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . '_id';
    $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $t_file_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file['type'], 'date_added' => $p_date_added, 'user_id' => (int) $p_user_id);
    # Oracle has to update BLOBs separately
    if (!db_is_oracle()) {
        $t_param['content'] = $c_content;
    }
    $t_query_param = db_param();
    for ($i = 1; $i < count($t_param); $i++) {
        $t_query_param .= ', ' . db_param();
    }
    $t_query = 'INSERT INTO ' . $t_file_table . '
		( ' . implode(', ', array_keys($t_param)) . ' )
	VALUES
		( ' . $t_query_param . ' )';
    db_query($t_query, array_values($t_param));
    if (db_is_oracle()) {
        db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'");
    }
    if ('bug' == $p_table) {
        # update the last_updated date
        if (!$p_skip_bug_update) {
            bug_update_date($p_bug_id);
        }
        # log file added to bug history
        history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
    }
}
/**
 * MantisBT Check API
 */
require_once 'check_api.php';
require_api('config_api.php');
require_api('constant_inc.php');
require_api('utility_api.php');
check_print_section_header_row('Attachments');
$t_file_uploads_allowed = config_get_global('allow_file_upload');
check_print_info_row('File uploads are allowed', $t_file_uploads_allowed ? 'Yes' : 'No');
if (!$t_file_uploads_allowed) {
    return;
}
check_print_test_row('file_uploads php.ini directive is enabled', ini_get_bool('file_uploads'), array(false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.'));
check_print_info_row('Maximum file upload size (per file)', config_get_global('max_file_size') . ' bytes');
check_print_test_row('max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini', config_get_global('max_file_size') <= ini_get_number('upload_max_filesize'), array(false => 'max_file_size is currently ' . htmlentities(config_get_global('max_file_size')) . ' bytes which is greater than the limit of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes imposed by the php.ini directive upload_max_filesize.'));
$t_use_xsendfile = config_get_global('file_download_xsendfile_enabled');
check_print_info_row('<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled', $t_use_xsendfile ? 'Yes' : 'No');
if ($t_use_xsendfile) {
    check_print_test_row('file_download_xsendfile_enabled = ON requires file_upload_method = DISK', config_get_global('file_upload_method') == DISK, array(false => 'X-Sendfile file downloading only works when files are stored on a disk.'));
    $t_xsendfile_header_name = config_get_global('file_download_xsendfile_header_name');
    if ($t_xsendfile_header_name !== 'X-Sendfile') {
        check_print_info_row('Alternative header name to use for X-Sendfile-like functionality', $t_xsendfile_header_name);
    }
}
$t_finfo_exists = class_exists('finfo');
check_print_test_warn_row('Fileinfo extension is available for determining file MIME types', $t_finfo_exists, array(false => 'Web clients may struggle to download files without knowing the MIME type of each attachment.'));
if ($t_finfo_exists) {
    $t_fileinfo_magic_db_file = config_get_global('fileinfo_magic_db_file');
    if ($t_fileinfo_magic_db_file) {
        check_print_info_row('Name of magic.db file set with the fileinfo_magic_db_file configuration value', config_get_global('fileinfo_magic_db_file'));
Beispiel #6
0
/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id the bug id
 * @param array $p_file the uploaded file info, as retrieved from gpc_get_file()
 */
function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    if (!file_is_name_unique($t_file_name, $p_bug_id)) {
        trigger_error(ERROR_FILE_DUPLICATE, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_bug_id = bug_format_id($p_bug_id);
    } else {
        $t_project_id = helper_get_current_project();
        $t_bug_id = 0;
    }
    if ($p_user_id === null) {
        $c_user_id = auth_get_current_user_id();
