/** * Add to email queue * @param EmailData $p_email_data * @return int */ function email_queue_add($p_email_data) { $t_email_data = email_queue_prepare_db($p_email_data); # email cannot be blank if (is_blank($t_email_data->email)) { error_parameters(lang_get('email')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # subject cannot be blank if (is_blank($t_email_data->subject)) { error_parameters(lang_get('subject')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # body cannot be blank if (is_blank($t_email_data->body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_email_table = db_get_table('email'); $c_email = $t_email_data->email; $c_subject = $t_email_data->subject; $c_body = $t_email_data->body; $c_metadata = serialize($t_email_data->metadata); $query = "INSERT INTO {$t_email_table}\n\t\t\t\t ( email,\n\t\t\t\t subject,\n\t\t\t\t\t body,\n\t\t\t\t\t submitted,\n\t\t\t\t\t metadata)\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ",\n\t\t\t\t " . db_param() . ",\n\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t " . db_param() . "\n\t\t\t\t\t)"; db_query_bound($query, array($c_email, $c_subject, $c_body, db_now(), $c_metadata)); return db_insert_id($t_email_table, 'email_id'); }
function gpc_get_fileCustom($p_var_name, $p_default = null) { if (isset($_FILES[$p_var_name])) { # FILES are not escaped even if magic_quotes is ON, this applies to Windows paths. $t_result = $_FILES[$p_var_name]; } else { if (isset($_POST[$p_var_name])) { $f = $_POST[$p_var_name][0]; $h = "data:image/png;base64,"; if (substr($f, 0, strlen($h)) == $h) { $data = base64_decode(substr($f, strlen($h))); $fn = tempnam("/tmp", "CLPBRD"); file_put_contents($fn, $data); chmod($fn, 0777); $t_result = array(); $pi = pathinfo($fn); $t_result[0]['name'] = $pi['filename'] . ".png"; $t_result[0]['type'] = "image/png"; $t_result[0]['size'] = strlen($data); $t_result[0]['tmp_name'] = $fn; $t_result[0]['error'] = 0; } } else { if (func_num_args() > 1) { # check for a default passed in (allowing null) $t_result = $p_default; } else { error_parameters($p_var_name); trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR); } } } return $t_result; }
function email_queue_add($p_email_data) { $t_email_data = email_queue_prepare_db($p_email_data); # email cannot be blank if (is_blank($t_email_data->email)) { error_parameters(lang_get('email')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # subject cannot be blank if (is_blank($t_email_data->subject)) { error_parameters(lang_get('subject')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } # body cannot be blank if (is_blank($t_email_data->body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_email_table = config_get('mantis_email_table'); $c_email = $t_email_data->email; $c_subject = $t_email_data->subject; $c_body = $t_email_data->body; $c_metadata = serialize($t_email_data->metadata); $query = "INSERT INTO {$t_email_table}\r\n\t\t\t\t ( email,\r\n\t\t\t\t subject,\r\n\t\t\t\t\t body,\r\n\t\t\t\t\t submitted,\r\n\t\t\t\t\t metadata)\r\n\t\t\t\t VALUES\r\n\t\t\t\t ( '{$c_email}',\r\n\t\t\t\t '{$c_subject}',\r\n\t\t\t\t '{$c_body}',\r\n\t\t\t\t\t " . db_now() . ",\r\n\t\t\t\t\t '{$c_metadata}'\r\n\t\t\t\t\t)"; db_query($query); return db_insert_id($t_email_table); }
function install() { $result = extension_loaded("xmlreader") && extension_loaded("xmlwriter"); if ( ! $result ) { #\todo returning false should trigger some error reporting, needs rethinking error_api error_parameters( plugin_lang_get( 'error_no_xml' ) ); trigger_error( ERROR_PLUGIN_INSTALL_FAILED, ERROR ); } return $result; }
/** * Ensure that the specified token name is unique to the user, otherwise, * prompt the user with an error. * * @param string $p_token_name The token name. * @param string $p_user_id The user id. */ function api_token_name_ensure_unique($p_token_name, $p_user_id) { $t_query = 'SELECT * FROM {api_token} WHERE user_id=' . db_param() . ' AND name=' . db_param(); $t_result = db_query($t_query, array($p_user_id, $p_token_name)); $t_row = db_fetch_array($t_result); if ($t_row) { error_parameters($p_token_name); trigger_error(ERROR_API_TOKEN_NAME_NOT_UNIQUE, ERROR); } }
function get($p_name, $p_default = null) { if (isset($_SESSION[$p_name])) { return unserialize($_SESSION[$p_name]); } if (func_num_args() > 1) { return $p_default; } error_parameters($p_name); trigger_error(ERROR_SESSION_VAR_NOT_FOUND, ERROR); }
