/** * Returns the attachment contents * * @param int $p_file_id * @param string $p_type The file type, bug or doc * @param int $p_user_id * @return string|soap_fault the string contents, or a soap_fault */ function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = db_get_table('bug_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; case 'doc': $t_project_file_table = db_get_table('project_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; default: return new soap_fault('Server', '', 'Invalid file type ' . $p_type . ' .'); } $result = db_query($query); if ($result->EOF) { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } $row = db_fetch_array($result); if ($p_type == 'doc') { $t_project_id = $row['project_id']; } else { if ($p_type == 'bug') { $t_bug_id = $row['bug_id']; $t_project_id = bug_get_field($t_bug_id, 'project_id'); } } $t_diskfile = file_normalize_attachment_path($row['diskfile'], $t_project_id); $t_content = $row['content']; # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return mci_soap_fault_access_denied($p_user_id); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } case FTP: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_diskfile, $t_diskfile); file_ftp_disconnect($ftp); return mci_file_read_local($t_diskfile); } default: return $t_content; } }
/** * Copies all attachments from the source bug to the destination bug * * Does not perform history logging and does not perform access checks. * * @param integer $p_source_bug_id Source Bug. * @param integer $p_dest_bug_id Destination Bug. * @return void */ function file_copy_attachments($p_source_bug_id, $p_dest_bug_id) { $t_query = 'SELECT * FROM {bug_file} WHERE bug_id = ' . db_param(); $t_result = db_query($t_query, array($p_source_bug_id)); $t_count = db_num_rows($t_result); $t_project_id = bug_get_field($p_source_bug_id, 'project_id'); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($t_result); # prepare the new diskfile name and then copy the file $t_source_file = $t_bug_file['folder'] . $t_bug_file['diskfile']; if (config_get('file_upload_method') == DISK) { $t_source_file = file_normalize_attachment_path($t_source_file, $t_project_id); $t_file_path = dirname($t_source_file) . DIRECTORY_SEPARATOR; } else { $t_file_path = $t_bug_file['folder']; } $t_new_diskfile_name = file_generate_unique_name($t_file_path); $t_new_diskfile_location = $t_file_path . $t_new_diskfile_name; $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { # Skip copy operation if file does not exist (i.e. target bug will have missing attachment) # @todo maybe we should trigger an error instead in this case ? if (file_exists($t_source_file)) { copy($t_source_file, $t_new_diskfile_location); chmod($t_new_diskfile_location, config_get('attachments_file_permissions')); } } $t_query = 'INSERT INTO {bug_file} ( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, user_id, content ) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query($t_query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_file_path, $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['user_id'], $t_bug_file['content'])); } }
} } if ($t_content_type_override) { $t_content_type = $t_content_type_override; } header('Content-Type: ' . $t_content_type); if (config_get('file_download_xsendfile_enabled')) { $t_xsendfile_header_name = config_get('file_download_xsendfile_header_name'); header($t_xsendfile_header_name . ': ' . $t_local_disk_file); } else { readfile($t_local_disk_file); } } break; case FTP: $t_local_disk_file = file_normalize_attachment_path($v_diskfile, $t_project_id); if (!file_exists($t_local_disk_file)) { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_local_disk_file, $v_diskfile); file_ftp_disconnect($ftp); } if ($finfo) { $t_file_info_type = $finfo->file($t_local_disk_file); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } if ($t_content_type_override) { $t_content_type = $t_content_type_override; } header('Content-Type: ' . $t_content_type);
/** * Get file content * * @param int $p_file_id file id * @param string $p_type file type (either 'bug' or 'doc') * @return array|bool array containing file type and content or false on failure to retrieve file */ function file_get_content($p_file_id, $p_type = 'bug') { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = db_get_table('bug_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id=" . db_param(); break; case 'doc': $t_project_file_table = db_get_table('project_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id=" . db_param(); break; default: return false; } $result = db_query_bound($query, array($p_file_id)); $row = db_fetch_array($result); if ($f_type == 'bug') { $t_project_id = bug_get_field($row['bug_id'], 'project_id'); } else { $t_project_id = $row['bug_id']; } # If finfo is available (always true for PHP >= 5.3.0) we can use it to determine the MIME type of files $finfo_available = false; if (class_exists('finfo')) { $t_info_file = config_get('fileinfo_magic_db_file'); if (is_blank($t_info_file)) { $finfo = new finfo(FILEINFO_MIME); } else { $finfo = new finfo(FILEINFO_MIME, $t_info_file); } if ($finfo) { $finfo_available = true; } } $t_content_type = $row['file_type']; switch (config_get('file_upload_method')) { case DISK: $t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id); if (file_exists($t_local_disk_file)) { if ($finfo_available) { $t_file_info_type = $finfo->file($t_local_disk_file); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file)); } break; case FTP: $t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id); if (!file_exists($t_local_disk_file)) { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_local_disk_file, $row['diskfile']); file_ftp_disconnect($ftp); } if ($finfo_available) { $t_file_info_type = $finfo->file($t_local_disk_file); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file)); break; default: if ($finfo_available) { $t_file_info_type = $finfo->buffer($row['content']); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => $row['content']); break; } }
function file_delete($p_file_id, $p_table = 'bug') { $t_upload_method = config_get('file_upload_method'); $c_file_id = db_prepare_int($p_file_id); $t_filename = file_get_field($p_file_id, 'filename', $p_table); $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table); if ($p_table == 'bug') { $t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table); $t_project_id = bug_get_field($t_bug_id, 'project_id'); } else { $t_project_id = file_get_field($p_file_id, 'project_id', $p_table); } if (DISK == $t_upload_method || FTP == $t_upload_method) { if (FTP == $t_upload_method) { $ftp = file_ftp_connect(); file_ftp_delete($ftp, $t_diskfile); file_ftp_disconnect($ftp); } $t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id); if (file_exists($t_local_disk_file)) { file_delete_local($t_local_disk_file); } } if ('bug' == $p_table) { # log file deletion history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename)); } $t_file_table = db_get_table('mantis_' . $p_table . '_file_table'); $query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id=" . db_param(); db_query_bound($query, array($c_file_id)); return true; }
/** * Returns the attachment contents * * @param integer $p_file_id File identifier. * @param string $p_type The file type, bug or doc. * @param integer $p_user_id A valid user identifier. * @return string|soap_fault the string contents, or a soap_fault */ function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $t_query = ''; switch ($p_type) { case 'bug': $t_query = 'SELECT * FROM {bug_file} WHERE id=' . db_param(); break; case 'doc': $t_query = 'SELECT * FROM {project_file} WHERE id=' . db_param(); break; default: return SoapObjectsFactory::newSoapFault('Server', 'Invalid file type ' . $p_type . ' .'); } $t_result = db_query($t_query, array($p_file_id)); if ($t_result->EOF) { return SoapObjectsFactory::newSoapFault('Client', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } $t_row = db_fetch_array($t_result); if ($p_type == 'doc') { $t_project_id = $t_row['project_id']; } else { if ($p_type == 'bug') { $t_bug_id = $t_row['bug_id']; $t_project_id = bug_get_field($t_bug_id, 'project_id'); } } $t_diskfile = file_normalize_attachment_path($t_row['diskfile'], $t_project_id); $t_content = $t_row['content']; # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return mci_soap_fault_access_denied($p_user_id); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { return SoapObjectsFactory::newSoapFault('Client', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } case DATABASE: return $t_content; default: trigger_error(ERROR_GENERIC, ERROR); } }