    } else {
        $c_user_id = (int) $p_user_id;
    }
    # prepare variables for insertion
    $c_bug_id = db_prepare_int($p_bug_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file['type']);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($t_file_name);
    $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
    $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path);
    $t_disk_file_name = $t_file_path . $t_unique_name;
    $c_unique_name = db_prepare_string($t_unique_name);
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file);
                    file_ftp_disconnect($conn_id);
                }
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = "''";
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table('mantis_' . $p_table . '_file_table');
    $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t  VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
    db_query($query);
    if ('bug' == $p_table) {
        # updated the last_updated date
        $result = bug_update_date($p_bug_id);
        # log new bug
        history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
    }
}
Beispiel #7
0
/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id          The bug id (should be 0 when adding project doc).
 * @param array   $p_file            The uploaded file info, as retrieved from gpc_get_file().
 * @param string  $p_table           Either 'bug' or 'project' depending on attachment type.
 * @param string  $p_title           File title.
 * @param string  $p_desc            File description.
 * @param integer $p_user_id         User id (defaults to current user).
 * @param integer $p_date_added      Date added.
 * @param boolean $p_skip_bug_update Skip bug last modification update (useful when importing bug attachments).
 * @return void
 */
function file_add($p_bug_id, array $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    if (!file_is_name_unique($t_file_name, $p_bug_id)) {
        trigger_error(ERROR_FILE_DUPLICATE, ERROR);
    }
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_id = (int) $p_bug_id;
        $t_bug_id = bug_format_id($p_bug_id);
    } else {
        $t_project_id = helper_get_current_project();
        $t_id = $t_project_id;
        $t_bug_id = 0;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($p_date_added <= 0) {
        $p_date_added = db_now();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_unique_name = file_generate_unique_name($t_file_path);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            $t_disk_file_name = $t_file_path . $t_unique_name;
            if (!file_exists($t_disk_file_name)) {
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            $t_file_path = '';
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . '_id';
    $t_query = 'INSERT INTO ' . $t_file_table . ' ( ' . $t_id_col . ', title, description, diskfile, filename, folder,
		filesize, file_type, date_added, user_id )
	VALUES
		( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
    db_query($t_query, array($t_id, $p_title, $p_desc, $t_unique_name, $t_file_name, $t_file_path, $t_file_size, $p_file['type'], $p_date_added, (int) $p_user_id));
    $t_attachment_id = db_insert_id($t_file_table);
    if (db_is_oracle()) {
        db_update_blob($t_file_table, 'content', $c_content, 'diskfile=\'$t_unique_name\'');
    } else {
        $t_query = 'UPDATE ' . $t_file_table . ' SET content=' . db_param() . ' WHERE id = ' . db_param();
        db_query($t_query, array($c_content, $t_attachment_id));
    }
    if ('bug' == $p_table) {
        # update the last_updated date
        if (!$p_skip_bug_update) {
            bug_update_date($p_bug_id);
        }
        # log file added to bug history
        history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
    }
}
Beispiel #8
0
 public function __construct($p_test_only = FALSE)
 {
     $this->_test_only = $p_test_only;
     $this->_mail_add_bug_reports = plugin_config_get('mail_add_bug_reports');