/** * Gets the billing information for the specified project during the specified date range. * * @param integer $p_project_id A project identifier or ALL_PROJECTS. * @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored. * @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored. * @param integer $p_cost_per_hour Cost per hour. * @return array array of bugnotes * @access public */ function billing_get_for_project($p_project_id, $p_from, $p_to, $p_cost_per_hour) { $t_params = array(); $c_to = strtotime($p_to) + SECONDS_PER_DAY - 1; $c_from = strtotime($p_from); if ($c_to === false || $c_from === false) { error_parameters(array($p_from, $p_to)); trigger_error(ERROR_GENERIC, ERROR); } db_param_push(); if (ALL_PROJECTS != $p_project_id) { access_ensure_project_level(config_get('view_bug_threshold'), $p_project_id); $t_project_where = ' AND b.project_id = ' . db_param() . ' AND bn.bug_id = b.id '; $t_params[] = $p_project_id; } else { $t_project_ids = user_get_all_accessible_projects(); $t_project_where = ' AND b.project_id in (' . implode(', ', $t_project_ids) . ')'; } if (!is_blank($c_from)) { $t_from_where = ' AND bn.date_submitted >= ' . db_param(); $t_params[] = $c_from; } else { $t_from_where = ''; } if (!is_blank($c_to)) { $t_to_where = ' AND bn.date_submitted <= ' . db_param(); $t_params[] = $c_to; } else { $t_to_where = ''; } $t_results = array(); $t_query = 'SELECT bn.id id, bn.time_tracking minutes, bn.date_submitted as date_submitted, bnt.note note, u.realname realname, b.project_id project_id, c.name bug_category, b.summary bug_summary, bn.bug_id bug_id, bn.reporter_id reporter_id FROM {user} u, {bugnote} bn, {bug} b, {bugnote_text} bnt, {category} c WHERE u.id = bn.reporter_id AND bn.time_tracking != 0 AND bn.bug_id = b.id AND bnt.id = bn.bugnote_text_id AND c.id=b.category_id ' . $t_project_where . $t_from_where . $t_to_where . ' ORDER BY bn.id'; $t_result = db_query($t_query, $t_params); $t_cost_per_min = $p_cost_per_hour / 60.0; $t_access_level_required = config_get('time_tracking_view_threshold'); while ($t_row = db_fetch_array($t_result)) { if (!access_has_bugnote_level($t_access_level_required, $t_row['id'])) { continue; } $t_total_cost = $t_cost_per_min * $t_row['minutes']; $t_row['cost'] = $t_total_cost; $t_results[] = $t_row; } $t_billing_rows = billing_rows_to_array($t_results); return $t_billing_rows; }
/** * Gets the billing information for the specified project during the specified date range. * * @param integer $p_project_id A project identifier. * @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored. * @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored. * @param integer $p_cost_per_hour Cost per hour. * @return array array of bugnotes * @access public */ function billing_get_for_project($p_project_id, $p_from, $p_to, $p_cost_per_hour) { $t_params = array(); $c_to = strtotime($p_to) + SECONDS_PER_DAY - 1; $c_from = strtotime($p_from); if ($c_to === false || $c_from === false) { error_parameters(array($p_from, $p_to)); trigger_error(ERROR_GENERIC, ERROR); } if (ALL_PROJECTS != $p_project_id) { $t_project_where = ' AND b.project_id = ' . db_param() . ' AND bn.bug_id = b.id '; $t_params[] = $p_project_id; } else { $t_project_where = ''; } if (!is_blank($c_from)) { $t_from_where = ' AND bn.date_submitted >= ' . db_param(); $t_params[] = $c_from; } else { $t_from_where = ''; } if (!is_blank($c_to)) { $t_to_where = ' AND bn.date_submitted <= ' . db_param(); $t_params[] = $c_to; } else { $t_to_where = ''; } $t_results = array(); $t_query = 'SELECT bn.id id, bn.time_tracking minutes, bn.date_submitted as date_submitted, bnt.note note, u.realname realname, b.summary bug_summary, bn.bug_id bug_id, bn.reporter_id reporter_id FROM {user} u, {bugnote} bn, {bug} b, {bugnote_text} bnt WHERE u.id = bn.reporter_id AND bn.time_tracking != 0 AND bn.bug_id = b.id AND bnt.id = bn.bugnote_text_id ' . $t_project_where . $t_from_where . $t_to_where . ' ORDER BY bn.id'; $t_result = db_query($t_query, $t_params); $t_cost_per_min = $p_cost_per_hour / 60.0; while ($t_row = db_fetch_array($t_result)) { $t_total_cost = $t_cost_per_min * $t_row['minutes']; $t_row['cost'] = $t_total_cost; $t_results[] = $t_row; } $t_billing_rows = billing_rows_to_array($t_results); return $t_billing_rows; }
