function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null) { if (!file_type_check($p_name)) { return new soap_fault('Client', '', 'File type not allowed.'); } if (!file_is_name_unique($p_name, $p_id)) { return new soap_fault('Client', '', 'Duplicate filename.'); } $t_file_size = strlen($p_content); $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { return new soap_fault('Client', '', 'File is too big.'); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_id, 'project_id'); $t_issue_id = bug_format_id($p_id); } else { $t_project_id = $p_id; $t_issue_id = 0; } # prepare variables for insertion $c_issue_id = db_prepare_int($t_issue_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file_type); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = (int) $p_user_id; } if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if ($t_file_path == '') { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($p_name); $t_file_hash = $t_issue_id; $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path); $c_disk_file_name = db_prepare_string($t_disk_file_name); $t_file_size = strlen($p_content); $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) { return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist."); } file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { mci_file_write_local($t_disk_file_name, $p_content); if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name); file_ftp_disconnect($conn_id); file_delete_local($t_disk_file_name); } else { chmod($t_disk_file_name, config_get('attachments_file_permissions')); } $c_content = "''"; } break; case DATABASE: $c_content = db_prepare_binary_string($p_content); break; } $t_file_table = db_get_table($p_table . '_file'); $c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})"; db_query($query); # get attachment id $t_attachment_id = db_insert_id($t_file_table); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($c_issue_id); # log new bug history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name); } return $t_attachment_id; }
/** * * Copies all attachments from the source bug to the destination bug * * <p>Does not perform history logging and does not perform access checks.</p> * * @param int $p_source_bug_id * @param int $p_dest_bug_id */ function file_copy_attachments($p_source_bug_id, $p_dest_bug_id) { $t_mantis_bug_file_table = db_get_table('bug_file'); $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param(); $result = db_query_bound($query, array($p_source_bug_id)); $t_count = db_num_rows($result); $t_bug_file = array(); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($result); # prepare the new diskfile name and then copy the file $t_file_path = dirname($t_bug_file['folder']); $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path); $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { copy($t_bug_file['diskfile'], $t_new_diskfile_name); chmod($t_new_diskfile_name, config_get('attachments_file_permissions')); } $query = "INSERT INTO {$t_mantis_bug_file_table}\n \t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n \t\t\t\t\t\tVALUES ( " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ");"; db_query_bound($query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content'])); } }
/** * Copies all attachments from the source bug to the destination bug * * Does not perform history logging and does not perform access checks. * * @param integer $p_source_bug_id Source Bug. * @param integer $p_dest_bug_id Destination Bug. * @return void */ function file_copy_attachments($p_source_bug_id, $p_dest_bug_id) { $t_query = 'SELECT * FROM {bug_file} WHERE bug_id = ' . db_param(); $t_result = db_query($t_query, array($p_source_bug_id)); $t_count = db_num_rows($t_result); $t_project_id = bug_get_field($p_source_bug_id, 'project_id'); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($t_result); # prepare the new diskfile name and then copy the file $t_source_file = $t_bug_file['folder'] . $t_bug_file['diskfile']; if (config_get('file_upload_method') == DISK) { $t_source_file = file_normalize_attachment_path($t_source_file, $t_project_id); $t_file_path = dirname($t_source_file) . DIRECTORY_SEPARATOR; } else { $t_file_path = $t_bug_file['folder']; } $t_new_diskfile_name = file_generate_unique_name($t_file_path); $t_new_diskfile_location = $t_file_path . $t_new_diskfile_name; $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { # Skip copy operation if file does not exist (i.e. target bug will have missing attachment) # @todo maybe we should trigger an error instead in this case ? if (file_exists($t_source_file)) { copy($t_source_file, $t_new_diskfile_location); chmod($t_new_diskfile_location, config_get('attachments_file_permissions')); } } $t_query = 'INSERT INTO {bug_file} ( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, user_id, content ) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query($t_query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_file_path, $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['user_id'], $t_bug_file['content'])); } }
/** * Add a file * @param integer $p_id File id. * @param string $p_name File name. * @param string $p_content File content to write. * @param string $p_file_type File type. * @param string $p_table Database table name. * @param string $p_title Title. * @param string $p_desc Description. * @param string $p_user_id User id. * @return mixed */ function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null) { if (!file_type_check($p_name)) { return SoapObjectsFactory::newSoapFault('Client', 'File type not allowed.'); } if (!file_is_name_unique($p_name, $p_id)) { return SoapObjectsFactory::newSoapFault('Client', 'Duplicate filename.'); } $t_file_size = strlen($p_content); $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { return SoapObjectsFactory::newSoapFault('Client', 'File is too big.'); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_id, 'project_id'); $t_id = (int) $p_id; $t_issue_id = bug_format_id($p_id); } else { $t_project_id = $p_id; $t_id = $t_project_id; $t_issue_id = 0; } if ($p_user_id === null) { $p_user_id = auth_get_current_user_id(); } if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if (is_blank($t_file_path)) { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $t_unique_name = file_generate_unique_name($t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; $t_method = config_get('file_upload_method'); switch ($t_method) { case DISK: if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) { return SoapObjectsFactory::newSoapFault('Server', 'Upload folder \'' . $t_file_path . '\' doesn\'t exist.'); } file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { mci_file_write_local($t_disk_file_name, $p_content); chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = "''"; } break; case DATABASE: $c_content = db_prepare_binary_string($p_content); $t_file_path = ''; break; } $t_file_table = db_get_table($p_table . '_file'); $t_id_col = $p_table . '_id'; $t_param = array($t_id_col => $t_id, 'title' => $p_title, 'description' => $p_desc, 'diskfile' => $t_unique_name, 'filename' => $p_name, 'folder' => $t_file_path, 'filesize' => $t_file_size, 'file_type' => $p_file_type, 'date_added' => db_now(), 'user_id' => (int) $p_user_id); # Oracle has to update BLOBs separately if (!db_is_oracle()) { $t_param['content'] = $c_content; } $t_query_param = db_param(); for ($i = 1; $i < count($t_param); $i++) { $t_query_param .= ', ' . db_param(); } $t_query = 'INSERT INTO ' . $t_file_table . ' ( ' . implode(', ', array_keys($t_param)) . ' ) VALUES ( ' . $t_query_param . ' )'; db_query($t_query, array_values($t_param)); # get attachment id $t_attachment_id = db_insert_id($t_file_table); if (db_is_oracle()) { db_update_blob($t_file_table, 'content', $c_content, "diskfile='{$t_unique_name}'"); } if ('bug' == $p_table) { # bump the last_updated date bug_update_date($t_issue_id); # add history entry history_log_event_special($t_issue_id, FILE_ADDED, $p_name); } return $t_attachment_id; }