     $this->_mail_add_bugnotes = plugin_config_get('mail_add_bugnotes');
     $this->_mail_add_complete_email = plugin_config_get('mail_add_complete_email');
     $this->_mail_add_users_from_cc_to = plugin_config_get('mail_add_users_from_cc_to');
     $this->_mail_auto_signup = plugin_config_get('mail_auto_signup');
     $this->_mail_block_attachments_md5 = plugin_config_get('mail_block_attachments_md5');
     $this->_mail_block_attachments_logging = plugin_config_get('mail_block_attachments_logging');
     $this->_mail_bug_priority = plugin_config_get('mail_bug_priority');
     $this->_mail_debug = plugin_config_get('mail_debug');
     $this->_mail_debug_directory = plugin_config_get('mail_debug_directory');
     $this->_mail_debug_show_memory_usage = plugin_config_get('mail_debug_show_memory_usage');
     $this->_mail_delete = plugin_config_get('mail_delete');
     $this->_mail_disposable_email_checker = plugin_config_get('mail_disposable_email_checker');
     $this->_mail_fallback_mail_reporter = plugin_config_get('mail_fallback_mail_reporter');
     $this->_mail_nodescription = plugin_config_get('mail_nodescription');
     $this->_mail_nosubject = plugin_config_get('mail_nosubject');
     $this->_mail_preferred_username = plugin_config_get('mail_preferred_username');
     $this->_mail_preferred_realname = plugin_config_get('mail_preferred_realname');
     $this->_mail_remove_mantis_email = plugin_config_get('mail_remove_mantis_email');
     $this->_mail_remove_replies = plugin_config_get('mail_remove_replies');
     $this->_mail_remove_replies_after = plugin_config_get('mail_remove_replies_after');
     $this->_mail_removed_reply_text = plugin_config_get('mail_removed_reply_text');
     $this->_mail_reporter_id = plugin_config_get('mail_reporter_id');
     $this->_mail_save_from = plugin_config_get('mail_save_from');
     $this->_mail_save_subject_in_note = plugin_config_get('mail_save_subject_in_note');
     $this->_mail_strip_gmail_style_replies = plugin_config_get('mail_strip_gmail_style_replies');
     $this->_mail_strip_signature = plugin_config_get('mail_strip_signature');
     $this->_mail_strip_signature_delim = plugin_config_get('mail_strip_signature_delim');
     $this->_mail_subject_id_regex = plugin_config_get('mail_subject_id_regex');
     $this->_mail_use_bug_priority = plugin_config_get('mail_use_bug_priority');
     $this->_mail_use_message_id = plugin_config_get('mail_use_message_id');
     $this->_mail_use_reporter = plugin_config_get('mail_use_reporter');
     $this->_mp_options['add_attachments'] = config_get('allow_file_upload');
     $this->_mp_options['debug'] = $this->_mail_debug;
     $this->_mp_options['show_mem_usage'] = $this->_mail_debug_show_memory_usage;
     $this->_mp_options['parse_html'] = plugin_config_get('mail_parse_html');
     $this->_allow_file_upload = config_get('allow_file_upload');
     $this->_file_upload_method = config_get('file_upload_method');
     $this->_email_separator1 = config_get('email_separator1');
     $this->_login_method = config_get('login_method');
     $this->_use_ldap_email = config_get('use_ldap_email');
     $this->_plugin_mime_types = config_get('plugin_mime_types');
     $this->_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
     if (!$this->_test_only && $this->_mail_debug) {
         $this->_memory_limit = ini_get('memory_limit');
     }
     // Do we need to temporarily enable emails on a users own actions?
     $t_mail_email_receive_own = plugin_config_get('mail_email_receive_own');
     if ($t_mail_email_receive_own) {
         ERP_set_temporary_overwrite('email_receive_own', ON);
     }
     $this->_functionality_enabled = TRUE;
     // Because of a notice level error in core/email_api.php on line 516 in MantisBT 1.2.0 we need to fill this value
     if (!isset($_SERVER['REMOTE_ADDR'])) {
         $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
     }
     $this->show_memory_usage('Finished __construct');
 }
if ( db_is_mssql() ) {

