Example #1
0
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
    if (!file_type_check($p_name)) {
        return new soap_fault('Client', '', 'File type not allowed.');
    }
    if (!file_is_name_unique($p_name, $p_id)) {
        return new soap_fault('Client', '', 'Duplicate filename.');
    }
    $t_file_size = strlen($p_content);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        return new soap_fault('Client', '', 'File is too big.');
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_id, 'project_id');
        $t_issue_id = bug_format_id($p_id);
    } else {
        $t_project_id = $p_id;
        $t_issue_id = 0;
    }
    # prepare variables for insertion
    $c_issue_id = db_prepare_int($t_issue_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file_type);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($p_user_id === null) {
        $c_user_id = auth_get_current_user_id();
    } else {
        $c_user_id = (int) $p_user_id;
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if ($t_file_path == '') {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($p_name);
    $t_file_hash = $t_issue_id;
    $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path);
    $c_disk_file_name = db_prepare_string($t_disk_file_name);
    $t_file_size = strlen($p_content);
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
                return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist.");
            }
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                mci_file_write_local($t_disk_file_name, $p_content);
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name);
                    file_ftp_disconnect($conn_id);
                    file_delete_local($t_disk_file_name);
                } else {
                    chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                }
                $c_content = "''";
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string($p_content);
            break;
    }
    $t_file_table = db_get_table($p_table . '_file');
    $c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
    db_query($query);
    # get attachment id
    $t_attachment_id = db_insert_id($t_file_table);
    if ('bug' == $p_table) {
        # updated the last_updated date
        $result = bug_update_date($c_issue_id);
        # log new bug
        history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name);
    }
    return $t_attachment_id;
}
Example #2
0
/**
 *
 * Copies all attachments from the source bug to the destination bug
 *
 * <p>Does not perform history logging and does not perform access checks.</p>
 *
 * @param int $p_source_bug_id
 * @param int $p_dest_bug_id
 */
function file_copy_attachments($p_source_bug_id, $p_dest_bug_id)
{
    $t_mantis_bug_file_table = db_get_table('bug_file');
    $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param();
    $result = db_query_bound($query, array($p_source_bug_id));
    $t_count = db_num_rows($result);
    $t_bug_file = array();
    for ($i = 0; $i < $t_count; $i++) {
        $t_bug_file = db_fetch_array($result);
        # prepare the new diskfile name and then copy the file
        $t_file_path = dirname($t_bug_file['folder']);
        $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path);
        $t_new_file_name = file_get_display_name($t_bug_file['filename']);
        if (config_get('file_upload_method') == DISK) {
            copy($t_bug_file['diskfile'], $t_new_diskfile_name);
            chmod($t_new_diskfile_name, config_get('attachments_file_permissions'));
        }
        $query = "INSERT INTO {$t_mantis_bug_file_table}\n    \t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n    \t\t\t\t\t\tVALUES ( " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ",\n    \t\t\t\t\t\t\t\t " . db_param() . ");";
        db_query_bound($query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content']));
    }
}
Example #3
0
/**
 * Copies all attachments from the source bug to the destination bug
 *
 * Does not perform history logging and does not perform access checks.
 *
 * @param integer $p_source_bug_id Source Bug.
 * @param integer $p_dest_bug_id   Destination Bug.
 * @return void
 */
function file_copy_attachments($p_source_bug_id, $p_dest_bug_id)
{
    $t_query = 'SELECT * FROM {bug_file} WHERE bug_id = ' . db_param();
    $t_result = db_query($t_query, array($p_source_bug_id));
    $t_count = db_num_rows($t_result);
    $t_project_id = bug_get_field($p_source_bug_id, 'project_id');
    for ($i = 0; $i < $t_count; $i++) {
        $t_bug_file = db_fetch_array($t_result);
        # prepare the new diskfile name and then copy the file
        $t_source_file = $t_bug_file['folder'] . $t_bug_file['diskfile'];
        if (config_get('file_upload_method') == DISK) {
            $t_source_file = file_normalize_attachment_path($t_source_file, $t_project_id);
            $t_file_path = dirname($t_source_file) . DIRECTORY_SEPARATOR;
        } else {
            $t_file_path = $t_bug_file['folder'];
        }
        $t_new_diskfile_name = file_generate_unique_name($t_file_path);
        $t_new_diskfile_location = $t_file_path . $t_new_diskfile_name;
        $t_new_file_name = file_get_display_name($t_bug_file['filename']);
