private function updateGerritServers(Codendi_Request $request)
{
$request_gerrit_servers = $request->get('gerrit_servers');
if (is_array($request_gerrit_servers)) {
$this->csrf->check();
$this->fetchGerritServers();
$this->updateServers($request_gerrit_servers);
$GLOBALS['Response']->redirect('/plugins/git/admin/?pane=gerrit_servers_admin');
}
}
public function update()
{
$this->csrf->check();
$updated = false;
$updated |= $this->updateAccessValue();
$updated |= $this->updateProjectAdminValue();
if ($updated) {
$this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated'));
}
$this->redirectToIndex();
}
public function process(Codendi_Request $request, Response $response, PFUser $user)
{
$this->checkUserIsSiteadmin($user, $response);
switch ($request->get('action')) {
case 'update':
$this->csrf->check();
$this->controller->update($request, $response);
break;
default:
$this->controller->index($this->csrf, $response);
}
}
function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager)
{
$request = HTTPRequest::instance();
if (!$request->isPost() || !$request->exist('Update')) {
return 0;
}
$csrf->check();
// check against old pw
$user_manager = UserManager::instance();
$user = $user_manager->getUserById($user_id);
if ($user === null) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found'));
return 0;
}
$password_expiration_checker = new User_PasswordExpirationChecker();
$password_handler = PasswordHandlerFactory::getPasswordHandler();
$login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler);
if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password'));
return 0;
}
try {
$status_manager = new User_UserStatusManager();
$status_manager->checkStatus($user);
} catch (User_StatusInvalidException $exception) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive'));
return 0;
}
if (!$request->exist('form_pw')) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed'));
return 0;
}
if ($request->get('form_pw') != $request->get('form_pw2')) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match'));
return 0;
}
if ($request->get('form_pw') === $request->get('form_oldpw')) {
$GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password'));
return 0;
}
if (!account_pwvalid($request->get('form_pw'), $errors)) {
foreach ($errors as $e) {
$GLOBALS['Response']->addFeedback('error', $e);
}
return 0;
}
// if we got this far, it must be good
$user->setPassword($request->get('form_pw'));
if (!$user_manager->updateDb($user)) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update'));
return 0;
}
return 1;
}
public function site_update_allowed_project_list(HTTPRequest $request)
{
$this->assertSiteAdmin($request);
$token = new CSRFSynchronizerToken('/plugins/mediawiki/forge_admin?action=site_update_allowed_project_list');
$token->check();
$project_to_add = $request->get('project-to-allow');
if ($request->get('allow-project') && !empty($project_to_add)) {
$this->allowProject($project_to_add);
}
$GLOBALS['Response']->redirect('/plugins/mediawiki/forge_admin?action=site_index');
}
public function updateProject(HTTPRequest $request)
{
$this->checkAccess($request);
$token = new CSRFSynchronizerToken('/plugins/phpwiki/admin.php?action=update_project');
$token->check();
$project_to_add = $request->get('project-to-allow');
if ($request->get('allow-project') && !empty($project_to_add)) {
$this->migrateProject($project_to_add);
}
$GLOBALS['Response']->redirect('/plugins/phpwiki/admin.php?action=index');
}
public function update()
{
$this->csrf->check();
if ($this->request->get('use_standard_homepage')) {
$this->dao->useStandardHomepage();
} else {
$this->dao->doNotUseStandardHomepage();
}
$headlines = $this->request->get('headlines');
if (is_array($headlines)) {
$this->dao->save($headlines);
}
if ($this->request->get('remove_custom_logo')) {
$this->removeCustomLogo();
}
$this->moveUploadedLogo();