	$t_mssql_textsize = ini_get_number( 'mssql.textsize' );
	check_print_info_row(
		'php.ini directive: mssql.textsize',
		htmlentities( $t_mssql_textsize )
	);

	check_print_test_warn_row(
		'mssql.textsize php.ini directive is set to -1',
		$t_mssql_textsize == -1,
		array( false => 'The value of the mssql.textsize directive is currently ' . htmlentities( $t_mssql_textsize ) . '. You should set this value to -1 to prevent large text fields being truncated upon being read from the database.' )
	);

	$t_mssql_textlimit = ini_get_number( 'mssql.textlimit' );
	check_print_info_row(
		'php.ini directive: mssql.textlimit',
		htmlentities( $t_mssql_textlimit )
	);

	check_print_test_warn_row(
		'mssql.textlimit php.ini directive is set to -1',
		$t_mssql_textlimit == -1,
		array( false => 'The value of the mssql.textlimit directive is currently ' . htmlentities( $t_mssql_textlimit ) . '. You should set this value to -1 to prevent large text fields being truncated upon being read from the database.' )
	);

}

$t_database_hostname = config_get_global( 'hostname' );
check_print_info_row(
function plugins_releasemgt_file_add($p_tmp_file, $p_file_name, $p_file_type, $p_project_id, $p_version_id, $p_description, $p_file_error)
{
    if (php_version_at_least('4.2.0')) {
        switch ((int) $p_file_error) {
            case UPLOAD_ERR_INI_SIZE:
            case UPLOAD_ERR_FORM_SIZE:
                trigger_error(ERROR_FILE_TOO_BIG, ERROR);
                break;
            case UPLOAD_ERR_PARTIAL:
            case UPLOAD_ERR_NO_FILE:
                trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
                break;
            default:
                break;
        }
    }
    if ('' == $p_tmp_file || '' == $p_file_name) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    if (!is_readable($p_tmp_file)) {
        trigger_error(ERROR_UPLOAD_FAILURE, ERROR);
    }
    if (!plugins_releasemgt_file_is_name_unique($p_file_name, $p_project_id, $p_version_id)) {
        trigger_error(ERROR_DUPLICATE_FILE, ERROR);
    }
    $c_version_id = db_prepare_int($p_version_id);
    $c_project_id = db_prepare_int($p_project_id);
    $c_file_type = db_prepare_string($p_file_type);
    $c_title = db_prepare_string($p_file_name);
    $c_desc = db_prepare_string($p_description);
    $t_file_path = dirname(plugin_config_get('disk_dir', PLUGINS_RELEASEMGT_DISK_DIR_DEFAULT) . DIRECTORY_SEPARATOR . '.') . DIRECTORY_SEPARATOR;
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($p_file_name);
    $t_file_hash = $p_version_id . '-' . $t_project_id;
    $t_disk_file_name = $t_file_path . plugins_releasemgt_file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path);
    $c_disk_file_name = db_prepare_string($t_disk_file_name);
    $t_file_size = filesize($p_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = plugin_config_get('upload_method', PLUGINS_RELEASEMGT_UPLOAD_METHOD_DEFAULT);
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                if (FTP == $t_method) {
                    $conn_id = plugins_releasemgt_file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file);
                    file_ftp_disconnect($conn_id);
                }
                if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) {
                    trigger_error(FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, 0644);
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size));
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = plugin_table('file');
    $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(project_id, version_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t  VALUES\n\t\t\t\t\t\t({$c_project_id}, {$c_version_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . date("Y-m-d H:i:s") . "', '{$c_content}')";
    db_query($query);
    $t_file_id = db_insert_id();
    return $t_file_id;
}
Beispiel #11
0
/**
 * Add a file
 * @param integer $p_id        File id.
 * @param string  $p_name      File name.
 * @param string  $p_content   File content to write.
 * @param string  $p_file_type File type.
 * @param string  $p_table     Database table name.
 * @param string  $p_title     Title.
 * @param string  $p_desc      Description.
 * @param string  $p_user_id   User id.
 * @return mixed
 */
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
    if (!file_type_check($p_name)) {
        return SoapObjectsFactory::newSoapFault('Client', 'File type not allowed.');
    }
    if (!file_is_name_unique($p_name, $p_id)) {
        return SoapObjectsFactory::newSoapFault('Client', 'Duplicate filename.');
    }
    $t_file_size = strlen($p_content);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        return SoapObjectsFactory::newSoapFault('Client', 'File is too big.');
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_id, 'project_id');
        $t_id = (int) $p_id;
        $t_issue_id = bug_format_id($p_id);
    } else {
        $t_project_id = $p_id;
        $t_id = $t_project_id;
        $t_issue_id = 0;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_unique_name = file_generate_unique_name($t_file_path);
    $t_disk_file_name = $t_file_path . $t_unique_name;
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case DISK:
            if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
                return SoapObjectsFactory::newSoapFault('Server', 'Upload folder \'' . $t_file_path . '\' doesn\'t exist.');
            }
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                mci_file_write_local($t_disk_file_name, $p_content);
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = "''";
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string($p_content);
            $t_file_path = '';
            break;
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . '_id';
    $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $p_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file_type, 'date_added' => db_now(), 'user_id' => (int) $p_user_id);
    # Oracle has to update BLOBs separately
    if (!db_is_oracle()) {
        $t_param['content'] = $c_content;
    }
    $t_query_param = db_param();
    for ($i = 1; $i < count($t_param); $i++) {
        $t_query_param .= ', ' . db_param();
    }
    $t_query = 'INSERT INTO ' . $t_file_table . '
		( ' . implode(', ', array_keys($t_param)) . ' )
	VALUES
		( ' . $t_query_param . ' )';
    db_query($t_query, array_values($t_param));
    # get attachment id
    $t_attachment_id = db_insert_id($t_file_table);
    if (db_is_oracle()) {
        db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'");
    }
    if ('bug' == $p_table) {
        # bump the last_updated date
        bug_update_date($t_issue_id);
        # add history entry
        history_log_event_special($t_issue_id, FILE_ADDED, $p_name);
    }
    return $t_attachment_id;
}
check_print_test_row(
	'file_uploads php.ini directive is enabled',
	ini_get_bool( 'file_uploads' ),
	array( false => 'The file_uploads directive in php.ini must be enabled in order for file uploads to work with MantisBT.' )
);