        if (config_get('file_upload_method') == DISK) {
            # Skip copy operation if file does not exist (i.e. target bug will have missing attachment)
            # @todo maybe we should trigger an error instead in this case ?
            if (file_exists($t_source_file)) {
                copy($t_source_file, $t_new_diskfile_location);
                chmod($t_new_diskfile_location, config_get('attachments_file_permissions'));
            }
        }
        $t_query = 'INSERT INTO {bug_file} (
				bug_id, title, description, diskfile, filename, folder,
				filesize, file_type, date_added, user_id, content
			)
			VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')';
        db_query($t_query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_file_path, $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['user_id'], $t_bug_file['content']));
    }
}
Example #4
0
/**
 * Add a file
 * @param integer $p_id        File id.
 * @param string  $p_name      File name.
 * @param string  $p_content   File content to write.
 * @param string  $p_file_type File type.
 * @param string  $p_table     Database table name.
 * @param string  $p_title     Title.
 * @param string  $p_desc      Description.
 * @param string  $p_user_id   User id.
 * @return mixed
 */
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
    if (!file_type_check($p_name)) {
        return SoapObjectsFactory::newSoapFault('Client', 'File type not allowed.');
    }
    if (!file_is_name_unique($p_name, $p_id)) {
        return SoapObjectsFactory::newSoapFault('Client', 'Duplicate filename.');
    }
    $t_file_size = strlen($p_content);
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        return SoapObjectsFactory::newSoapFault('Client', 'File is too big.');
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_id, 'project_id');
        $t_id = (int) $p_id;
        $t_issue_id = bug_format_id($p_id);
    } else {
        $t_project_id = $p_id;
        $t_id = $t_project_id;
        $t_issue_id = 0;
    }
    if ($p_user_id === null) {
        $p_user_id = auth_get_current_user_id();
    }
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if (is_blank($t_file_path)) {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $t_unique_name = file_generate_unique_name($t_file_path);
    $t_disk_file_name = $t_file_path . $t_unique_name;
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case DISK:
            if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
                return SoapObjectsFactory::newSoapFault('Server', 'Upload folder \'' . $t_file_path . '\' doesn\'t exist.');
            }
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                mci_file_write_local($t_disk_file_name, $p_content);
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = "''";
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string($p_content);
            $t_file_path = '';
            break;
    }
    $t_file_table = db_get_table($p_table . '_file');
    $t_id_col = $p_table . '_id';
    $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $p_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file_type, 'date_added' => db_now(), 'user_id' => (int) $p_user_id);
    # Oracle has to update BLOBs separately
    if (!db_is_oracle()) {
        $t_param['content'] = $c_content;
    }
    $t_query_param = db_param();
    for ($i = 1; $i < count($t_param); $i++) {
        $t_query_param .= ', ' . db_param();
    }
    $t_query = 'INSERT INTO ' . $t_file_table . '
		( ' . implode(', ', array_keys($t_param)) . ' )
	VALUES
		( ' . $t_query_param . ' )';
    db_query($t_query, array_values($t_param));
    # get attachment id
    $t_attachment_id = db_insert_id($t_file_table);
    if (db_is_oracle()) {
        db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'");
    }
    if ('bug' == $p_table) {
        # bump the last_updated date
        bug_update_date($t_issue_id);
        # add history entry
        history_log_event_special($t_issue_id, FILE_ADDED, $p_name);
    }
    return $t_attachment_id;
}
Example #5
0
/**
 * Copy a bug from one project to another. Also make copies of issue notes, attachments, history,
 * email notifications etc.