if (!$this->response->feedbackHasWarningsOrErrors()) {
$this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated'));
}
$this->redirectToIndex();
}
public function updateProject(HTTPRequest $request)
{
$token = new CSRFSynchronizerToken('/admin/svn/svn_tokens.php?action=update_project');
$token->check();
$project_to_add = $request->get('project-to-allow');
if ($request->get('allow-project') && !empty($project_to_add)) {
$this->allowSVNTokensForProject($project_to_add);
}
$project_ids_to_remove = $request->get('project-ids-to-revoke');
if ($request->get('revoke-project') && !empty($project_ids_to_remove)) {
$this->revokeProjectsAuthorization($project_ids_to_remove);
}
$GLOBALS['Response']->redirect('/admin/svn/svn_tokens.php?action=index');
}
private function deleteMirror(Codendi_Request $request)
{
try {
$this->csrf->check();
$id = $request->get('mirror_id');
$delete = $this->git_mirror_mapper->delete($id);
if (!$delete) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete'));
}
} catch (Git_Mirror_MirrorNotFoundException $e) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete'));
}
$GLOBALS['Response']->redirect('/plugins/git/admin/?pane=mirrors_admin');
}
$vId->required();
if (!$request->valid($vId)) {
$GLOBALS['Response']->redirect('/my');
} else {
$bookmark_id = (int) $request->get('bookmark_id');
}
$vUrl = new Valid_String('bookmark_url');
$vUrl->setErrorMessage('Url is required');
$vUrl->required();
$vTitle = new Valid_String('bookmark_title');
$vTitle->setErrorMessage('Title is required');
$vTitle->required();
$bookmark_url_id = '/my/bookmark_edit.php?bookmark_id=' . $bookmark_id;
$csrf_token = new CSRFSynchronizerToken($bookmark_url_id);
if ($request->isPost() && $request->valid($vUrl) && $request->valid($vTitle)) {
$csrf_token->check();
$bookmark_url = $request->get('bookmark_url');
$bookmark_title = $request->get('bookmark_title');
my_check_bookmark_URL($bookmark_url, $bookmark_url_id);
bookmark_edit($bookmark_id, $bookmark_url, $bookmark_title);
$GLOBALS['Response']->redirect('/my');
}
$purifier = Codendi_HTMLPurifier::instance();
$HTML->header(array("title" => $Language->getText('bookmark_edit', 'title')));
print "<H3>" . $Language->getText('bookmark_edit', 'title') . "</H3>\n";
$result = db_query("SELECT * from user_bookmarks where " . "bookmark_id=" . db_ei($bookmark_id) . " and user_id=" . db_ei(user_getid()));
if ($result) {
$bookmark_url = db_result($result, 0, 'bookmark_url');
$bookmark_title = db_result($result, 0, 'bookmark_title');
}
?>
* (at your option) any later version.
*
* Tuleap is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
*/
require_once 'pre.php';
require_once 'common/mail/Codendi_Mail.class.php';
require_once 'common/mail/MassmailSender.class.php';
require_once 'common/include/CSRFSynchronizerToken.class.php';
$csrf = new CSRFSynchronizerToken('massmail_to_project_members.php');
$csrf->check('/my/');
$request = HTTPRequest::instance();
$pm = ProjectManager::instance();
$user = $request->getCurrentUser();
$group_id = $request->get('group_id');
$subject = $request->get('subject');
$body = $request->get('body');
$project = $pm->getProject($group_id);
$members = $project->getMembers();
$project_name = $project->getPublicName();
$massmail_sender = new MassmailSender();
$is_sent = $massmail_sender->sendMassmail($project, $user, $subject, $body, $members);
if ($is_sent) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('my_index', 'mail_sent', array($project_name)));
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('my_index', 'mail_not_sent', array($project_name)));
protected function checkSynchronizerToken($url)
{
$token = new CSRFSynchronizerToken($url);
$token->check();
}
public function process(Tracker_IDisplayTrackerLayout $layout, $request, $current_user)
{
//TODO: log the admin actions (add a formElement, ...) ?