/** * Copy a bug from one project to another. Also make copies of issue notes, attachments, history, * email notifications etc. * @todo Not managed FTP file upload * @param array p_bug_id integer representing bug id * @param int p_target_project_id * @param bool p_copy_custom_fields * @param bool p_copy_relationships * @return int representing the new bugid * @access public */ function bug_copy($p_bug_id, $p_target_project_id = null, $p_copy_custom_fields = false, $p_copy_relationships = false, $p_copy_history = false, $p_copy_attachments = false, $p_copy_bugnotes = false, $p_copy_monitoring_users = false) { global $g_db; $t_mantis_custom_field_string_table = db_get_table('custom_field_string'); $t_mantis_bug_file_table = db_get_table('bug_file'); $t_mantis_bugnote_table = db_get_table('bugnote'); $t_mantis_bugnote_text_table = db_get_table('bugnote_text'); $t_mantis_bug_history_table = db_get_table('bug_history'); $t_mantis_db = $g_db; $t_bug_id = db_prepare_int($p_bug_id); $t_target_project_id = db_prepare_int($p_target_project_id); $t_bug_data = bug_get($t_bug_id, true); # retrieve the project id associated with the bug if ($p_target_project_id == null || is_blank($p_target_project_id)) { $t_target_project_id = $t_bug_data->project_id; } $t_bug_data->project_id = $t_target_project_id; $t_new_bug_id = $t_bug_data->create(); # MASC ATTENTION: IF THE SOURCE BUG HAS TO HANDLER THE bug_create FUNCTION CAN TRY TO AUTO-ASSIGN THE BUG # WE FORCE HERE TO DUPLICATE THE SAME HANDLER OF THE SOURCE BUG # @todo VB: Shouldn't we check if the handler in the source project is also a handler in the destination project? bug_set_field($t_new_bug_id, 'handler_id', $t_bug_data->handler_id); bug_set_field($t_new_bug_id, 'duplicate_id', $t_bug_data->duplicate_id); bug_set_field($t_new_bug_id, 'status', $t_bug_data->status); bug_set_field($t_new_bug_id, 'resolution', $t_bug_data->resolution); bug_set_field($t_new_bug_id, 'projection', $t_bug_data->projection); bug_set_field($t_new_bug_id, 'date_submitted', $t_bug_data->date_submitted); bug_set_field($t_new_bug_id, 'last_updated', $t_bug_data->last_updated); bug_set_field($t_new_bug_id, 'eta', $t_bug_data->eta); bug_set_field($t_new_bug_id, 'fixed_in_version', $t_bug_data->fixed_in_version); bug_set_field($t_new_bug_id, 'target_version', $t_bug_data->target_version); bug_set_field($t_new_bug_id, 'sponsorship_total', 0); bug_set_field($t_new_bug_id, 'sticky', 0); bug_set_field($t_new_bug_id, 'due_date', $t_bug_data->due_date); # COPY CUSTOM FIELDS if ($p_copy_custom_fields) { $query = "SELECT field_id, bug_id, value\n\t\t\t\t\t FROM {$t_mantis_custom_field_string_table}\n\t\t\t\t\t WHERE bug_id=" . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_custom = db_fetch_array($result); $c_field_id = db_prepare_int($t_bug_custom['field_id']); $c_new_bug_id = db_prepare_int($t_new_bug_id); $c_value = $t_bug_custom['value']; $query = "INSERT INTO {$t_mantis_custom_field_string_table}\n\t\t\t\t\t\t ( field_id, bug_id, value )\n\t\t\t\t\t\t VALUES (" . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query_bound($query, array($c_field_id, $c_new_bug_id, $c_value)); } } # Copy Relationships if ($p_copy_relationships) { relationship_copy_all($t_bug_id, $t_new_bug_id); } # Copy bugnotes if ($p_copy_bugnotes) { $query = "SELECT *\n\t\t\t\t\t FROM {$t_mantis_bugnote_table}\n\t\t\t\t\t WHERE bug_id=" . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_note = db_fetch_array($result); $t_bugnote_text_id = $t_bug_note['bugnote_text_id']; $query2 = "SELECT *\n\t\t\t\t\t\t FROM {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t WHERE id=" . db_param(); $result2 = db_query_bound($query2, array($t_bugnote_text_id)); $t_count2 = db_num_rows($result2); $t_bugnote_text_insert_id = -1; if ($t_count2 > 0) { $t_bugnote_text = db_fetch_array($result2); $query2 = "INSERT INTO {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t\t ( note )\n\t\t\t\t\t\t\t VALUES ( " . db_param() . ' )'; db_query_bound($query2, array($t_bugnote_text['note'])); $t_bugnote_text_insert_id = db_insert_id($t_mantis_bugnote_text_table); } $query2 = "INSERT INTO {$t_mantis_bugnote_table}\n\t\t\t\t\t\t ( bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified )\n\t\t\t\t\t\t VALUES ( " . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ')'; db_query_bound($query2, array($t_new_bug_id, $t_bug_note['reporter_id'], $t_bugnote_text_insert_id, $t_bug_note['view_state'], $t_bug_note['date_submitted'], $t_bug_note['last_modified'])); } } # Copy attachments if ($p_copy_attachments) { $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); $t_bug_file = array(); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($result); # prepare the new diskfile name and then copy the file $t_file_path = dirname($t_bug_file['folder']); $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path); $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { copy($t_bug_file['diskfile'], $t_new_diskfile_name); chmod($t_new_diskfile_name, config_get('attachments_file_permissions')); } $query = "INSERT INTO {$t_mantis_bug_file_table}\n\t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n\t\t\t\t\t\tVALUES ( " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ");"; db_query_bound($query, array($t_new_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content'])); } } # Copy users monitoring bug if ($p_copy_monitoring_users) { bug_monitor_copy($t_bug_id, $t_new_bug_id); } # COPY HISTORY history_delete($t_new_bug_id); # should history only be deleted inside the if statement below? if ($p_copy_history) { $query = "SELECT *\n\t\t\t\t\t FROM {$t_mantis_bug_history_table}\n\t\t\t\t\t WHERE bug_id = " . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_history = db_fetch_array($result); $query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t\t ( user_id, bug_id, date_modified, field_name, old_value, new_value, type )\n\t\t\t\t\t\t VALUES ( " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . " );"; db_query_bound($query, array($t_bug_history['user_id'], $t_new_bug_id, $t_bug_history['date_modified'], $t_bug_history['field_name'], $t_bug_history['old_value'], $t_bug_history['new_value'], $t_bug_history['type'])); } } return $t_new_bug_id; }
/** * Moves attachments from the specified list of projects from database to disk * @param string $p_type Attachment type ('bug' or 'project') * @param array $p_projects List of projects to process * @return array summary of moves per project */ function move_attachments_to_disk($p_type, $p_projects) { if (empty($p_projects)) { return array(); } # Build the SQL query based on attachment type $t_file_table = db_get_table("mantis_{$p_type}_file_table"); switch ($p_type) { case 'project': $t_query = "SELECT f.*\n\t\t\t\tFROM {$t_file_table} f\n\t\t\t\tWHERE content <> ''\n\t\t\t\t AND f.project_id = " . db_param() . "\n\t\t\t\tORDER BY f.filename"; break; case 'bug': $t_bug_table = db_get_table('mantis_bug_table'); $t_query = "SELECT f.*\n\t\t\t\tFROM {$t_file_table} f\n\t\t\t\tJOIN {$t_bug_table} b ON b.id = f.bug_id\n\t\t\t\tWHERE content <> ''\n\t\t\t\t AND b.project_id = " . db_param() . "\n\t\t\t\tORDER BY f.bug_id, f.filename"; break; } # Process projects list foreach ($p_projects as $t_project) { # Retrieve attachments for the project $t_result = db_query_bound($t_query, array($t_project)); # Project upload path $t_upload_path = project_get_upload_path($t_project); if (is_blank($t_upload_path) || !file_exists($t_upload_path) || !is_dir($t_upload_path) || !is_writable($t_upload_path)) { # Invalid path $t_failures = db_num_rows($t_result); $t_data = "ERROR: Upload path '{$t_upload_path}' does not exist or is not writable"; } else { # Process attachments $t_failures = 0; $t_data = array(); if ($p_type == 'project') { $t_seed = config_get('document_files_prefix', null, ALL_USERS, $t_project) . $t_project; } while ($t_row = db_fetch_array($t_result)) { if ($p_type == 'bug') { $t_seed = $t_row['bug_id'] . $t_row['filename']; } $t_filename = $t_upload_path . file_generate_unique_name($t_seed, $t_upload_path); # write file to disk if (file_put_contents($t_filename, $t_row['content'])) { # successful, update database # @todo do we want to check the size of data transfer matches here? $t_update_query = "UPDATE {$t_file_table}\n\t\t\t\t\t\tSET diskfile = " . db_param() . ",\n\t\t\t\t\t\t\tfolder = " . db_param() . ",\n\t\t\t\t\t\t\tcontent = ''\n\t\t\t\t\t\tWHERE id = " . db_param(); $t_update_result = db_query_bound($t_update_query, array($t_filename, $t_upload_path, $t_row['id'])); if (!$t_update_result) { $t_status = 'Database update failed'; $t_failures++; } else { $t_status = "Moved to '{$t_filename}'"; } } else { $t_status = "Copy to '{$t_filename}' failed"; $t_failures++; } # Add the file and status to the list of processed attachments $t_file = array('id' => $t_row['id'], 'filename' => $t_row['filename'], 'status' => $t_status); if ($p_type == 'bug') { $t_file['bug_id'] = $t_row['bug_id']; } $t_data[] = $t_file; } } $t_moved[] = array('name' => project_get_name($t_project), 'path' => $t_upload_path, 'rows' => db_num_rows($t_result), 'failed' => $t_failures, 'data' => $t_data); } return $t_moved; }
