/**
 * Posts a twitter update when a bug is resolved.
 *
 * @param $p_bug_id The bug id that was resolved.
 * @access public
 */
function twitter_issue_resolved($p_bug_id)
{
    if (!twitter_enabled()) {
        return true;
    }
    $t_bug = bug_get($p_bug_id, false);
    # Do not twitter except fixed issues
    if ($t_bug->resolution < config_get('bug_resolution_fixed_threshold') || $t_bug->resolution >= config_get('bug_resolution_not_fixed_threshold')) {
        return true;
    }
    # Do not twitter private bugs.
    if ($t_bug->view_state != VS_PUBLIC) {
        return true;
    }
    # Do not twitter bugs belonging to private projects.
    if (VS_PRIVATE == project_get_field($t_bug->project_id, 'view_state')) {
        return true;
    }
    $c_bug_id = db_prepare_int($p_bug_id);
    if (is_blank($t_bug->fixed_in_version)) {
        $t_message = sprintf(lang_get('twitter_resolved_no_version'), $c_bug_id, category_full_name($t_bug->category_id, false), $t_bug->summary, user_get_name($t_bug->handler_id));
    } else {
        $t_message = sprintf(lang_get('twitter_resolved'), $c_bug_id, category_full_name($t_bug->category_id, false), $t_bug->summary, user_get_name($t_bug->handler_id), $t_bug->fixed_in_version);
    }
    return twitter_update($t_message);
}
Example #2
0
function wiki_xwiki_get_page_id_for_issue($p_issue_id)
{
    $t_project_id = project_get_name(bug_get_field($p_issue_id, 'project_id'));
    $c_issue_id = db_prepare_int($p_issue_id);
    return $c_issue_id;
    return $t_project_id . '/' . $c_issue_id;
}
function project_hierarchy_remove_all($p_project_id)
{
    $t_project_hierarchy_table = config_get('mantis_project_hierarchy_table');
    $c_project_id = db_prepare_int($p_project_id);
    $query = "DELETE FROM {$t_project_hierarchy_table}\n\t\t                WHERE child_id = {$c_project_id}\n\t\t\t\t\t\t  OR parent_id = {$c_project_id}";
    db_query($query);
}
/**
 * Remove any project hierarchy entries relating to project_id
 * @param int $p_project_id Project ID
 * @return null
 */
function project_hierarchy_remove_all($p_project_id)
{
    $t_project_hierarchy_table = db_get_table('mantis_project_hierarchy_table');
    $c_project_id = db_prepare_int($p_project_id);
    $query = "DELETE FROM {$t_project_hierarchy_table}\n\t\t                WHERE child_id = " . db_param() . "\n\t\t\t\t\t\t  OR parent_id = " . db_param();
    db_query_bound($query, array($c_project_id, $c_project_id));
}
function wiki_dokuwiki_get_page_id_for_issue($p_issue_id)
{
    $c_issue_id = db_prepare_int($p_issue_id);
    $t_project_id = bug_get_field($p_issue_id, 'project_id');
    $t_project_name = project_get_name($t_project_id);
    # create a namespace for the project to contain all project documentation.
    # create within it a namespace for issues.  This is to allow the creation of a _template.txt
    # file to act as the template for issues belonging to this project.
    return $t_project_name . ':issue:' . $c_issue_id;
}
Example #6
0
function bug_get_attachments($p_bug_id)
{
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_bug_file_table = db_get_table('mantis_bug_file_table');
    $query = "SELECT id, title, diskfile, filename, filesize, file_type, date_added, user_id\n                                FROM {$t_bug_file_table}\n                                WHERE bug_id=" . db_param() . "\n                                ORDER BY date_added";
    $db_result = db_query_bound($query, array($c_bug_id));
    $num_files = db_num_rows($db_result);
    $t_result = array();
    for ($i = 0; $i < $num_files; $i++) {
        $t_result[] = db_fetch_array($db_result);
    }
    return $t_result;
}
Example #7
0
/**
 * This method should be called from view, update, print pages for issues,
 * mantisconnect.
 *
 * @param issue_id	The issue id that was justed visited.
 * @param user_id	The user id that visited the issue, or null for current
 * 				logged in user.