/** * Returns an array of time tracking stats * @param int $p_project_id project id * @param string $p_from Starting date (yyyy-mm-dd) inclusive, if blank, then ignored. * @param string $p_to Ending date (yyyy-mm-dd) inclusive, if blank, then ignored. * @return array array of bugnote stats * @access public */ function plugin_TimeTracking_stats_get_project_array($p_project_id, $p_from, $p_to) { $c_project_id = db_prepare_int($p_project_id); $c_to = "'" . date("Y-m-d", strtotime("{$p_to}") + SECONDS_PER_DAY - 1) . "'"; $c_from = "'" . $p_from . "'"; //strtotime( $p_from ) if ($c_to === false || $c_from === false) { error_parameters(array($p_form, $p_to)); trigger_error(ERROR_GENERIC, ERROR); } $t_timereport_table = plugin_table('data', 'TimeTracking'); $t_bug_table = db_get_table('mantis_bug_table'); $t_user_table = db_get_table('mantis_user_table'); $t_project_table = db_get_table('mantis_project_table'); if (!is_blank($c_from)) { $t_from_where = " AND expenditure_date >= {$c_from}"; } else { $t_from_where = ''; } if (!is_blank($c_to)) { $t_to_where = " AND expenditure_date <= {$c_to}"; } else { $t_to_where = ''; } if (ALL_PROJECTS != $c_project_id) { $t_project_where = " AND b.project_id = '{$c_project_id}' "; } else { $t_project_where = ''; } if (!access_has_global_level(plugin_config_get('view_others_threshold'))) { $t_user_id = auth_get_current_user_id(); $t_user_where = " AND user = '******' "; } else { $t_user_where = ''; } $t_results = array(); $query = "SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, info \nFROM {$t_timereport_table} tr, {$t_bug_table} b, {$t_user_table} u, {$t_project_table} p\nWHERE tr.bug_id=b.id and tr.user=u.id AND p.id = b.project_id\n{$t_project_where} {$t_from_where} {$t_to_where} {$t_user_where}\nORDER BY user, expenditure_date, bug_id"; $result = db_query($query); while ($row = db_fetch_array($result)) { $t_results[] = $row; } return $t_results; }
/** * Validates the action on the specified bug id. * * @returns true|array Action can be applied., ( bug_id => reason for failure ) */ function action_add_note_validate($p_bug_id) { $f_bugnote_text = gpc_get_string('bugnote_text'); if (is_blank($f_bugnote_text)) { error_parameters(lang_get('bugnote')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_failed_validation_ids = array(); $t_add_bugnote_threshold = config_get('add_bugnote_threshold'); $t_bug_id = $p_bug_id; if (bug_is_readonly($t_bug_id)) { $t_failed_validation_ids[$t_bug_id] = lang_get('actiongroup_error_issue_is_readonly'); return $t_failed_validation_ids; } if (!access_has_bug_level($t_add_bugnote_threshold, $t_bug_id)) { $t_failed_validation_ids[$t_bug_id] = lang_get('access_denied'); return $t_failed_validation_ids; } return true; }
/** * Triggers an error if the current user is suspected to be a spammer. * This should be run before actions like adding issues or issue notes. If the * user is determined to demonstrate spammy behavior, this method will trigger an * error and exit the script. */ function antispam_check() { if (OFF == config_get_global('allow_signup')) { return; } if (access_get_global_level() > config_get('default_new_account_access_level')) { return; } $t_antispam_max_event_count = config_get('antispam_max_event_count'); if ($t_antispam_max_event_count == 0) { return; } # Make sure user has at least one more event to add before exceeding the limit, which will happen # after this method returns. $t_antispam_time_window_in_seconds = config_get('antispam_time_window_in_seconds'); if (history_count_user_recent_events($t_antispam_time_window_in_seconds) < $t_antispam_max_event_count) { return; } error_parameters($t_antispam_max_event_count, $t_antispam_time_window_in_seconds); trigger_error(ERROR_SPAM_SUSPECTED, ERROR); }
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body) { $c_news_id = db_prepare_int($p_news_id); $c_project_id = db_prepare_int($p_project_id); $c_view_state = db_prepare_int($p_view_state); $c_announcement = db_prepare_bool($p_announcement); $c_headline = db_prepare_string($p_headline); $c_body = db_prepare_string($p_body); if (is_blank($c_headline)) { error_parameters(lang_get('headline')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if (is_blank($c_body)) { error_parameters(lang_get('body')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_news_table = config_get('mantis_news_table'); # Update entry $query = "UPDATE {$t_news_table}\n\t\t\t\t SET view_state='{$c_view_state}',\n\t\t\t\t\tannouncement='{$c_announcement}',\n\t\t\t\t\theadline='{$c_headline}',\n\t\t\t\t\tbody='{$c_body}',\n\t\t\t\t\tproject_id='{$c_project_id}',\n\t\t\t\t\tlast_modified= " . db_now() . "\n\t\t\t\t WHERE id='{$c_news_id}'"; db_query($query); # db_query() errors on failure so: return true; }