$hp = Codendi_HTMLPurifier::instance();
$func = (string) $request->get('func');
switch ($func) {
case 'new-artifact':
if ($this->userCanSubmitArtifact($current_user)) {
$this->displaySubmit($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'get-create-in-place':
if ($this->userCanSubmitArtifact($current_user)) {
$artifact_link_id = $request->get('artifact-link-id');
$render_with_javascript = $request->get('fetch-js') == 'false' ? false : true;
$renderer = new Tracker_Artifact_Renderer_CreateInPlaceRenderer($this, TemplateRendererFactory::build()->getRenderer(dirname(TRACKER_BASE_DIR) . '/templates'));
$renderer->display($artifact_link_id, $render_with_javascript);
} else {
$GLOBALS['Response']->send400JSONErrors();
}
break;
case 'new-artifact-link':
$link = $request->get('id');
if ($this->userCanSubmitArtifact($current_user)) {
$this->displaySubmit($layout, $request, $current_user, $link);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
}
break;
case 'delete':
if ($this->userCanDeleteTracker($current_user)) {
if ($this->getTrackerFactory()->markAsDeleted($this->id)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'delete_success', $hp->purify($this->name, CODENDI_PURIFIER_CONVERT_HTML)));
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'tracker_deleted', $GLOBALS['sys_email_admin']), CODENDI_PURIFIER_FULL);
$reference_manager = ReferenceManager::instance();
$ref = $reference_manager->loadReferenceFromKeywordAndNumArgs(strtolower($this->getItemName()), $this->getGroupId(), 1);
if ($ref) {
if ($reference_manager->deleteReference($ref)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_reference', 't_r_deleted'));
}
}
EventManager::instance()->processEvent(TRACKER_EVENT_TRACKER_DELETE, array('tracker' => $this));
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'deletion_failed', $hp->purify($this->name, CODENDI_PURIFIER_CONVERT_HTML)));
}
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
}
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?group_id=' . $this->group_id);
break;
case 'admin':
if ($this->userIsAdmin($current_user)) {
$this->displayAdmin($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-editoptions':
if ($this->userIsAdmin($current_user)) {
if ($request->get('update')) {
$this->editOptions($request);
}
$this->displayAdminOptions($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-perms':
if ($this->userIsAdmin($current_user)) {
$this->displayAdminPerms($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-perms-tracker':
if ($this->userIsAdmin($current_user)) {
$this->getPermissionController()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-perms-fields':
if ($this->userIsAdmin($current_user)) {
if ($request->exist('update')) {
if ($request->exist('permissions') && is_array($request->get('permissions'))) {
plugin_tracker_permission_process_update_fields_permissions($this->getGroupId(), $this->getId(), Tracker_FormElementFactory::instance()->getUsedFields($this), $request->get('permissions'));
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_userperms', 'perm_upd'));
}
}
$this->displayAdminPermsFields($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-formElements':
if ($this->userIsAdmin($current_user)) {
if (is_array($request->get('add-formElement'))) {
list($formElement_id, ) = each($request->get('add-formElement'));
if (Tracker_FormElementFactory::instance()->addFormElement($formElement_id)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'field_added'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . (int) $this->getId() . '&func=admin-formElements');
}
} else {
if (is_array($request->get('create-formElement'))) {
list($type, ) = each($request->get('create-formElement'));
if ($request->get('docreate-formElement') && is_array($request->get('formElement_data'))) {
try {
$this->createFormElement($type, $request->get('formElement_data'), $current_user);
} catch (Exception $e) {
$GLOBALS['Response']->addFeedback('error', $e->getMessage());
}
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?' . http_build_query(array('tracker' => $this->getId(), 'func' => $func)));
} else {
Tracker_FormElementFactory::instance()->displayAdminCreateFormElement($layout, $request, $current_user, $type, $this);
exit;
}
}
}
$this->displayAdminFormElements($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-formElement-update':
case 'admin-formElement-remove':
case 'admin-formElement-delete':
if ($this->userIsAdmin($current_user)) {
if ($formElement = Tracker_FormElementFactory::instance()->getFormElementById((int) $request->get('formElement'))) {
$formElement->process($layout, $request, $current_user);
} else {
$this->displayAdminFormElements($layout, $request, $current_user);
}
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-semantic':
if ($this->userIsAdmin($current_user)) {
$this->getTrackerSemanticManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-notifications':
if ($this->userIsAdmin($current_user)) {
$this->getDateReminderManager()->processReminder($layout, $request, $current_user);
$this->getNotificationsManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'notifications':
// you just need to be registered to have access to this part
if ($current_user->isLoggedIn()) {
$this->getDateReminderManager()->processReminder($layout, $request, $current_user);
$this->getNotificationsManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'display_reminder_form':
print $this->getDateReminderManager()->getDateReminderRenderer()->getNewDateReminderForm();
break;
case 'admin-canned':
// TODO : project members can access this part ?