 * @access public
 */
function last_visited_issue($p_issue_id, $p_user_id = null)
{
    if (!last_visited_enabled()) {
        return;
    }
    $c_issue_id = db_prepare_int($p_issue_id);
    $t_value = token_get_value(TOKEN_LAST_VISITED, $p_user_id);
    if (is_null($t_value)) {
        $t_value = $c_issue_id;
    } else {
        $t_ids = explode(',', $p_issue_id . ',' . $t_value);
        $t_ids = array_unique($t_ids);
        $t_ids = array_slice($t_ids, 0, config_get('recently_visited_count'));
        $t_value = implode(',', $t_ids);
    }
    token_set(TOKEN_LAST_VISITED, $t_value, TOKEN_EXPIRY_LAST_VISITED, $p_user_id);
}
function link_note_action($p_note_id, $p_action, $p_url, $p_link_active = true, $p_caption = null)
{
    if (null === $p_caption) {
        $t_caption = lang_get('action_' . $p_action);
        $t_before = '[ ';
        $t_after = ' ]';
    } else {
        $t_caption = $p_caption;
        $t_before = $t_after = '';
    }
    $c_note_id = db_prepare_int($p_note_id);
    $c_action = urlencode($p_action);
    # $c_url = urlencode( $p_url );
    $t_action = config_get('web_directory') . 'action.php';
    $t_link = "{$t_action}?f_action={$c_action}&amp;f_note_id={$c_note_id}";
    # &amp;f_url=$c_url";
    return link_create($t_link, $t_caption, $p_link_active, $t_before, $t_after);
}
/**
* Returns an array of time tracking stats
* @param int $p_project_id project id
* @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored.
* @return array array of bugnote stats
* @access public
*/
function plugin_TimeTracking_stats_get_project_array($p_project_id, $p_from, $p_to)
{
    $c_project_id = db_prepare_int($p_project_id);
    $c_to = "'" . date("Y-m-d", strtotime("{$p_to}") + SECONDS_PER_DAY - 1) . "'";
    $c_from = "'" . $p_from . "'";
    //strtotime( $p_from )
    if ($c_to === false || $c_from === false) {
        error_parameters(array($p_form, $p_to));
        trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_timereport_table = plugin_table('data', 'TimeTracking');
    $t_bug_table = db_get_table('mantis_bug_table');
    $t_user_table = db_get_table('mantis_user_table');
    $t_project_table = db_get_table('mantis_project_table');
    if (!is_blank($c_from)) {
        $t_from_where = " AND expenditure_date >= {$c_from}";
    } else {
        $t_from_where = '';
    }
    if (!is_blank($c_to)) {
        $t_to_where = " AND expenditure_date <= {$c_to}";
    } else {
        $t_to_where = '';
    }
    if (ALL_PROJECTS != $c_project_id) {
        $t_project_where = " AND b.project_id = '{$c_project_id}'  ";
    } else {
        $t_project_where = '';
    }
    if (!access_has_global_level(plugin_config_get('view_others_threshold'))) {
        $t_user_id = auth_get_current_user_id();
        $t_user_where = " AND user = '{$t_user_id}'  ";
    } else {
        $t_user_where = '';
    }
    $t_results = array();
    $query = "SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, info \nFROM {$t_timereport_table} tr, {$t_bug_table} b, {$t_user_table} u, {$t_project_table} p\nWHERE tr.bug_id=b.id and tr.user=u.id AND p.id = b.project_id\n{$t_project_where} {$t_from_where} {$t_to_where} {$t_user_where}\nORDER BY user, expenditure_date, bug_id";
    $result = db_query($query);
    while ($row = db_fetch_array($result)) {
        $t_results[] = $row;
    }
    return $t_results;
}
Example #10
0
function access_cache_matrix_user($p_user_id)
{
    global $g_cache_access_matrix, $g_cache_access_matrix_user_ids;
    $c_user_id = db_prepare_int($p_user_id);
    if (!in_array((int) $p_user_id, $g_cache_access_matrix_user_ids)) {
        $t_project_user_list_table = config_get('mantis_project_user_list_table');
        $query = "SELECT project_id, access_level\n\t\t\t\t\t  FROM {$t_project_user_list_table}\n\t\t\t\t\t  WHERE user_id='{$c_user_id}'";
        $result = db_query($query);
        $count = db_num_rows($result);
        # make sure we always have an array to return
        $g_cache_access_matrix[(int) $p_user_id] = array();
        for ($i = 0; $i < $count; $i++) {
            $row = db_fetch_array($result);
            $g_cache_access_matrix[(int) $p_user_id][(int) $row['project_id']] = (int) $row['access_level'];
        }
        $g_cache_access_matrix_user_ids[] = (int) $p_user_id;
    }
    return $g_cache_access_matrix[(int) $p_user_id];
}
Example #11
0
/**
 * Returns an array of bugnote stats
 * @param int $p_project_id project id
 * @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored.
 * @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored.