function file_add($p_bug_id, $p_tmp_file, $p_file_name, $p_file_type = '', $p_table = 'bug', $p_file_error = 0, $p_title = '', $p_desc = '') { if (php_version_at_least('4.2.0')) { switch ((int) $p_file_error) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: trigger_error(ERROR_FILE_TOO_BIG, ERROR); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); break; default: break; } } if ('' == $p_tmp_file || '' == $p_file_name) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } if (!is_readable($p_tmp_file)) { trigger_error(ERROR_UPLOAD_FAILURE, ERROR); } if (!file_type_check($p_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($p_file_name, $p_bug_id)) { trigger_error(ERROR_DUPLICATE_FILE, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_bug_id = 0; } # prepare variables for insertion $c_bug_id = db_prepare_int($p_bug_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file_type); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if ($t_file_path == '') { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($p_file_name); $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id; $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path); $c_disk_file_name = db_prepare_string($t_disk_file_name); $t_file_size = filesize($p_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) { trigger_error(FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, 0400); $c_content = ''; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = config_get('mantis_' . $p_table . '_file_table'); $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', " . db_now() . ", '{$c_content}')"; db_query($query); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, FILE_ADDED, $p_file_name); } }
/** * Add a file to the system using the configured storage method * * @param integer $p_bug_id the bug id * @param array $p_file the uploaded file info, as retrieved from gpc_get_file() * @param string $p_table table ('bug' or 'doc') * @param string $p_title file title * @param string $p_desc file description * @param int $p_user_id user id * @param int $p_date_added date added * @param bool $p_skip_bug_update skip bug last modification update (useful when importing bug attachments) */ function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null, $p_date_added = 0, $p_skip_bug_update = false) { file_ensure_uploaded($p_file); $t_file_name = $p_file['name']; $t_tmp_file = $p_file['tmp_name']; $c_date_added = $p_date_added <= 0 ? db_now() : db_prepare_int($p_date_added); if (!file_type_check($t_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($t_file_name, $p_bug_id)) { trigger_error(ERROR_DUPLICATE_FILE, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_bug_id = 0; } if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = (int) $p_user_id; } # prepare variables for insertion $c_bug_id = db_prepare_int($p_bug_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file['type']); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if ($t_file_path == '') { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($t_file_name); $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id; $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; $c_unique_name = db_prepare_string($t_unique_name); $t_file_size = filesize($t_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) { trigger_error(FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = "''"; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = db_get_table($p_table . '_file'); $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . $c_date_added . "', {$c_content}, {$c_user_id})"; db_query($query); if ('bug' == $p_table) { # updated the last_updated date if (!$p_skip_bug_update) { $result = bug_update_date($p_bug_id); } # log new bug history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name); } }