if ($this->userIsAdmin($current_user)) {
$this->getCannedResponseManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case Workflow::FUNC_ADMIN_RULES:
case Workflow::FUNC_ADMIN_CROSS_TRACKER_TRIGGERS:
case Workflow::FUNC_ADMIN_TRANSITIONS:
case Workflow::FUNC_ADMIN_GET_TRIGGERS_RULES_BUILDER_DATA:
case Workflow::FUNC_ADMIN_ADD_TRIGGER:
case Workflow::FUNC_ADMIN_DELETE_TRIGGER:
if ($this->userIsAdmin($current_user)) {
$this->getWorkflowManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-csvimport':
$session = new Codendi_Session();
if ($this->userIsAdmin($current_user)) {
if ($request->exist('action') && $request->get('action') == 'import_preview' && array_key_exists('csv_filename', $_FILES)) {
// display preview before importing artifacts
$this->displayImportPreview($layout, $request, $current_user, $session);
} elseif ($request->exist('action') && $request->get('action') == 'import') {
$csv_header = $session->get('csv_header');
$csv_body = $session->get('csv_body');
if ($this->importFromCSV($layout, $request, $current_user, $csv_header, $csv_body)) {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_import', 'import_succeed'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin_import', 'import_failed'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
}
$this->displayAdminCSVImport($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-export':
if ($this->userIsAdmin($current_user)) {
// TODO: change directory
$xml_element = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?><tracker />');
$this->sendXML($this->exportToXML($xml_element));
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-dependencies':
if ($this->userIsAdmin($current_user)) {
$this->getGlobalRulesManager()->process($layout, $request, $current_user);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'submit-artifact':
$action = new Tracker_Action_CreateArtifact($this, $this->getTrackerArtifactFactory(), $this->getTrackerFactory(), $this->getFormElementFactory());
$action->process($layout, $request, $current_user);
break;
case 'submit-copy-artifact':
$logger = new Tracker_XML_Importer_CopyArtifactInformationsAggregator(new BackendLogger());
$xml_importer = $this->getArtifactXMLImporterForArtifactCopy($logger);
$artifact_factory = $this->getTrackerArtifactFactory();
$file_xml_updater = $this->getFileXMLUpdater();
$export_children_collector = $this->getChildrenCollector($request);
$file_path_xml_exporter = new Tracker_XML_Exporter_LocalAbsoluteFilePathXMLExporter();
$artifact_xml_exporter = $this->getArtifactXMLExporter($export_children_collector, $file_path_xml_exporter, $current_user);
$action = new Tracker_Action_CopyArtifact($this, $artifact_factory, $artifact_xml_exporter, $xml_importer, $this->getChangesetXMLUpdater(), $file_xml_updater, new Tracker_XML_Exporter_ChildrenXMLExporter($artifact_xml_exporter, $file_xml_updater, $artifact_factory, $export_children_collector), new Tracker_XML_Importer_ChildrenXMLImporter($xml_importer, $this->getTrackerFactory(), $this->getTrackerArtifactFactory(), new Tracker_XML_ChildrenCollector()), new Tracker_XML_Importer_ArtifactImportedMapping(), $logger);
$action->process($layout, $request, $current_user);
break;
case 'submit-artifact-in-place':
$action = new Tracker_Action_CreateArtifactFromModal($request, $this, $this->getTrackerArtifactFactory());
$action->process($current_user);
break;
case 'admin-hierarchy':
if ($this->userIsAdmin($current_user)) {
$this->displayAdminItemHeader($layout, 'hierarchy');
$this->getHierarchyController($request)->edit();
$this->displayFooter($layout);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-hierarchy-update':
if ($this->userIsAdmin($current_user)) {
$this->getHierarchyController($request)->update();
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-clean':
if ($this->userIsAdmin($current_user)) {
$this->displayAdminClean($layout);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-delete-artifact-confirm':
if ($this->userIsAdmin($current_user)) {
$token = new CSRFSynchronizerToken(TRACKER_BASE_URL . '/?tracker=' . (int) $this->id . '&func=admin-delete-artifact-confirm');
$token->check();
$artifact_id = $request->getValidated('id', 'uint', 0);