 * @param int $p_cost cost
 * @return array array of bugnote stats
 * @access public
 */
function bugnote_stats_get_project_array($p_project_id, $p_from, $p_to, $p_cost)
{
    $c_project_id = db_prepare_int($p_project_id);
    $c_to = strtotime($p_to) + SECONDS_PER_DAY - 1;
    $c_from = strtotime($p_from);
    if ($c_to === false || $c_from === false) {
        error_parameters(array($p_from, $p_to));
        trigger_error(ERROR_GENERIC, ERROR);
    }
    $c_cost = db_prepare_double($p_cost);
    $t_bug_table = db_get_table('mantis_bug_table');
    $t_user_table = db_get_table('mantis_user_table');
    $t_bugnote_table = db_get_table('mantis_bugnote_table');
    if (!is_blank($c_from)) {
        $t_from_where = " AND bn.date_submitted >= {$c_from}";
    } else {
        $t_from_where = '';
    }
    if (!is_blank($c_to)) {
        $t_to_where = " AND bn.date_submitted <= {$c_to}";
    } else {
        $t_to_where = '';
    }
    if (ALL_PROJECTS != $c_project_id) {
        $t_project_where = " AND b.project_id = '{$c_project_id}' AND bn.bug_id = b.id ";
    } else {
        $t_project_where = '';
    }
    $t_results = array();
    $query = "SELECT username, realname, summary, bn.bug_id, SUM(time_tracking) AS sum_time_tracking\n\t\t\tFROM {$t_user_table} u, {$t_bugnote_table} bn, {$t_bug_table} b\n\t\t\tWHERE u.id = bn.reporter_id AND bn.time_tracking != 0 AND bn.bug_id = b.id\n\t\t\t{$t_project_where} {$t_from_where} {$t_to_where}\n\t\t\tGROUP BY bn.bug_id, u.username, u.realname, b.summary\n\t\t\tORDER BY bn.bug_id";
    $result = db_query($query);
    $t_cost_min = $c_cost / 60;
    while ($row = db_fetch_array($result)) {
        $t_total_cost = $t_cost_min * $row['sum_time_tracking'];
        $row['cost'] = $t_total_cost;
        $t_results[] = $row;
    }
    return $t_results;
}
Example #12
0
function news_get_limited_rows($p_offset, $p_project_id = null)
{
    if ($p_project_id === null) {
        $p_project_id = helper_get_current_project();
    }
    $c_offset = db_prepare_int($p_offset);
    $t_projects = current_user_get_all_accessible_subprojects($p_project_id);
    $t_projects[] = (int) $p_project_id;
    if (ALL_PROJECTS != $p_project_id) {
        $t_projects[] = ALL_PROJECTS;
    }
    $t_news_table = db_get_table('mantis_news_table');
    $t_news_view_limit = config_get('news_view_limit');
    $t_news_view_limit_days = config_get('news_view_limit_days') * SECONDS_PER_DAY;
    switch (config_get('news_limit_method')) {
        case 0:
            # BY_LIMIT - Select the news posts
            $query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table}";
            if (1 == count($t_projects)) {
                $c_project_id = $t_projects[0];
                $query .= " WHERE project_id='{$c_project_id}'";
            } else {
                $query .= ' WHERE project_id IN (' . join($t_projects, ',') . ')';
            }
            $query .= ' ORDER BY announcement DESC, id DESC';
            $result = db_query($query, $t_news_view_limit, $c_offset);
            break;
        case 1:
            # BY_DATE - Select the news posts
            $query = "SELECT *\n\t\t\t\t\t\tFROM {$t_news_table} WHERE\n\t\t\t\t\t\t( " . db_helper_compare_days(0, 'date_posted', "< {$t_news_view_limit_days}") . "\n\t\t\t\t\t\t OR announcement = " . db_param() . " ) ";
            $t_params = array(db_now(), 1);
            if (1 == count($t_projects)) {
                $c_project_id = $t_projects[0];
                $query .= " AND project_id=" . db_param();
                $t_params[] = $c_project_id;
            } else {
                $query .= ' AND project_id IN (' . join($t_projects, ',') . ')';
            }
            $query .= " ORDER BY announcement DESC, id DESC";
            $result = db_query_bound($query, $t_params, $t_news_view_limit, $c_offset);
            break;
    }
    # end switch
    $t_row_count = db_num_rows($result);
    $t_rows = array();
    for ($i = 0; $i < $t_row_count; $i++) {
        $row = db_fetch_array($result);
        array_push($t_rows, $row);
    }
    return $t_rows;
}
Example #13
0
function email_queue_delete($p_email_id)
{
    $c_email_id = db_prepare_int($p_email_id);
    $t_email_table = config_get('mantis_email_table');
    $query = "DELETE FROM {$t_email_table}\r\n\t\t\t\t  WHERE email_id='{$c_email_id}'";
    db_query($query);
}
Example #14
0
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
    if (!$p_allow_protected) {
        user_ensure_unprotected($p_user_id);
    }
    $t_email = user_get_field($p_user_id, 'email');
    $t_username = user_get_field($p_user_id, 'username');