 * @todo Not managed FTP file upload
 * @param array p_bug_id integer representing bug id
 * @param int p_target_project_id
 * @param bool p_copy_custom_fields
 * @param bool p_copy_relationships
 * @return int representing the new bugid
 * @access public
 */
function bug_copy($p_bug_id, $p_target_project_id = null, $p_copy_custom_fields = false, $p_copy_relationships = false, $p_copy_history = false, $p_copy_attachments = false, $p_copy_bugnotes = false, $p_copy_monitoring_users = false)
{
    global $g_db;
    $t_mantis_custom_field_string_table = db_get_table('custom_field_string');
    $t_mantis_bug_file_table = db_get_table('bug_file');
    $t_mantis_bugnote_table = db_get_table('bugnote');
    $t_mantis_bugnote_text_table = db_get_table('bugnote_text');
    $t_mantis_bug_history_table = db_get_table('bug_history');
    $t_mantis_db = $g_db;
    $t_bug_id = db_prepare_int($p_bug_id);
    $t_target_project_id = db_prepare_int($p_target_project_id);
    $t_bug_data = bug_get($t_bug_id, true);
    # retrieve the project id associated with the bug
    if ($p_target_project_id == null || is_blank($p_target_project_id)) {
        $t_target_project_id = $t_bug_data->project_id;
    }
    $t_bug_data->project_id = $t_target_project_id;
    $t_new_bug_id = $t_bug_data->create();
    # MASC ATTENTION: IF THE SOURCE BUG HAS TO HANDLER THE bug_create FUNCTION CAN TRY TO AUTO-ASSIGN THE BUG
    # WE FORCE HERE TO DUPLICATE THE SAME HANDLER OF THE SOURCE BUG
    # @todo VB: Shouldn't we check if the handler in the source project is also a handler in the destination project?
    bug_set_field($t_new_bug_id, 'handler_id', $t_bug_data->handler_id);
    bug_set_field($t_new_bug_id, 'duplicate_id', $t_bug_data->duplicate_id);
    bug_set_field($t_new_bug_id, 'status', $t_bug_data->status);
    bug_set_field($t_new_bug_id, 'resolution', $t_bug_data->resolution);
    bug_set_field($t_new_bug_id, 'projection', $t_bug_data->projection);
    bug_set_field($t_new_bug_id, 'date_submitted', $t_bug_data->date_submitted);
    bug_set_field($t_new_bug_id, 'last_updated', $t_bug_data->last_updated);
    bug_set_field($t_new_bug_id, 'eta', $t_bug_data->eta);
    bug_set_field($t_new_bug_id, 'fixed_in_version', $t_bug_data->fixed_in_version);
    bug_set_field($t_new_bug_id, 'target_version', $t_bug_data->target_version);
    bug_set_field($t_new_bug_id, 'sponsorship_total', 0);
    bug_set_field($t_new_bug_id, 'sticky', 0);
    bug_set_field($t_new_bug_id, 'due_date', $t_bug_data->due_date);
    # COPY CUSTOM FIELDS
    if ($p_copy_custom_fields) {
        $query = "SELECT field_id, bug_id, value\n\t\t\t\t\t   FROM {$t_mantis_custom_field_string_table}\n\t\t\t\t\t   WHERE bug_id=" . db_param();
        $result = db_query_bound($query, array($t_bug_id));
        $t_count = db_num_rows($result);
        for ($i = 0; $i < $t_count; $i++) {
            $t_bug_custom = db_fetch_array($result);
            $c_field_id = db_prepare_int($t_bug_custom['field_id']);
            $c_new_bug_id = db_prepare_int($t_new_bug_id);
            $c_value = $t_bug_custom['value'];
            $query = "INSERT INTO {$t_mantis_custom_field_string_table}\n\t\t\t\t\t\t   ( field_id, bug_id, value )\n\t\t\t\t\t\t   VALUES (" . db_param() . ', ' . db_param() . ', ' . db_param() . ')';
            db_query_bound($query, array($c_field_id, $c_new_bug_id, $c_value));
        }
    }
    # Copy Relationships
    if ($p_copy_relationships) {
        relationship_copy_all($t_bug_id, $t_new_bug_id);
    }
    # Copy bugnotes
    if ($p_copy_bugnotes) {
        $query = "SELECT *\n\t\t\t\t\t  FROM {$t_mantis_bugnote_table}\n\t\t\t\t\t  WHERE bug_id=" . db_param();
        $result = db_query_bound($query, array($t_bug_id));
        $t_count = db_num_rows($result);
        for ($i = 0; $i < $t_count; $i++) {
            $t_bug_note = db_fetch_array($result);
            $t_bugnote_text_id = $t_bug_note['bugnote_text_id'];
            $query2 = "SELECT *\n\t\t\t\t\t\t   FROM {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t   WHERE id=" . db_param();
            $result2 = db_query_bound($query2, array($t_bugnote_text_id));
            $t_count2 = db_num_rows($result2);
            $t_bugnote_text_insert_id = -1;
            if ($t_count2 > 0) {
                $t_bugnote_text = db_fetch_array($result2);
                $query2 = "INSERT INTO {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t\t   ( note )\n\t\t\t\t\t\t\t   VALUES ( " . db_param() . ' )';
                db_query_bound($query2, array($t_bugnote_text['note']));