} } $f_filter_target = gpc_get_string('filter_target'); $t_function_name = 'print_filter_' . utf8_substr($f_filter_target, 0, -7); if (function_exists($t_function_name)) { return_dynamic_filters_prepend_headers(); call_user_func($t_function_name); } else { if ('custom_field' == utf8_substr($f_filter_target, 0, 12)) { # custom function $t_custom_id = utf8_substr($f_filter_target, 13, -7); return_dynamic_filters_prepend_headers(); print_filter_custom_field($t_custom_id); } else { $t_plugin_filters = filter_get_plugin_filters(); $t_found = false; foreach ($t_plugin_filters as $t_field_name => $t_filter_object) { if ($t_field_name . '_filter' == $f_filter_target) { return_dynamic_filters_prepend_headers(); print_filter_plugin_field($t_field_name, $t_filter_object); $t_found = true; break; } } if (!$t_found) { # error - no function to populate the target (e.g., print_filter_foo) error_parameters($f_filter_target); trigger_error(ERROR_FILTER_NOT_FOUND, ERROR); } } }
/** * Create or update repository data. * Creates database row if $this->id is zero, updates an existing row otherwise. */ function save() { if (is_blank($this->type) || is_blank($this->name)) { if (is_blank($this->type)) { error_parameters(plugin_lang_get('type')); } else { error_parameters(plugin_lang_get('name')); } trigger_error(ERROR_EMPTY_FIELD, ERROR); } $t_repo_table = plugin_table('repository', 'Source'); if (0 == $this->id) { # create $t_query = "INSERT INTO {$t_repo_table} ( type, name, url, info ) VALUES ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )'; db_query_bound($t_query, array($this->type, $this->name, $this->url, serialize($this->info))); $this->id = db_insert_id($t_repo_table); } else { # update $t_query = "UPDATE {$t_repo_table} SET type=" . db_param() . ', name=' . db_param() . ', url=' . db_param() . ', info=' . db_param() . ' WHERE id=' . db_param(); db_query_bound($t_query, array($this->type, $this->name, $this->url, serialize($this->info), $this->id)); } foreach ($this->mappings as $t_mapping) { $t_mapping->save(); } }
public function process(XMLreader $reader) { //print "\nImportIssue process()\n"; $t_project_id = helper_get_current_project(); // TODO: category_get_id_by_name could work by default on current project $userId = auth_get_current_user_id(); $t_custom_fields = array(); $t_bugnotes = array(); $t_attachments = array(); $depth = $reader->depth; while ($reader->read() && ($reader->depth > $depth || $reader->nodeType != XMLReader::END_ELEMENT)) { if ($reader->nodeType == XMLReader::ELEMENT) { switch ($reader->localName) { case 'reporter': $t_old_id = $reader->getAttribute('id'); $reader->read(); $this->newbug_->reporter_id = $this->get_user_id($reader->value, $userId); //echo "reporter: old id = $t_old_id - new id = {$this->newbug_->reporter_id}\n"; break; case 'handler': $t_old_id = $reader->getAttribute('id'); $reader->read(); $this->newbug_->handler_id = $this->get_user_id($reader->value, $userId); //echo "handler: old id = $t_old_id - new id = {$this->newbug_->handler_id}\n"; break; case 'category': $this->newbug_->category_id = $this->defaultCategory_; if (version_compare(MANTIS_VERSION, '1.2', '>') === true) { $reader->read(); if ($this->keepCategory_) { # Check for the category's existence in the current project # well as its parents (if any) $t_projects_hierarchy = project_hierarchy_inheritance($t_project_id); foreach ($t_projects_hierarchy as $t_project) { $t_category_id = category_get_id_by_name($reader->value, $t_project, false); if ($t_category_id !== false) { $this->newbug_->category_id = $t_category_id; break; } } } // echo "new id = {$this->newbug_->category_id}\n"; } break; case 'eta': case 'priority': case 'projection': case 'reproducibility': case 'resolution': case 'severity': case 'status': case 'view_state': $t_field = $reader->localName; $t_id = $reader->getAttribute('id'); $reader->read(); $t_value = $reader->value; // Here we assume ids have the same meaning in both installations // TODO add a check for customized values $this->newbug_->{$t_field} = $t_id; break; case 'id': $reader->read(); $this->old_id_ = $reader->value; break; case 'project': // ignore original value, use current project $this->newbug_->project_id = $t_project_id; break; case 'custom_fields': // store custom fields $i = -1; $depth_cf = $reader->depth; while ($reader->read() && ($reader->depth > $depth_cf || $reader->nodeType != XMLReader::END_ELEMENT)) { if ($reader->nodeType == XMLReader::ELEMENT) { if ($reader->localName == 'custom_field') { $t_custom_fields[++$i] = new stdClass(); } switch ($reader->localName) { default: $field = $reader->localName; $reader->read(); $t_custom_fields[$i]->{$field} = $reader->value; } } } break; case 'bugnotes': // store bug notes $i = -1; $depth_bn = $reader->depth; while ($reader->read() && ($reader->depth > $depth_bn || $reader->nodeType != XMLReader::END_ELEMENT)) { if ($reader->nodeType == XMLReader::ELEMENT) { if ($reader->localName == 'bugnote') { $t_bugnotes[++$i] = new stdClass(); } switch ($reader->localName) { case 'reporter': $t_old_id = $reader->getAttribute('id'); $reader->read(); $t_bugnotes[$i]->reporter_id = $this->get_user_id($reader->value, $userId); break; case 'view_state': $t_old_id = $reader->getAttribute('id'); $reader->read(); $t_bugnotes[$i]->private = $reader->value == VS_PRIVATE ? true : false; break; default: $field = $reader->localName; $reader->read(); $t_bugnotes[$i]->{$field} = $reader->value; } } } break; case 'attachments': // store attachments $i = -1; $depth_att = $reader->depth; while ($reader->read() && ($reader->depth > $depth_att || $reader->nodeType != XMLReader::END_ELEMENT)) { if ($reader->nodeType == XMLReader::ELEMENT) { if ($reader->localName == 'attachment') { $t_attachments[++$i] = new stdClass(); } switch ($reader->localName) { default: $field = $reader->localName; $reader->read(); $t_attachments[$i]->{$field} = $reader->value; } } } break; default: $field = $reader->localName; //echo "using default handler for field: $field\n"; $reader->read(); $this->newbug_->{$field} = $reader->value; } } } // now save the new bug $this->new_id_ = $this->newbug_->create(); // add custom fields if ($this->new_id_ > 0 && is_array($t_custom_fields) && count($t_custom_fields) > 0) { foreach ($t_custom_fields as $t_custom_field) { $t_custom_field_id = custom_field_get_id_from_name($t_custom_field->name); if (custom_field_ensure_exists($t_custom_field_id) && custom_field_is_linked($t_custom_field_id, $t_project_id)) { custom_field_set_value($t_custom_field->id, $this->new_id_, $t_custom_field->value); } else { error_parameters($t_custom_field->name, $t_custom_field_id); trigger_error(ERROR_CUSTOM_FIELD_NOT_LINKED_TO_PROJECT, ERROR); } } } // add bugnotes if ($this->new_id_ > 0 && is_array($t_bugnotes) && count($t_bugnotes) > 0) { foreach ($t_bugnotes as $t_bugnote) { bugnote_add($this->new_id_, $t_bugnote->note, $t_bugnote->time_tracking, $t_bugnote->private, $t_bugnote->note_type, $t_bugnote->note_attr, $t_bugnote->reporter_id, false, $t_bugnote->date_submitted, $t_bugnote->last_modified, true); } } // add attachments if ($this->new_id_ > 0 && is_array($t_attachments) && count($t_attachments) > 0) { foreach ($t_attachments as $t_attachment) { // Create a temporary file in the temporary files directory using sys_get_temp_dir() $temp_file_name = tempnam(sys_get_temp_dir(), 'MantisImport'); file_put_contents($temp_file_name, base64_decode($t_attachment->content)); $file_data = array('name' => $t_attachment->filename, 'type' => $t_attachment->file_type, 'tmp_name' => $temp_file_name, 'size' => filesize($temp_file_name), 'error' => UPLOAD_ERR_OK); // unfortunately we have no clue who has added the attachment (this could only be fetched from history -> feel free to implement this) // also I have no clue where description should come from... file_add($this->new_id_, $file_data, 'bug', $t_attachment->title, $p_desc = '', $p_user_id = null, $t_attachment->date_added, true); unlink($temp_file_name); } } //echo "\nnew bug: $this->new_id_\n"; }
/** * MantisBT Core API's */ require_once 'core.php'; require_once 'bug_api.php'; require_once 'bugnote_api.php'; form_security_validate('bugnote_add'); $f_bug_id = gpc_get_int('bug_id'); $f_private = gpc_get_bool('private'); $f_time_tracking = gpc_get_string('time_tracking', '0:00'); $f_bugnote_text = trim(gpc_get_string('bugnote_text', '')); $t_bug = bug_get($f_bug_id, true); if ($t_bug->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug->project_id; } if (bug_is_readonly($f_bug_id)) { error_parameters($f_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } access_ensure_bug_level(config_get('add_bugnote_threshold'), $f_bug_id); // We always set the note time to BUGNOTE, and the API will overwrite it with TIME_TRACKING // if $f_time_tracking is not 0 and the time tracking feature is enabled. $t_bugnote_id = bugnote_add($f_bug_id, $f_bugnote_text, $f_time_tracking, $f_private, BUGNOTE); if (!$t_bugnote_id) { error_parameters(lang_get('bugnote')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } form_security_purge('bugnote_add'); print_successful_redirect_to_bug($f_bug_id);