    # When the password is changed, invalidate the cookie to expire sessions that
    # may be active on all browsers.
    $t_seed = $t_email . $t_username;
    $c_cookie_string = db_prepare_string(auth_generate_unique_cookie_string($t_seed));
    $c_user_id = db_prepare_int($p_user_id);
    $c_password = db_prepare_string(auth_process_plain_password($p_password));
    $c_user_table = config_get('mantis_user_table');
    $query = "UPDATE {$c_user_table}\n\t\t\t\t  SET password='{$c_password}',\n\t\t\t\t  cookie_string='{$c_cookie_string}'\n\t\t\t\t  WHERE id='{$c_user_id}'";
    db_query($query);
    #db_query() errors on failure so:
    return true;
}
/**
 * Edit Printing preferences
 * @param int $p_user_id user id
 * @param bool $p_error_if_protected error if account protected
 * @param string $p_redirect_url redirect url
 */
function edit_printing_prefs($p_user_id = null, $p_error_if_protected = true, $p_redirect_url = '')
{
    if (null === $p_user_id) {
        $p_user_id = auth_get_current_user_id();
    }
    $c_user_id = db_prepare_int($p_user_id);
    # protected account check
    if ($p_error_if_protected) {
        user_ensure_unprotected($p_user_id);
    }
    $t_user_print_pref_table = db_get_table('user_print_pref');
    if (is_blank($p_redirect_url)) {
        $p_redirect_url = 'print_all_bug_page.php';
    }
    # get the fields list
    $t_field_name_arr = get_field_names();
    $field_name_count = count($t_field_name_arr);
    # Grab the data
    $query = "SELECT print_pref\n\t\t\tFROM {$t_user_print_pref_table}\n\t\t\tWHERE user_id=" . db_param();
    $result = db_query_bound($query, array($c_user_id));
    ## OOPS, No entry in the database yet.  Lets make one
    if (0 == db_num_rows($result)) {
        # create a default array, same size than $t_field_name
        for ($i = 0; $i < $field_name_count; $i++) {
            $t_default_arr[$i] = 1;
        }
        $t_default = implode('', $t_default_arr);
        # all fields are added by default
        $query = "INSERT\n\t\t\t\tINTO {$t_user_print_pref_table}\n\t\t\t\t(user_id, print_pref)\n\t\t\t\tVALUES\n\t\t\t\t(" . db_param() . "," . db_param() . ")";
        $result = db_query_bound($query, array($c_user_id, $t_default));
        # Rerun select query
        $query = "SELECT print_pref\n\t\t\t\tFROM {$t_user_print_pref_table}\n\t\t\t\tWHERE user_id=" . db_param();
        $result = db_query_bound($query, array($c_user_id));
    }
    # putting the query result into an array with the same size as $t_fields_arr
    $row = db_fetch_array($result);
    $t_prefs = $row['print_pref'];
    # Account Preferences Form BEGIN
    $t_index_count = 0;
    ?>
<br />
<div>
<form method="post" action="print_all_bug_options_update.php">
<?php 
    echo form_security_field('print_all_bug_options_update');
    ?>
<input type="hidden" name="user_id" value="<?php 
    echo $p_user_id;
    ?>
" />
<input type="hidden" name="redirect_url" value="<?php 
    echo string_attribute($p_redirect_url);
    ?>
" />
<table class="width75" cellspacing="1">
<tr>
	<td class="form-title">
		<?php 
    echo lang_get('printing_preferences_title');
    ?>
	</td>
	<td class="right">
	</td>
</tr>


<?php 
    # display the checkboxes
    for ($i = 0; $i < $field_name_count; $i++) {
        echo '<tr>';
        ?>

	<th class="category">
		<?php 
        echo lang_get($t_field_name_arr[$i]);
        ?>
	</th>
	<td>
		<input type="checkbox" name="<?php 
        echo 'print_' . $t_field_name_arr[$i];
        ?>
"
		<?php 
        if (isset($t_prefs[$i]) && $t_prefs[$i] == 1) {
            echo 'checked="checked"';
        }
        ?>
 />
	</td>
</tr>

<?php 
    }
    ?>
<tr>
	<td>&#160;</td>
	<td>
		<input type="submit" class="button" value="<?php 
    echo lang_get('update_prefs_button');
    ?>
" />
	</td>
</tr>
</table>
</form>
</div>

<br />

<div class="border center">
	<form method="post" action="print_all_bug_options_reset.php">
	<?php 
    echo form_security_field('print_all_bug_options_reset');
    ?>
	<input type="submit" class="button" value="<?php 
    echo lang_get('reset_prefs_button');
    ?>
" />
	</form>
</div>

<?php 
}
Example #16
0
/**
 * Delete all users from the project user list for a given project. This is
 * useful when deleting or closing a project. The $p_access_level_limit
 * parameter can be used to only remove users from a project if their access
 * level is below or equal to the limit.