                $t_bugnote_text_insert_id = db_insert_id($t_mantis_bugnote_text_table);
            }
            $query2 = "INSERT INTO {$t_mantis_bugnote_table}\n\t\t\t\t\t\t   ( bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified )\n\t\t\t\t\t\t   VALUES ( " . db_param() . ",\n\t\t\t\t\t\t   \t\t\t" . db_param() . ",\n\t\t\t\t\t\t   \t\t\t" . db_param() . ",\n\t\t\t\t\t\t   \t\t\t" . db_param() . ",\n\t\t\t\t\t\t   \t\t\t" . db_param() . ",\n\t\t\t\t\t\t   \t\t\t" . db_param() . ')';
            db_query_bound($query2, array($t_new_bug_id, $t_bug_note['reporter_id'], $t_bugnote_text_insert_id, $t_bug_note['view_state'], $t_bug_note['date_submitted'], $t_bug_note['last_modified']));
        }
    }
    # Copy attachments
    if ($p_copy_attachments) {
        $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param();
        $result = db_query_bound($query, array($t_bug_id));
        $t_count = db_num_rows($result);
        $t_bug_file = array();
        for ($i = 0; $i < $t_count; $i++) {
            $t_bug_file = db_fetch_array($result);
            # prepare the new diskfile name and then copy the file
            $t_file_path = dirname($t_bug_file['folder']);
            $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path);
            $t_new_file_name = file_get_display_name($t_bug_file['filename']);
            if (config_get('file_upload_method') == DISK) {
                copy($t_bug_file['diskfile'], $t_new_diskfile_name);
                chmod($t_new_diskfile_name, config_get('attachments_file_permissions'));
            }
            $query = "INSERT INTO {$t_mantis_bug_file_table}\n\t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n\t\t\t\t\t\tVALUES ( " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ");";
            db_query_bound($query, array($t_new_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content']));
        }
    }
    # Copy users monitoring bug
    if ($p_copy_monitoring_users) {
        bug_monitor_copy($t_bug_id, $t_new_bug_id);
    }
    # COPY HISTORY
    history_delete($t_new_bug_id);
    # should history only be deleted inside the if statement below?
    if ($p_copy_history) {
        $query = "SELECT *\n\t\t\t\t\t  FROM {$t_mantis_bug_history_table}\n\t\t\t\t\t  WHERE bug_id = " . db_param();
        $result = db_query_bound($query, array($t_bug_id));
        $t_count = db_num_rows($result);
        for ($i = 0; $i < $t_count; $i++) {
            $t_bug_history = db_fetch_array($result);
            $query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t\t  ( user_id, bug_id, date_modified, field_name, old_value, new_value, type )\n\t\t\t\t\t\t  VALUES ( " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . ",\n\t\t\t\t\t\t  \t\t   " . db_param() . " );";
            db_query_bound($query, array($t_bug_history['user_id'], $t_new_bug_id, $t_bug_history['date_modified'], $t_bug_history['field_name'], $t_bug_history['old_value'], $t_bug_history['new_value'], $t_bug_history['type']));
        }
    }
    return $t_new_bug_id;
}
Example #6
0
/**
 * Moves attachments from the specified list of projects from database to disk
 * @param string $p_type Attachment type ('bug' or 'project')
 * @param array $p_projects List of projects to process
 * @return array summary of moves per project
 */
function move_attachments_to_disk($p_type, $p_projects)
{
    if (empty($p_projects)) {
        return array();
    }
    # Build the SQL query based on attachment type
    $t_file_table = db_get_table("mantis_{$p_type}_file_table");
    switch ($p_type) {
        case 'project':
            $t_query = "SELECT f.*\n\t\t\t\tFROM {$t_file_table} f\n\t\t\t\tWHERE content <> ''\n\t\t\t\t  AND f.project_id = " . db_param() . "\n\t\t\t\tORDER BY f.filename";
            break;
        case 'bug':
            $t_bug_table = db_get_table('mantis_bug_table');
            $t_query = "SELECT f.*\n\t\t\t\tFROM {$t_file_table} f\n\t\t\t\tJOIN {$t_bug_table} b ON b.id = f.bug_id\n\t\t\t\tWHERE content <> ''\n\t\t\t\t  AND b.project_id = " . db_param() . "\n\t\t\t\tORDER BY f.bug_id, f.filename";
            break;
    }
    # Process projects list
    foreach ($p_projects as $t_project) {
        # Retrieve attachments for the project
        $t_result = db_query_bound($t_query, array($t_project));
        # Project upload path
        $t_upload_path = project_get_upload_path($t_project);
        if (is_blank($t_upload_path) || !file_exists($t_upload_path) || !is_dir($t_upload_path) || !is_writable($t_upload_path)) {
            # Invalid path