/** * Checks an array of columns for duplicate or invalid fields. * * @param string $p_field_name - The logic name of the array being validated. Used when triggering errors. * @param array $p_columns_to_validate - The array of columns to validate. * @param array $p_columns_all - The list of all valid columns. * @return bool * @access public */ function columns_ensure_valid($p_field_name, $p_columns_to_validate, $p_columns_all) { $t_columns_all_lower = array_map('utf8_strtolower', $p_columns_all); # Check for invalid fields foreach ($p_columns_to_validate as $t_column) { if (!in_array(utf8_strtolower($t_column), $t_columns_all_lower)) { error_parameters($p_field_name, $t_column); trigger_error(ERROR_COLUMNS_INVALID, ERROR); return false; } } # Check for duplicate fields $t_columns_no_duplicates = array(); foreach ($p_columns_to_validate as $t_column) { $t_column_lower = utf8_strtolower($t_column); if (in_array($t_column, $t_columns_no_duplicates)) { error_parameters($p_field_name, $t_column); trigger_error(ERROR_COLUMNS_DUPLICATE, ERROR); } else { $t_columns_no_duplicates[] = $t_column_lower; } } return true; }
function gpc_get_file($p_var_name, $p_default = null) { # simulate auto-globals from PHP v4.1.0 (see also code in php_api.php) if (!php_version_at_least('4.1.0')) { global $_FILES; } if (isset($_FILES[$p_var_name])) { # FILES are not escaped even if magic_quotes is ON, this applies to Windows paths. $t_result = $_FILES[$p_var_name]; } else { if (func_num_args() > 1) { #check for a default passed in (allowing null) $t_result = $p_default; } else { error_parameters($p_var_name); trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR); } } return $t_result; }
function user_get_field($p_user_id, $p_field_name) { if (NO_USER == $p_user_id) { trigger_error('user_get_field() for NO_USER', WARNING); return "@null@"; } $row = user_get_row($p_user_id); if (isset($row[$p_field_name])) { return $row[$p_field_name]; } else { error_parameters($p_field_name); trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING); return ''; } }
trigger_error(ERROR_EMPTY_FIELD, ERROR); } if ($f_project_id == ALL_PROJECTS) { access_ensure_global_level(config_get('set_configuration_threshold')); } else { access_ensure_project_level(config_get('set_configuration_threshold'), $f_project_id); } # make sure that configuration option specified is a valid one. $t_not_found_value = '***CONFIG OPTION NOT FOUND***'; if (config_get_global($f_config_option, $t_not_found_value) === $t_not_found_value) { error_parameters($f_config_option); trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, ERROR); } # make sure that configuration option specified can be stored in the database if (!config_can_set_in_database($f_config_option)) { error_parameters($f_config_option); trigger_error(ERROR_CONFIG_OPT_CANT_BE_SET_IN_DB, ERROR); } if ($f_type === 'default') { $t_config_global_value = config_get_global($f_config_option); if (is_string($t_config_global_value)) { $t_type = 'string'; } else { if (is_int($t_config_global_value)) { $t_type = 'integer'; } else { # note that we consider bool and float as complex. We use ON/OFF for bools which map to numeric. $t_type = 'complex'; } } } else {
/** * Cache a filter row if necessary and return the cached copy * If the second parameter is true (default), trigger an error * if the filter can't be found. If the second parameter is * false, return false if the filter can't be found. * @param integer $p_filter_id A filter identifier to retrieve. * @param boolean $p_trigger_errors Whether to trigger an error if the filter is not found. * @return array|boolean */ function filter_cache_row($p_filter_id, $p_trigger_errors = true) { global $g_cache_filter; if (isset($g_cache_filter[$p_filter_id])) { return $g_cache_filter[$p_filter_id]; } $t_query = 'SELECT * FROM {filters} WHERE id=' . db_param(); $t_result = db_query($t_query, array($p_filter_id)); $t_row = db_fetch_array($t_result); if (!$t_row) { if ($p_trigger_errors) { error_parameters($p_filter_id); trigger_error(ERROR_FILTER_NOT_FOUND, ERROR); } else { return false; } } $g_cache_filter[$p_filter_id] = $t_row; return $t_row; }