 * @param int Project ID
 * @param int Access level limit (null = no limit)
 * @return true
 */
function project_remove_all_users($p_project_id, $p_access_level_limit = null)
{
    $t_project_user_list_table = db_get_table('project_user_list');
    $c_project_id = db_prepare_int($p_project_id);
    $query = "DELETE FROM {$t_project_user_list_table}\n\t\t\tWHERE project_id = " . db_param();
    if ($p_access_level_limit !== null) {
        $c_access_level_limit = db_prepare_int($p_access_level_limit);
        $query .= " AND access_level <= " . db_param();
        db_query_bound($query, array($c_project_id, $c_access_level_limit));
    } else {
        db_query_bound($query, array($c_project_id));
    }
    # db_query errors on failure so:
    return true;
}
# check that the username is unique
if (0 != strcasecmp($t_old_username, $f_username) && false == user_is_name_unique($f_username)) {
    trigger_error(ERROR_USER_NAME_NOT_UNIQUE, ERROR);
}
user_ensure_name_valid($f_username);
user_ensure_realname_valid($f_realname);
user_ensure_realname_unique($f_username, $f_realname);
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
$c_email = db_prepare_string($f_email);
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
    trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
    user_delete_project_specific_access_levels($c_user_id);
}
# if the user is already protected and the admin is not removing the
#  protected flag then don't update the access level and enabled flag.
#  If the user was unprotected or the protected flag is being turned off
Example #18
0
function print_bug_attachments_list($p_bug_id)
{
    $t_attachments = file_get_visible_attachments($p_bug_id);
    $t_attachments_count = count($t_attachments);
    $i = 0;
    $image_previewed = false;
    foreach ($t_attachments as $t_attachment) {
        $t_file_display_name = string_display_line($t_attachment['display_name']);
        $t_filesize = number_format($t_attachment['size']);
        $t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']);
        if ($image_previewed) {
            $image_previewed = false;
            echo '<br />';
        }
        if ($t_attachment['can_download']) {
            $t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">';
            $t_href_end = '</a>';
            $t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&amp;type=bug\" target=\"_blank\">^</a>]";
        } else {
            $t_href_start = '';
            $t_href_end = '';
            $t_href_clicket = '';
        }
        if (!$t_attachment['exists']) {
            print_file_icon($t_file_display_name);
            echo '&#160;<span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')';
        } else {
            echo $t_href_start;
            print_file_icon($t_file_display_name);
            echo $t_href_end . '&#160;' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>';
        }
        if ($t_attachment['can_delete']) {
            echo '&#160;[';
            print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small');
            echo ']';
        }
        if ($t_attachment['exists']) {
            if (FTP == config_get('file_upload_method') && $t_attachment['exists']) {
                echo ' (' . lang_get('cached') . ')';
            }
            if ($t_attachment['preview'] && $t_attachment['type'] == 'text') {
                $c_id = db_prepare_int($t_attachment['id']);
                $t_bug_file_table = db_get_table('mantis_bug_file_table');
                echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>";
                echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>";
                echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]";
                echo "<pre>";
                /** @todo Refactor into a method that gets contents for download / preview. */
                switch (config_get('file_upload_method')) {
                    case DISK:
                        if ($t_attachment['exists']) {
                            $v_content = file_get_contents($t_attachment['diskfile']);
                        }
                        break;
                    case FTP:
                        if (file_exists($t_attachment['exists'])) {
                            file_get_contents($t_attachment['diskfile']);
                        } else {
                            $ftp = file_ftp_connect();
                            file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']);
                            file_ftp_disconnect($ftp);
                            $v_content = file_get_contents($t_attachment['diskfile']);
                        }
                        break;
                    default:
                        $query = "SELECT *\n\t                  \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t            \t\t\tWHERE id=" . db_param();
                        $result = db_query_bound($query, array($c_id));
                        $row = db_fetch_array($result);
                        $v_content = $row['content'];
                }
                echo htmlspecialchars($v_content);
                echo "</pre></span>\n";
            }
            if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') {
                $t_preview_style = 'border: 0;';
                $t_max_width = config_get('preview_max_width');
                if ($t_max_width > 0) {
                    $t_preview_style .= ' max-width:' . $t_max_width . 'px;';
                }
                $t_max_height = config_get('preview_max_height');
                if ($t_max_height > 0) {
                    $t_preview_style .= ' max-height:' . $t_max_height . 'px;';
                }
                $t_preview_style = 'style="' . $t_preview_style . '"';
                $t_title = file_get_field($t_attachment['id'], 'title');
                $t_image_url = $t_attachment['download_url'] . '&amp;show_inline=1' . form_security_param('file_show_inline');
                echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}";
                $image_previewed = true;
            }
        }
        if ($i != $t_attachments_count - 1) {
            echo "<br />\n";
            $i++;
        }
    }
}
Example #19
0
/**
 * Move any attachments as needed when a bug is moved from project to project.