check_print_info_row(
	'Maximum file upload size (per file)',
	config_get_global( 'max_file_size' ) . ' bytes'
);

check_print_test_row(
	'max_file_size MantisBT option is less than or equal to the upload_max_filesize directive in php.ini',
	config_get_global( 'max_file_size' ) <= ini_get_number( 'upload_max_filesize' ),
	array( false => 'max_file_size is currently ' . htmlentities( config_get_global( 'max_file_size' ) ) . ' bytes which is greater than the limit of ' . htmlentities( ini_get_number( 'upload_max_filesize' ) ) . ' bytes imposed by the php.ini directive upload_max_filesize.' )
);

$t_use_xsendfile = config_get_global( 'file_download_xsendfile_enabled' );
check_print_info_row(
	'<a href="http://www.google.com/search?q=x-sendfile">X-Sendfile</a> file download technique enabled',
	$t_use_xsendfile ? 'Yes' : 'No'
);

if( $t_use_xsendfile ) {
	check_print_test_row(
		'file_download_xsendfile_enabled = ON requires file_upload_method = DISK',
		config_get_global( 'file_upload_method' ) == DISK,
		array( false => 'X-Sendfile file downloading only works when files are stored on a disk.' )
	);
Beispiel #13
0
check_print_test_row('variables_order php.ini directive contains GPCS', stripos($t_variables_order, 'G') !== false && stripos($t_variables_order, 'P') !== false && stripos($t_variables_order, 'C') !== false && stripos($t_variables_order, 'S') !== false, array(false => 'The value of this directive is currently: ' . $t_variables_order));
check_print_test_row('magic_quotes_gpc php.ini directive is disabled', !(function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('magic_quotes_runtime php.ini directive is disabled', !(function_exists('get_magic_quotes_runtime') && @get_magic_quotes_runtime()), array(false => 'PHP\'s magic quotes feature is <a href="http://www.php.net/manual/en/security.magicquotes.whynot.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_row('register_globals php.ini directive is disabled', !ini_get_bool('register_globals'), array(false => 'PHP\'s register globals feature is <a href="http://php.net/manual/en/security.globals.php">deprecated in PHP 5.3.0</a> and should not be used.'));
check_print_test_warn_row('register_argc_argv php.ini directive is disabled', !ini_get_bool('register_argc_argv'), array(false => 'This directive should be disabled to increase performance (it only affects PHP in CLI mode).'));
check_print_test_warn_row('register_long_arrays php.ini directive is disabled', !ini_get_bool('register_long_arrays'), array(false => 'This directive is deprecated in PHP 5.3.0 and should be disabled for performance reasons.'));
check_print_test_warn_row('auto_globals_jit php.ini directive is enabled', ini_get_bool('auto_globals_jit'), array(false => 'This directive is currently disabled: enable it for a performance gain.'));
check_print_test_warn_row('display_errors php.ini directive is disabled', !ini_get_bool('display_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));
check_print_test_warn_row('display_startup_errors php.ini directive is disabled', !ini_get_bool('display_startup_errors'), array(false => 'For security reasons this directive should be disabled on all production and Internet facing servers.'));