$artifact = $this->getTrackerArtifactFactory()->getArtifactById($artifact_id);
if ($artifact) {
$this->displayAdminConfirmDelete($layout, $artifact);
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_error_noart', array($request->get('id'))));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId() . '&func=admin-clean');
}
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'admin-delete-artifact':
if ($this->userIsAdmin($current_user)) {
$token = new CSRFSynchronizerToken(TRACKER_BASE_URL . '/?tracker=' . (int) $this->id . '&func=admin-delete-artifact');
$token->check();
if ($request->exist('confirm')) {
$artifact = $this->getTrackerArtifactFactory()->getArtifactById($request->get('id'));
if ($artifact && $artifact->getTrackerId() == $this->getId()) {
$artifact->delete($current_user);
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_info_deleted', array($request->get('id'))));
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_error_noart', array($request->get('id'))));
}
} else {
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_cancel_deleted'));
}
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId() . '&func=admin');
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
break;
case 'create_new_public_report':
if (!$this->userIsAdmin($current_user)) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
$name = $request->get('new_report_name');
$validator = new Valid_String('new_report_name');
$validator->required();
if (!$request->valid($validator)) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker', 'create_new_report_invalid'));
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
}
$hp = Codendi_HTMLPurifier::instance();
$hp->purify($name);
$report = new Tracker_Report(0, $name, 'Public rapport', 0, 0, null, 0, $this->getId(), 1, null, 0);
$report->criterias = array();
$this->getReportFactory()->saveObject($this->id, $report);
$GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId());
break;
default:
if ($this->userCanView($current_user)) {
$this->displayAReport($layout, $request, $current_user);
}
break;
}
return false;
}
public function updateConfiguration()
{
$token = new CSRFSynchronizerToken('/plugins/agiledashboard/?action=admin');
$token->check();
if (!$this->request->getCurrentUser()->isAdmin($this->group_id)) {
$GLOBALS['Response']->addFeedback(Feedback::ERROR, $GLOBALS['Language']->getText('global', 'perm_denied'));
return;
}
$response = new AgileDashboardConfigurationResponse($this->request->getProject(), $this->request->exist('home-ease-onboarding'));
if ($this->request->exist('activate-kanban')) {
$updater = new AgileDashboardKanbanConfigurationUpdater($this->request, $this->config_manager, $response, new AgileDashboard_FirstKanbanCreator($this->request->getProject(), $this->kanban_manager, $this->tracker_factory, TrackerXmlImport::build()));
} else {
$updater = new AgileDashboardScrumConfigurationUpdater($this->request, $this->config_manager, $response, new AgileDashboard_FirstScrumCreator($this->request->getProject(), $this->planning_factory, $this->tracker_factory, new ProjectXMLImporter(EventManager::instance(), ProjectManager::instance(), new XML_RNGValidator(), new UGroupManager(), UserManager::instance(), new XMLImportHelper(), new ProjectXMLImporterLogger())));
}
return $updater->updateConfiguration();
}
private function checkIfRequestIsValid()
{
if (!$this->request->exist('activate-ad-component') && !$this->request->exist('scrum-title-admin') && !$this->request->exist('kanban-title-admin')) {
$this->notifyErrorAndRedirectToAdmin();
return false;
}
$token = new CSRFSynchronizerToken('/plugins/agiledashboard/?action=admin');
$token->check('/', $this->request);
return true;
}
// SourceForge: Breaking Down the Barriers to Open Source Development
// Copyright 1999-2000 (c) The SourceForge Crew
// http://sourceforge.net
//
require_once 'pre.php';
require_once 'bookmarks.php';
$request = HTTPRequest::instance();
$HTML->header(array("title" => $Language->getText('bookmark_delete', 'title')));
print "<H3>" . $Language->getText('bookmark_delete', 'title') . "</H3>\n";
$vId = new Valid_UInt('bookmark_id');
$vId->required();
if ($request->valid($vId)) {
$bookmark_id = (int) $request->get('bookmark_id');