 *
 * @param int $p_bug_id ID of bug containing attachments to be moved
 * @param int $p_project_id_to destination project ID for the bug
 * @return null
 */
function file_move_bug_attachments($p_bug_id, $p_project_id_to)
{
    $t_project_id_from = bug_get_field($p_bug_id, 'project_id');
    if ($t_project_id_from == $p_project_id_to) {
        return;
    }
    $t_method = config_get('file_upload_method');
    if ($t_method != DISK) {
        return;
    }
    if (!file_bug_has_attachments($p_bug_id)) {
        return;
    }
    $t_path_from = project_get_field($t_project_id_from, 'file_path');
    if (is_blank($t_path_from)) {
        $t_path_from = config_get('absolute_path_default_upload_folder', null, null, $t_project_id_from);
    }
    file_ensure_valid_upload_path($t_path_from);
    $t_path_to = project_get_field($p_project_id_to, 'file_path');
    if (is_blank($t_path_to)) {
        $t_path_to = config_get('absolute_path_default_upload_folder', null, null, $p_project_id_to);
    }
    file_ensure_valid_upload_path($t_path_to);
    if ($t_path_from == $t_path_to) {
        return;
    }
    # Initialize the update query to update a single row
    $t_bug_file_table = db_get_table('mantis_bug_file_table');
    $c_bug_id = db_prepare_int($p_bug_id);
    $query_disk_attachment_update = "UPDATE {$t_bug_file_table}\n\t                                 SET folder=" . db_param() . "\n\t                                 WHERE bug_id=" . db_param() . "\n\t                                 AND id =" . db_param();
    $t_attachment_rows = bug_get_attachments($p_bug_id);
    $t_attachments_count = count($t_attachment_rows);
    for ($i = 0; $i < $t_attachments_count; $i++) {
        $t_row = $t_attachment_rows[$i];
        $t_basename = basename($t_row['diskfile']);
        $t_disk_file_name_from = file_path_combine($t_path_from, $t_basename);
        $t_disk_file_name_to = file_path_combine($t_path_to, $t_basename);
        if (!file_exists($t_disk_file_name_to)) {
            chmod($t_disk_file_name_from, 0775);
            if (!rename($t_disk_file_name_from, $t_disk_file_name_to)) {
                if (!copy($t_disk_file_name_from, $t_disk_file_name_to)) {
                    trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
                }
                file_delete_local($t_disk_file_name_from);
            }
            chmod($t_disk_file_name_to, config_get('attachments_file_permissions'));
            db_query_bound($query_disk_attachment_update, array(db_prepare_string($t_path_to), $c_bug_id, db_prepare_int($t_row['id'])));
        } else {
            trigger_error(ERROR_FILE_DUPLICATE, ERROR);
        }
    }
}
Example #20
0
require_api('config_api.php');
require_api('database_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('utility_api.php');
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) {
    access_denied();
}
$f_file_id = gpc_get_int('file_id');
$c_file_id = db_prepare_int($f_file_id);
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
$t_proj_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\tFROM {$t_proj_file_table}\n\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_file_id));
$row = db_fetch_array($result);
extract($row, EXTR_PREFIX_ALL, 'v');
$v_title = string_attribute($v_title);
$v_description = string_textarea($v_description);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
html_page_top();
?>

<br />
<div>
Example #21
0
/**
 * Purge all expired tokens.
 * @param integer Token type
 * @return always true.
 */
function token_purge_expired($p_token_type = null)
{
    global $g_tokens_purged;
    $t_tokens_table = db_get_table('mantis_tokens_table');
    $t_query = "DELETE FROM {$t_tokens_table} WHERE " . db_param() . " > expiry";
    if (!is_null($p_token_type)) {
        $c_token_type = db_prepare_int($p_token_type);
        $t_query .= " AND type=" . db_param();
        db_query_bound($t_query, array(db_now(), $c_token_type));
    } else {
        db_query_bound($t_query, array(db_now()));
    }
    $g_tokens_purged = true;
    return true;
}
<?php

# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: bug_monitor_list_view_inc.php,v 1.14 2005/04/22 22:06:07 prichards Exp $
# --------------------------------------------------------
# This include file prints out the list of users monitoring the current
# bug.	$f_bug_id must be set and be set to the bug id
if (access_has_bug_level(config_get('show_monitor_list_threshold'), $f_bug_id)) {
    $c_bug_id = db_prepare_int($f_bug_id);
    $t_bug_monitor_table = config_get('mantis_bug_monitor_table');
    $t_user_table = config_get('mantis_user_table');
    # get the bugnote data
    $query = "SELECT user_id, enabled\n\t\t\tFROM {$t_bug_monitor_table} m, {$t_user_table} u\n\t\t\tWHERE m.bug_id={$c_bug_id} AND m.user_id = u.id\n\t\t\tORDER BY u.realname, u.username";
    $result = db_query($query);
    $num_users = db_num_rows($result);
    echo '<a name="monitors" id="monitors" /><br />';
    ?>

<?php 
    if (ON == config_get('use_javascript')) {
        ?>
<div id="monitoring_closed" style="display: none;">
<table class="width100" cellspacing="1">
<tr>
	<td class="form-title" colspan="2">
		<a href="" onclick="ToggleDiv( 'monitoring', g_div_monitoring ); return false;"
Example #23
0
/**
 * Gets the where clause to use for retrieving versions.