check_print_test_warn_row('PHP errors are being logged or reported', ini_get_bool('display_errors') || ini_get_bool('log_errors'), array(false => 'PHP is not currently set to log or report errors and thus you may be unaware of PHP errors that occur.'));
check_print_info_row('php.ini directive: memory_limit', htmlentities(ini_get_number('memory_limit')) . ' bytes');
check_print_info_row('php.ini directive: post_max_size', htmlentities(ini_get_number('post_max_size')) . ' bytes');
check_print_test_row('memory_limit php.ini directive is at least equal to the post_max_size directive', ini_get_number('memory_limit') >= ini_get_number('post_max_size'), array(false => 'The current value of the memory_limit directive is ' . htmlentities(ini_get_number('memory_limit')) . ' bytes. This value needs to be at least equal to the post_max_size directive value of ' . htmlentities(ini_get_number('post_max_size')) . ' bytes.'));
check_print_info_row('File uploads are enabled (php.ini directive: file_uploads)', ini_get_bool('file_uploads') ? 'Yes' : 'No');
check_print_info_row('php.ini directive: upload_max_filesize', htmlentities(ini_get_number('upload_max_filesize')) . ' bytes');
check_print_test_row('post_max_size php.ini directive is at least equal to the upload_max_size directive', ini_get_number('post_max_size') >= ini_get_number('upload_max_filesize'), array(false => 'The current value of the post_max_size directive is ' . htmlentities(ini_get_number('post_max_size')) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities(ini_get_number('upload_max_filesize')) . ' bytes.'));
$t_disabled_functions = explode(',', ini_get('disable_functions'));
foreach ($t_disabled_functions as $t_disabled_function) {
    $t_disabled_function = trim($t_disabled_function);
    if ($t_disabled_function && substr($t_disabled_function, 0, 6) != 'pcntl_') {
        check_print_test_warn_row('<em>' . $t_disabled_function . '</em> function is enabled', false, 'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.');
    }
}
$t_disabled_classes = explode(',', ini_get('disable_classes'));
foreach ($t_disabled_classes as $t_disabled_class) {
    $t_disabled_class = trim($t_disabled_class);
    if ($t_disabled_class) {
        check_print_test_warn_row('<em>' . $t_disabled_class . '</em> class is enabled', false, 'This class has been disabled by the disable_classes php.ini directive. MantisBT may not operate correctly with this class disabled.');
    }
}
# Print additional information from php.ini to assist debugging (see http://www.php.net/manual/en/ini.list.php)
Beispiel #14
0
);

check_print_info_row(
	'File uploads are enabled (php.ini directive: file_uploads)',
	ini_get_bool( 'file_uploads' ) ? 'Yes' : 'No'
);

check_print_info_row(
	'php.ini directive: upload_max_filesize',
	htmlentities( ini_get_number( 'upload_max_filesize' ) ) . ' bytes'
);

check_print_test_row(
	'post_max_size php.ini directive is at least equal to the upload_max_size directive',
	ini_get_number( 'post_max_size' ) >= ini_get_number( 'upload_max_filesize' ),
	array( false => 'The current value of the post_max_size directive is ' . htmlentities( ini_get_number( 'post_max_size' ) ) . ' bytes. This value needs to be at least equal to the upload_max_size directive value of ' . htmlentities( ini_get_number( 'upload_max_filesize' ) ) . ' bytes.' )
);