require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('profile_api.php'); require_api('project_api.php'); require_api('relationship_api.php'); require_api('string_api.php'); require_api('utility_api.php'); require_api('version_api.php'); $f_master_bug_id = gpc_get_int('m_id', 0); if ($f_master_bug_id > 0) { # master bug exists... bug_ensure_exists($f_master_bug_id); # master bug is not read-only... if (bug_is_readonly($f_master_bug_id)) { error_parameters($f_master_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } $t_bug = bug_get($f_master_bug_id, true); #@@@ (thraxisp) Note that the master bug is cloned into the same project as the master, independent of # what the current project is set to. if ($t_bug->project_id != helper_get_current_project()) { # in case the current project is not the same project of the bug we are viewing... # ... override the current project. This to avoid problems with categories and handlers lists etc. $g_project_override = $t_bug->project_id; $t_changed_project = true; } else { $t_changed_project = false; } access_ensure_project_level(config_get('report_bug_threshold')); $f_build = $t_bug->build;
/** * Return the specified preference field for the user id * If the preference can't be found try to return a defined default * If that fails, trigger a WARNING and return '' * @param int $p_user_id * @param string $p_pref_name * @param int $p_project_id * @return string */ function user_pref_get_pref( $p_user_id, $p_pref_name, $p_project_id = ALL_PROJECTS ) { static $t_vars; $t_prefs = user_pref_get( $p_user_id, $p_project_id ); if ($t_vars == null ) { $t_reflection = new ReflectionClass('UserPreferences'); $t_vars = $t_reflection->getDefaultProperties(); } if( in_array( $p_pref_name, array_keys( $t_vars ), true ) ) { return $t_prefs->Get( $p_pref_name ); } else { error_parameters( $p_pref_name ); trigger_error( ERROR_DB_FIELD_NOT_FOUND, WARNING ); return ''; } }
/** * MantisBT Core API's */ require_once 'core.php'; auth_reauthenticate(); access_ensure_global_level(config_get('manage_user_threshold')); $f_username = gpc_get_string('username', ''); if (is_blank($f_username)) { $t_user_id = gpc_get_int('user_id'); } else { $t_user_id = user_get_id_by_name($f_username); if ($t_user_id === false) { # If we can't find the user by name, attempt to find by email. $t_user_id = user_get_id_by_email($f_username); if ($t_user_id === false) { error_parameters($f_username); trigger_error(ERROR_USER_BY_NAME_NOT_FOUND, ERROR); } } } $t_user = user_get_row($t_user_id); # Ensure that the account to be updated is of equal or lower access to the # current user. access_ensure_global_level($t_user['access_level']); $t_ldap = LDAP == config_get('login_method'); html_page_top(); print_manage_menu(); ?> <br />
/** * get database table name * @return string containing full database table name */ function db_get_table($p_option) { if (isset($GLOBALS['g_db_table'][$p_option])) { $t_value = config_eval($GLOBALS['g_db_table'][$p_option]); if ($t_value !== $GLOBALS['g_db_table'][$p_option]) { $GLOBALS['g_db_table'][$p_option] = $t_value; } return $t_value; } else { error_parameters($p_option); trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, WARNING); } }
$t_file['tmp_name'] = $f_files['tmp_name'][$i]; $t_file['type'] = $f_files['type'][$i]; $t_file['error'] = $f_files['error'][$i]; $t_file['size'] = $f_files['size'][$i]; file_add($t_bug_id, $t_file, 'bug'); } } # Handle custom field submission foreach ($t_related_custom_field_ids as $t_id) { # Do not set custom field value if user has no write access if (!custom_field_has_write_access($t_id, $t_bug_id)) { continue; } $t_def = custom_field_get_definition($t_id); if (!custom_field_set_value($t_id, $t_bug_id, gpc_get_custom_field("custom_field_{$t_id}", $t_def['type'], $t_def['default_value']), false)) { error_parameters(lang_get_defaulted(custom_field_get_field($t_id, 'name'))); trigger_error(ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR); } } $f_master_bug_id = gpc_get_int('m_id', 0); $f_rel_type = gpc_get_int('rel_type', -1); if ($f_master_bug_id > 0) { # it's a child generation... let's create the relationship and add some lines in the history # update master bug last updated bug_update_date($f_master_bug_id); # Add log line to record the cloning action history_log_event_special($t_bug_id, BUG_CREATED_FROM, '', $f_master_bug_id); history_log_event_special($f_master_bug_id, BUG_CLONED_TO, '', $t_bug_id); if ($f_rel_type >= 0) { # Add the relationship relationship_add($t_bug_id, $f_master_bug_id, $f_rel_type);