            $t_failures = db_num_rows($t_result);
            $t_data = "ERROR: Upload path '{$t_upload_path}' does not exist or is not writable";
        } else {
            # Process attachments
            $t_failures = 0;
            $t_data = array();
            if ($p_type == 'project') {
                $t_seed = config_get('document_files_prefix', null, ALL_USERS, $t_project) . $t_project;
            }
            while ($t_row = db_fetch_array($t_result)) {
                if ($p_type == 'bug') {
                    $t_seed = $t_row['bug_id'] . $t_row['filename'];
                }
                $t_filename = $t_upload_path . file_generate_unique_name($t_seed, $t_upload_path);
                # write file to disk
                if (file_put_contents($t_filename, $t_row['content'])) {
                    # successful, update database
                    # @todo do we want to check the size of data transfer matches here?
                    $t_update_query = "UPDATE {$t_file_table}\n\t\t\t\t\t\tSET diskfile = " . db_param() . ",\n\t\t\t\t\t\t\tfolder = " . db_param() . ",\n\t\t\t\t\t\t\tcontent = ''\n\t\t\t\t\t\tWHERE id = " . db_param();
                    $t_update_result = db_query_bound($t_update_query, array($t_filename, $t_upload_path, $t_row['id']));
                    if (!$t_update_result) {
                        $t_status = 'Database update failed';
                        $t_failures++;
                    } else {
                        $t_status = "Moved to '{$t_filename}'";
                    }
                } else {
                    $t_status = "Copy to '{$t_filename}' failed";
                    $t_failures++;
                }
                # Add the file and status to the list of processed attachments
                $t_file = array('id' => $t_row['id'], 'filename' => $t_row['filename'], 'status' => $t_status);
                if ($p_type == 'bug') {
                    $t_file['bug_id'] = $t_row['bug_id'];
                }
                $t_data[] = $t_file;
            }
        }
        $t_moved[] = array('name' => project_get_name($t_project), 'path' => $t_upload_path, 'rows' => db_num_rows($t_result), 'failed' => $t_failures, 'data' => $t_data);
    }
    return $t_moved;
}
Example #7
0
function file_add($p_bug_id, $p_tmp_file, $p_file_name, $p_file_type = '', $p_table = 'bug', $p_file_error = 0, $p_title = '', $p_desc = '')
{
    if (php_version_at_least('4.2.0')) {
        switch ((int) $p_file_error) {
            case UPLOAD_ERR_INI_SIZE:
            case UPLOAD_ERR_FORM_SIZE:
                trigger_error(ERROR_FILE_TOO_BIG, ERROR);
                break;
            case UPLOAD_ERR_PARTIAL:
            case UPLOAD_ERR_NO_FILE:
                trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
                break;
            default:
                break;
        }
    }
    if ('' == $p_tmp_file || '' == $p_file_name) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    if (!is_readable($p_tmp_file)) {
        trigger_error(ERROR_UPLOAD_FAILURE, ERROR);
    }
    if (!file_type_check($p_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    if (!file_is_name_unique($p_file_name, $p_bug_id)) {
        trigger_error(ERROR_DUPLICATE_FILE, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_bug_id = bug_format_id($p_bug_id);
    } else {
        $t_project_id = helper_get_current_project();
        $t_bug_id = 0;
    }
    # prepare variables for insertion
    $c_bug_id = db_prepare_int($p_bug_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file_type);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if ($t_file_path == '') {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($p_file_name);
    $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
    $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path);
    $c_disk_file_name = db_prepare_string($t_disk_file_name);
    $t_file_size = filesize($p_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file);
                    file_ftp_disconnect($conn_id);
                }
                if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) {
                    trigger_error(FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, 0400);
                $c_content = '';
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size));
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = config_get('mantis_' . $p_table . '_file_table');
    $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t  VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', " . db_now() . ", '{$c_content}')";