$t_disabled_functions = explode( ',', ini_get( 'disable_functions' ) );
foreach( $t_disabled_functions as $t_disabled_function ) {
	$t_disabled_function = trim( $t_disabled_function );
	if( $t_disabled_function ) {
		check_print_test_warn_row(
			'<em>' . $t_disabled_function . '</em> function is enabled',
			false,
			'This function has been disabled by the disable_functions php.ini directive. MantisBT may not operate correctly with this function disabled.'
		);
	}
}

$t_disabled_classes = explode( ',', ini_get( 'disable_classes' ) );
Beispiel #15
0
/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id the bug id (should be 0 when adding project doc)
 * @param array $p_file the uploaded file info, as retrieved from gpc_get_file()
 * @param string $p_table 'bug' or 'project' depending on attachment type
 * @param string $p_title file title
 * @param string $p_desc file description
 * @param int $p_user_id user id (defaults to current user)
 * @param int $p_date_added date added
 * @param bool $p_skip_bug_update skip bug last modification update (useful when importing bug attachments)
 */
function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    if (!file_is_name_unique($t_file_name, $p_bug_id)) {
        trigger_error(ERROR_FILE_DUPLICATE, ERROR);
    }
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_id = (int) $p_bug_id;
        $t_bug_id = bug_format_id($p_bug_id);
    } else {
        $t_project_id = helper_get_current_project();
        $t_id = $t_project_id;
        $t_bug_id = 0;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($p_date_added <= 0) {
        $p_date_added = db_now();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
    $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path);
    $t_disk_file_name = $t_file_path . $t_unique_name;
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file);
                    file_ftp_disconnect($conn_id);
                }
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . "_id";
    $t_query_fields = "\n\t\t{$t_id_col}, title, description, diskfile, filename, folder,\n\t\tfilesize, file_type, date_added, user_id";
    $t_param = array($t_id, $p_title, $p_desc, $t_unique_name, $t_file_name, $t_file_path, $t_file_size, $p_file['type'], $p_date_added, (int) $p_user_id);
    # oci8 stores contents in a BLOB, which is updated separately
    if (!db_is_oracle()) {
        $t_query_fields .= ", content";
        $t_param[] = $c_content;
    }
    $t_query_param = db_param();
    for ($i = 1; $i < count($t_param); $i++) {
        $t_query_param .= ", " . db_param();
    }
    $t_query = "INSERT INTO {$t_file_table} ( {$t_query_fields} )\n\tVALUES\n\t\t( {$t_query_param} )";
    db_query_bound($t_query, $t_param);
    if (db_is_oracle()) {
        db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'");
    }
    if ('bug' == $p_table) {
        # update the last_updated date
        if (!$p_skip_bug_update) {
            $result = bug_update_date($p_bug_id);
        }
        # log file added to bug history
        history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
    }
}
Beispiel #16
0
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

auth_reauthenticate( );

html_page_top( plugin_lang_get( 'import' ) );

$t_this_page = plugin_page('import'); //FIXME with plugins this does not work...
print_manage_menu( $t_this_page );

$t_max_file_size = (int)min(
	ini_get_number( 'upload_max_filesize' ),
	ini_get_number( 'post_max_size' ),
	config_get( 'max_file_size' )
);

// We need a project to import into
$t_project_id = helper_get_current_project( );
if( ALL_PROJECTS == $t_project_id ) {
	print_header_redirect( "login_select_proj_page.php?ref=$t_this_page" );
}

?>

<div class="center">
<form name="file_upload" method="post" enctype="multipart/form-data" action="<?php echo plugin_page( 'import_action' )?>">
<?php echo form_security_field( 'plugin_xml_import_action' ) ?>