 *
 * @param integer $p_project_id  The project id to use.
 * @param bool    $p_inherit  Include versions from parent projects? true: yes, false: no, null: use default configuration.
 * @return string The where clause not including WHERE.
 */
function version_get_project_where_clause($p_project_id, $p_inherit)
{
    if ($p_project_id == ALL_PROJECTS) {
        $t_inherit = false;
    } else {
        if ($p_inherit === null) {
            $t_inherit = ON == config_get('subprojects_inherit_versions');
        } else {
            $t_inherit = $p_inherit;
        }
    }
    $c_project_id = db_prepare_int($p_project_id);
    if ($t_inherit) {
        $t_project_ids = project_hierarchy_inheritance($p_project_id);
        $t_project_where = ' project_id IN ( ' . implode(', ', $t_project_ids) . ' ) ';
    } else {
        $t_project_where = ' project_id=' . $c_project_id . ' ';
    }
    return $t_project_where;
}
Example #24
0
/**
 * delete all history associated with a bug
 * @param int $p_bug_id
 * @return true
 */
function history_delete($p_bug_id)
{
    $c_bug_id = db_prepare_int($p_bug_id);
    $t_bug_history_table = db_get_table('mantis_bug_history_table');
    $query = 'DELETE FROM ' . $t_bug_history_table . ' WHERE bug_id=' . db_param();
    db_query_bound($query, array($c_bug_id));
    # db_query errors on failure so:
    return true;
}
Example #25
0
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
    if (!file_type_check($p_name)) {
        return new soap_fault('Client', '', 'File type not allowed.');
    }
    if (!file_is_name_unique($p_name, $p_id)) {
        return new soap_fault('Client', '', 'Duplicate filename.');
    }
    $t_file_size = strlen($p_content);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        return new soap_fault('Client', '', 'File is too big.');
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_id, 'project_id');
        $t_issue_id = bug_format_id($p_id);
    } else {
        $t_project_id = $p_id;
        $t_issue_id = 0;
    }
    # prepare variables for insertion
    $c_issue_id = db_prepare_int($t_issue_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file_type);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($p_user_id === null) {
        $c_user_id = auth_get_current_user_id();
    } else {
        $c_user_id = (int) $p_user_id;
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if ($t_file_path == '') {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($p_name);
    $t_file_hash = $t_issue_id;
    $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path);
    $c_disk_file_name = db_prepare_string($t_disk_file_name);
    $t_file_size = strlen($p_content);
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
                return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist.");
            }
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                mci_file_write_local($t_disk_file_name, $p_content);
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name);
                    file_ftp_disconnect($conn_id);
                    file_delete_local($t_disk_file_name);
                } else {
                    chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                }
                $c_content = "''";
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string($p_content);
            break;
    }
    $t_file_table = db_get_table($p_table . '_file');
    $c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
    db_query($query);
    # get attachment id
    $t_attachment_id = db_insert_id($t_file_table);
    if ('bug' == $p_table) {
        # updated the last_updated date
        $result = bug_update_date($c_issue_id);
        # log new bug
        history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name);
    }
    return $t_attachment_id;
}
Example #26
0
/**
 * Set the user's password to the given string, encoded as appropriate
 *
 * @param int $p_user_id User ID
 * @param string $p_password Password
 * @param bool $p_allow_protected Allow password change to protected accounts [optional - default false]
 * @return bool always true
 */
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
    if (!$p_allow_protected) {
        user_ensure_unprotected($p_user_id);
    }
    $t_email = user_get_field($p_user_id, 'email');
    $t_username = user_get_field($p_user_id, 'username');
    # When the password is changed, invalidate the cookie to expire sessions that
    # may be active on all browsers.
    $c_cookie_string = auth_generate_unique_cookie_string();
    $c_user_id = db_prepare_int($p_user_id);
    $c_password = auth_process_plain_password($p_password);
    $c_user_table = db_get_table('user');
    $query = "UPDATE {$c_user_table}\n\t\t\t\t  SET password=" . db_param() . ",\n\t\t\t\t  cookie_string=" . db_param() . "\n\t\t\t\t  WHERE id=" . db_param();
    db_query_bound($query, array($c_password, $c_cookie_string, $c_user_id));
    # db_query errors on failure so:
    return true;
}
Example #27
0
/**
 * delete all preferences for a project for all users (part of deleting the project)
 * returns true if the prefs were successfully deleted
 *
 * It is far more efficient to delete them all in one query than to
 *  call user_pref_delete() for each one and the code is short so that's
 *  what we do
 * @param $p_project_id
 * @return true
 */
function user_pref_delete_project( $p_project_id ) {
	$c_project_id = db_prepare_int( $p_project_id );

	$t_user_pref_table = db_get_table( 'user_pref' );

	$query = 'DELETE FROM ' . $t_user_pref_table . ' WHERE project_id=' . db_param();
	db_query_bound( $query, Array( $c_project_id ) );

	# db_query errors on failure so:
	return true;
}
Example #28
0
/**
 * Basically this is a copy of core/filter_api.php#filter_db_get_available_queries().