    db_query($query);
    if ('bug' == $p_table) {
        # updated the last_updated date
        $result = bug_update_date($p_bug_id);
        # log new bug
        history_log_event_special($p_bug_id, FILE_ADDED, $p_file_name);
    }
}
Example #8
0
/**
 * Add a file to the system using the configured storage method
 *
 * @param integer $p_bug_id the bug id
 * @param array $p_file the uploaded file info, as retrieved from gpc_get_file()
 * @param string $p_table table ('bug' or 'doc')
 * @param string $p_title file title
 * @param string $p_desc file description
 * @param int $p_user_id user id
 * @param int $p_date_added date added
 * @param bool $p_skip_bug_update skip bug last modification update (useful when importing bug attachments)
 */
function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false)
{
    file_ensure_uploaded($p_file);
    $t_file_name = $p_file['name'];
    $t_tmp_file = $p_file['tmp_name'];
    $c_date_added = $p_date_added <= 0 ? db_now() : db_prepare_int($p_date_added);
    if (!file_type_check($t_file_name)) {
        trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
    }
    if (!file_is_name_unique($t_file_name, $p_bug_id)) {
        trigger_error(ERROR_DUPLICATE_FILE, ERROR);
    }
    if ('bug' == $p_table) {
        $t_project_id = bug_get_field($p_bug_id, 'project_id');
        $t_bug_id = bug_format_id($p_bug_id);
    } else {
        $t_project_id = helper_get_current_project();
        $t_bug_id = 0;
    }
    if ($p_user_id === null) {
        $c_user_id = auth_get_current_user_id();
    } else {
        $c_user_id = (int) $p_user_id;
    }
    # prepare variables for insertion
    $c_bug_id = db_prepare_int($p_bug_id);
    $c_project_id = db_prepare_int($t_project_id);
    $c_file_type = db_prepare_string($p_file['type']);
    $c_title = db_prepare_string($p_title);
    $c_desc = db_prepare_string($p_desc);
    if ($t_project_id == ALL_PROJECTS) {
        $t_file_path = config_get('absolute_path_default_upload_folder');
    } else {
        $t_file_path = project_get_field($t_project_id, 'file_path');
        if ($t_file_path == '') {
            $t_file_path = config_get('absolute_path_default_upload_folder');
        }
    }
    $c_file_path = db_prepare_string($t_file_path);
    $c_new_file_name = db_prepare_string($t_file_name);
    $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
    $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path);
    $t_disk_file_name = $t_file_path . $t_unique_name;
    $c_unique_name = db_prepare_string($t_unique_name);
    $t_file_size = filesize($t_tmp_file);
    if (0 == $t_file_size) {
        trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
    }
    $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
    if ($t_file_size > $t_max_file_size) {
        trigger_error(ERROR_FILE_TOO_BIG, ERROR);
    }
    $c_file_size = db_prepare_int($t_file_size);
    $t_method = config_get('file_upload_method');
    switch ($t_method) {
        case FTP:
        case DISK:
            file_ensure_valid_upload_path($t_file_path);
            if (!file_exists($t_disk_file_name)) {
                if (FTP == $t_method) {
                    $conn_id = file_ftp_connect();
                    file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file);
                    file_ftp_disconnect($conn_id);
                }
                if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
                    trigger_error(FILE_MOVE_FAILED, ERROR);
                }
                chmod($t_disk_file_name, config_get('attachments_file_permissions'));
                $c_content = "''";
            } else {
                trigger_error(ERROR_FILE_DUPLICATE, ERROR);
            }
            break;
        case DATABASE:
            $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
            break;
        default:
            trigger_error(ERROR_GENERIC, ERROR);
    }
    $t_file_table = db_get_table($p_table . '_file');
    $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id;
    $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t  VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . $c_date_added . "', {$c_content}, {$c_user_id})";
    db_query($query);
    if ('bug' == $p_table) {
        # updated the last_updated date
        if (!$p_skip_bug_update) {
            $result = bug_update_date($p_bug_id);
        }
        # log new bug
        history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
    }
}