* @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'profile_api.php'; form_security_validate('profile_update'); auth_ensure_user_authenticated(); current_user_ensure_unprotected(); $f_action = gpc_get_string('action'); if ($f_action != 'add') { $f_profile_id = gpc_get_int('profile_id'); # Make sure user did select an existing profile from the list if ($f_action != 'make_default' && $f_profile_id == 0) { error_parameters(lang_get('select_profile')); trigger_error(ERROR_EMPTY_FIELD, ERROR); } } switch ($f_action) { case 'edit': form_security_purge('profile_update'); print_header_redirect('account_prof_edit_page.php?profile_id=' . $f_profile_id); break; case 'add': $f_platform = gpc_get_string('platform'); $f_os = gpc_get_string('os'); $f_os_build = gpc_get_string('os_build'); $f_description = gpc_get_string('description'); $t_user_id = gpc_get_int('user_id'); if (ALL_USERS != $t_user_id) {
require_api('error_api.php'); require_api('event_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('print_api.php'); require_api('string_api.php'); form_security_validate('bugnote_update'); $f_bugnote_id = gpc_get_int('bugnote_id'); $f_bugnote_text = gpc_get_string('bugnote_text', ''); $f_time_tracking = gpc_get_string('time_tracking', '0:00'); # Check if the current user is allowed to edit the bugnote $t_user_id = auth_get_current_user_id(); $t_reporter_id = bugnote_get_field($f_bugnote_id, 'reporter_id'); if ($t_user_id == $t_reporter_id) { access_ensure_bugnote_level(config_get('bugnote_user_edit_threshold'), $f_bugnote_id); } else { access_ensure_bugnote_level(config_get('update_bugnote_threshold'), $f_bugnote_id); } # Check if the bug is readonly $t_bug_id = bugnote_get_field($f_bugnote_id, 'bug_id'); if (bug_is_readonly($t_bug_id)) { error_parameters($t_bug_id); trigger_error(ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR); } $f_bugnote_text = trim($f_bugnote_text) . "\n\n"; bugnote_set_text($f_bugnote_id, $f_bugnote_text); bugnote_set_time_tracking($f_bugnote_id, $f_time_tracking); # Plugin integration event_signal('EVENT_BUGNOTE_EDIT', array($t_bug_id, $f_bugnote_id)); form_security_purge('bugnote_update'); print_successful_redirect(string_get_bug_view_url($t_bug_id) . '#bugnotes');
/** * Retrieves an internationalized string * This function will return one of (in order of preference): * 1. The string in the current user's preferred language (if defined) * 2. The string in English * @param string $p_string * @param string $p_lang * @return string */ function lang_get($p_string, $p_lang = null) { global $g_lang_strings; # If no specific language is requested, we'll # try to determine the language from the users # preferences $t_lang = $p_lang; if (null === $t_lang) { $t_lang = lang_get_current(); } // Now we'll make sure that the requested language is loaded lang_ensure_loaded($t_lang); # note in the current implementation we always return the same value # because we don't have a concept of falling back on a language. The # language files actually *contain* English strings if none has been # defined in the correct language # @todo thraxisp - not sure if this is still true. Strings from last language loaded # may still be in memeory if a new language is loaded. if (lang_exists($p_string, $t_lang)) { return $g_lang_strings[$t_lang][$p_string]; } else { $t_plugin_current = plugin_get_current(); if (!is_null($t_plugin_current)) { lang_load($t_lang, config_get('plugin_path') . $t_plugin_current . DIRECTORY_SEPARATOR . 'lang' . DIRECTORY_SEPARATOR); if (lang_exists($p_string, $t_lang)) { return $g_lang_strings[$t_lang][$p_string]; } } if ($t_lang == 'english') { error_parameters($p_string); trigger_error(ERROR_LANG_STRING_NOT_FOUND, WARNING); return ''; } else { # if string is not found in a language other than english, then retry using the english language. return lang_get($p_string, 'english'); } } }
/** * return the specified user field for the user id * * @param integer $p_user_id A valid user identifier. * @param string $p_field_name The field name to retrieve. * @return string */ function user_get_field($p_user_id, $p_field_name) { if (NO_USER == $p_user_id) { error_parameters(NO_USER); trigger_error(ERROR_USER_BY_ID_NOT_FOUND, WARNING); return '@null@'; } $t_row = user_get_row($p_user_id); if (isset($t_row[$p_field_name])) { switch ($p_field_name) { case 'access_level': return (int) $t_row[$p_field_name]; default: return $t_row[$p_field_name]; } } else { error_parameters($p_field_name); trigger_error(ERROR_DB_FIELD_NOT_FOUND, WARNING); return ''; } }