 * The only difference is that the result of this function is not an array of filter
 * names but an array of filter structures.
 */
function mci_filter_db_get_available_queries($p_project_id = null, $p_user_id = null)
{
    $t_filters_table = db_get_table('filters');
    $t_overall_query_arr = array();
    if (null === $p_project_id) {
        $t_project_id = helper_get_current_project();
    } else {
        $t_project_id = db_prepare_int($p_project_id);
    }
    if (null === $p_user_id) {
        $t_user_id = auth_get_current_user_id();
    } else {
        $t_user_id = db_prepare_int($p_user_id);
    }
    # If the user doesn't have access rights to stored queries, just return
    if (!access_has_project_level(config_get('stored_query_use_threshold'))) {
        return $t_overall_query_arr;
    }
    # Get the list of available queries. By sorting such that public queries are
    # first, we can override any query that has the same name as a private query
    # with that private one
    $query = "SELECT * FROM {$t_filters_table}\n\t\t\t\t\tWHERE (project_id=" . db_param() . "\n\t\t\t\t\t\tOR project_id=0)\n\t\t\t\t\tAND name!=''\n\t\t\t\t\tAND (is_public = " . db_prepare_bool(true) . "\n\t\t\t\t\t\tOR user_id = " . db_param() . ")\n\t\t\t\t\tORDER BY is_public DESC, name ASC";
    $result = db_query_bound($query, array($t_project_id, $t_user_id));
    $query_count = db_num_rows($result);
    for ($i = 0; $i < $query_count; $i++) {
        $row = db_fetch_array($result);
        $t_filter_detail = explode('#', $row['filter_string'], 2);
        if (!isset($t_filter_detail[1])) {
            continue;
        }
        $t_filter = unserialize($t_filter_detail[1]);
        $t_filter = filter_ensure_valid_filter($t_filter);
        $row['url'] = filter_get_url($t_filter);
        $t_overall_query_arr[$row['name']] = $row;
    }
    return array_values($t_overall_query_arr);
}
Example #29
0
/**
 * Prints the preview of a text file attachment.
 * @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function
 */
function print_bug_attachment_preview_text($p_attachment)
{
    if (!$p_attachment['exists']) {
        return;
    }
    echo "\n<pre class=\"bug-attachment-preview-text\">";
    switch (config_get('file_upload_method')) {
        case DISK:
            if (file_exists($p_attachment['diskfile'])) {
                $t_content = file_get_contents($p_attachment['diskfile']);
            }
            break;
        case FTP:
            if (file_exists($p_attachment['diskfile'])) {
                $t_content = file_get_contents($p_attachment['diskfile']);
            } else {
                $t_ftp = file_ftp_connect();
                file_ftp_get($t_ftp, $p_attachment['diskfile'], $p_attachment['diskfile']);
                file_ftp_disconnect($t_ftp);
                if (file_exists($p_attachment['diskfile'])) {
                    $t_content = file_get_contents($p_attachment['diskfile']);
                }
            }
            break;
        default:
            $t_bug_file_table = db_get_table('bug_file');
            $c_attachment_id = db_prepare_int($p_attachment['id']);
            $t_query = "SELECT * FROM {$t_bug_file_table} WHERE id=" . db_param();
            $t_result = db_query_bound($t_query, array($c_attachment_id));
            $t_row = db_fetch_array($t_result);
            $t_content = $t_row['content'];
    }
    echo htmlspecialchars($t_content);
    echo '</pre>';
}
Example #30
0
file_ensure_uploaded($f_file);
extract($f_file, EXTR_PREFIX_ALL, 'v');
if (is_uploaded_file($v_tmp_name)) {
    $t_project_id = helper_get_current_project();
    # grab the original file path and name
    $t_disk_file_name = file_get_field($f_file_id, 'diskfile', 'project');
    $t_file_path = dirname($t_disk_file_name);
    # prepare variables for insertion
    $c_file_name = db_prepare_string($v_name);
    $c_file_type = db_prepare_string($v_type);
    $t_file_size = filesize($v_tmp_name);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (FTP == $t_method) {
                $conn_id = file_ftp_connect();
                file_ftp_delete($conn_id, $t_disk_file_name);
                file_ftp_put($conn_id, $t_disk_file_name, $v_tmp_name);
                file_ftp_disconnect($conn_id);
            }
            if (file_exists($t_disk_file_name)) {
                file_delete_local($t_disk_file_name);
            }
            if (!move_uploaded_file($v_tmp_name, $t_disk_file_name)) {