$csrf_token = new CSRFSynchronizerToken('bookmark_delete');
if ($request->isPost()) {
$csrf_token->check('/my/bookmark_delete.php?bookmark_id=' . $bookmark_id);
bookmark_delete($bookmark_id);
print '<p>' . $Language->getText('bookmark_delete', 'deleted') . '</p>';
} else {
print '<form method="post">';
print '<p>' . $Language->getText('my_index', 'del_bookmark') . '</p>';
print '<input type="hidden" name="bookmark_id" value="' . $bookmark_id . '"/>';
print $csrf_token->fetchHTMLInput();
print '<input type="submit" value="' . $Language->getText('global', 'btn_submit') . '">';
print '</form>';
}
print "<p><a href=\"/my/\">[" . $Language->getText('global', 'back_home') . "]</a></p>";
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'missing_parameters'));
$GLOBALS['Response']->redirect('/my');
}
// Valid group id
$valid_groupid = new Valid_GroupId();
$valid_groupid->required();
if (!$request->valid($valid_groupid)) {
exit_error($Language->getText('project_admin_index', 'invalid_p'), $Language->getText('project_admin_index', 'p_not_found'));
}
$group_id = $request->get('group_id');
//must be a project admin
session_require(array('group' => $group_id, 'admin_flags' => 'A'));
$user_manager = UserManager::instance();
$generic_user_factory = new GenericUserFactory($user_manager, ProjectManager::instance(), new GenericUserDao());
$generic_user = $generic_user_factory->fetch($group_id);
$redirect_url = '/project/admin/editgenericmember.php?group_id=' . (int) $group_id;
$token = new CSRFSynchronizerToken($redirect_url);
if ($request->get('update_generic_user')) {
$token->check();
$password = $request->getValidated('password');
$email = $request->getValidated('email');
if ($password) {
$generic_user->setPassword($password);
}
$generic_user->setEmail($email);
if ($user_manager->updateDb($generic_user)) {
$GLOBALS['Response']->addFeedback('info', $Language->getText('project_admin', 'generic_member_updated'));
} else {
$GLOBALS['Response']->addFeedback('warning', $Language->getText('project_admin', 'generic_member_not_changed'));
}
$GLOBALS['HTML']->redirect($redirect_url);
}
$hp = Codendi_HTMLPurifier::instance();
$title = $Language->getText('project_admin', 'generic_member_settings');
private function checkSynchronizerToken($url)
{
$token = new CSRFSynchronizerToken($url);
$token->check();
}
if (isset($_FILES['avatar'])) {
$handle = new Upload($_FILES['avatar']);
$handle->image_resize = true;
$handle->image_ratio_crop = 'L';
$handle->image_y = 50;
$handle->image_x = 50;
$handle->image_background_color = '#FFFFFF';
$handle->image_convert = 'png';
$handle->file_new_name_body = 'avatar';
$handle->file_safe_name = false;
$handle->file_force_extension = false;
$handle->file_new_name_ext = '';
$handle->allowed = 'image/*';
$handle->file_overwrite = true;
if ($handle->uploaded && Config::get('sys_enable_avatars', true)) {
$csrf->check();
$user_id = (string) $user->getId();
$avatar_path = Config::get('sys_avatar_path', Config::get('sys_data_dir') . '/user/avatar/');
$path = "{$avatar_path}/" . substr($user_id, -2, 1) . '/' . substr($user_id, -1, 1) . "/{$user_id}";
$handle->process($path);
if ($handle->processed) {
$user->sethasAvatar();
$user_manager->updateDb($user);
$GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('account_change_avatar', 'success'));
$GLOBALS['Response']->redirect('/account/');
} else {
$GLOBALS['Response']->addFeedback('error', $handle->error);
}
}
}
$title = $Language->getText('account_change_avatar', 'title');
/*
* Copyright (c) Enalean, 2011. All Rights Reserved.
*
* This file is a part of Tuleap.
*
* Tuleap is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* Tuleap is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
*/
require_once 'pre.php';
require_once 'common/dao/SessionDao.class.php';
require_once 'common/include/CSRFSynchronizerToken.class.php';
session_require(array('group' => '1', 'admin_flags' => 'A'));
$request = HTTPRequest::instance();
if ($request->exist('reset_all_sessions')) {
$csrf = new CSRFSynchronizerToken('/admin/sessions.php');
$csrf->check('/admin/userlist.php');
$session_dao = new SessionDao();
$session_dao->deleteAll();
}
$GLOBALS['HTML']->redirect('/');
