/**
* Get a URL parameter containing a generated form security token.
* @param string Form name
* @return string Hidden form element to output
*/
function form_security_param($p_form_name)
{
$t_string = form_security_token($p_form_name);
# Create the GET parameter to be used in a URL for a secure link
$t_form_token = $p_form_name . '_token';
$t_param = '&%s=%s';
$t_param = sprintf($t_param, $t_form_token, $t_string);
return $t_param;
}
?>
<th><?php
echo lang_get('actions');
?>
</th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
# Pre-generate a form security token to avoid performance issues when the
# db contains a large number of configurations
$t_form_security_token = form_security_token('adm_config_delete');
while ($t_row = db_fetch_array($t_result)) {
extract($t_row, EXTR_PREFIX_ALL, 'v');
?>
<!-- Repeated Info Rows -->
<tr width="100%">
<td>
<?php
echo $v_user_id == 0 ? lang_get('all_users') : string_display_line(user_get_name($v_user_id));
?>
</td>
<td><?php
echo string_display_line(project_get_name($v_project_id, false));
?>
</td>
<td><?php
}
# show edit button if the user is allowed to edit this bugnote
if ($t_can_edit_bugnote) {
print_button('bugnote_edit_page.php', lang_get('bugnote_edit_link'), array('bugnote_id' => $t_bugnote->id), OFF);
}
# show delete button if the user is allowed to delete this bugnote
if ($t_can_delete_bugnote) {
if (!$t_security_token_delete) {
$t_security_token_delete = form_security_token('bugnote_delete');
}
print_button('bugnote_delete.php', lang_get('delete_link'), array('bugnote_id' => $t_bugnote->id), $t_security_token_delete);
}
# show make public or make private button if the user is allowed to change the view state of this bugnote
if ($t_can_change_view_state) {
if (!$t_security_token_state) {
$t_security_token_state = form_security_token('bugnote_set_view_state');
}
if (VS_PRIVATE == $t_bugnote->view_state) {
print_button('bugnote_set_view_state.php', lang_get('make_public'), array('private' => '0', 'bugnote_id' => $t_bugnote->id), $t_security_token_state);
} else {
print_button('bugnote_set_view_state.php', lang_get('make_private'), array('private' => '1', 'bugnote_id' => $t_bugnote->id), $t_security_token_state);
}
}
}
?>
</div>
</td>
<td class="bugnote-note">
<?php
switch ($t_bugnote->note_type) {
case REMINDER:
/**
* Get a URL parameter containing a generated form security token.
* @param string Form name
* @return string Hidden form element to output
*/
function form_security_param($p_form_name)
{
if (PHP_CLI == php_mode() || OFF == config_get_global('form_security_validation')) {
return '';
}
$t_string = form_security_token($p_form_name);
# Create the GET parameter to be used in a URL for a secure link
$t_form_token = $p_form_name . '_token';
$t_param = '&%s=%s';
$t_param = sprintf($t_param, $t_form_token, $t_string);
return $t_param;
}
# current user.
access_ensure_global_level( $t_user['access_level'] );
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global( 'admin_site_threshold' );
if ( user_is_administrator( $f_user_id ) &&
user_count_level( $t_admin_threshold ) <= 1 ) {
trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
}
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if ( auth_get_current_user_id() == $f_user_id ) {
form_security_purge( 'manage_user_delete' );
print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false );
}
helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
'<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
lang_get( 'delete_account_button' ) );
user_delete( $f_user_id );
form_security_purge('manage_user_delete');
html_page_top( null, 'manage_user_page.php' );
?>
<br />
<div>
</form>
<script>
jQuery(document).ready(function($) {
$('#tabs').tabs();
// use ISO 8601 date format ; we don't have a proper bridge to the MantisBT date format yet
$('.datepicker').datepicker( {'maxDate': 0, 'dateFormat' : 'yy-mm-dd'});
var api = new CustomerManagement({
'entryPoint' : '<?php
echo plugin_page('manage_customers_actions');
?>
',
'csrfToken' : '<?php
echo form_security_token('manage_customers');
?>
'
});
var ui = CustomerManagementUi;
$('.customer-group-delete').click(function() {
if ( $(this).data('customerCount') > 0 ) {
ui.error("<?php
echo plugin_lang_get('unable_to_delete_group_has_customers');
?>
");
return;
}
/**
* Get a URL parameter containing a generated form security token.
* @param string $p_form_name Form name.
* @param string $p_security_token Optional security token, previously generated for the same form.
* @return string URL parameter containing security token
*/
function form_security_param($p_form_name, $p_security_token = null)
{
if (PHP_CLI == php_mode() || OFF == config_get_global('form_security_validation')) {
return '';
}
$t_string = $p_security_token === null ? form_security_token($p_form_name) : $p_security_token;
# Create the GET parameter to be used in a URL for a secure link
return sprintf('&%s=%s', $p_form_name . '_token', $t_string);
}
/**
* Prints information about a single attachment including download link, file
* size, upload timestamp and an expandable preview for text and image file
* types.
* If $p_security_token is null, a token will be generated with form_security_token().
* If otherwise specified (i.e. not null), the parameter must contain
* a valid security token, previously generated by form_security_token().
* Use this to avoid performance issues when loading pages having many calls to
* this function, such as print_bug_attachments_list().
* @param array $p_attachment An attachment array from within the array returned by the file_get_visible_attachments() function.
* @param mixed $p_security_token Optional; null (default) or security token string.
* @see form_security_token()
* @return void
*/
function print_bug_attachment(array $p_attachment, $p_security_token = null)
{
$t_show_attachment_preview = $p_attachment['preview'] && $p_attachment['exists'] && ($p_attachment['type'] == 'text' || $p_attachment['type'] == 'image');
if ($t_show_attachment_preview) {
$t_collapse_id = 'attachment_preview_' . $p_attachment['id'];
global $g_collapse_cache_token;
$g_collapse_cache_token[$t_collapse_id] = false;
collapse_open($t_collapse_id);
}
# The same token is used for both links in the collapse section
if (null === $p_security_token) {
$p_security_token = form_security_token('bug_file_delete');
}
print_bug_attachment_header($p_attachment, $p_security_token);
if ($t_show_attachment_preview) {
echo lang_get('word_separator');
collapse_icon($t_collapse_id);
if ($p_attachment['type'] == 'text') {
print_bug_attachment_preview_text($p_attachment);
} else {
if ($p_attachment['type'] === 'image') {
print_bug_attachment_preview_image($p_attachment);
}
}
collapse_closed($t_collapse_id);
print_bug_attachment_header($p_attachment, $p_security_token);
echo lang_get('word_separator');
collapse_icon($t_collapse_id);
collapse_end($t_collapse_id);
}
}
} else {
$t_sort_name = utf8_strtolower($t_user_name);
}
}
$t_display[] = $t_user_name;
$t_sort[] = $t_sort_name;
}
array_multisort($t_sort, SORT_ASC, SORT_STRING, $t_users, $t_display);
$t_users_count = count($t_sort);
$t_removable_users_exist = false;
# If including global users, fetch here all local user to later distinguish them
$t_local_users = array();
if ($f_show_global_users) {
$t_local_users = project_get_all_user_rows($f_project_id, ANYBODY, false);
}
$t_token_remove_user = form_security_token('manage_proj_user_remove');
for ($i = 0; $i < $t_users_count; $i++) {
$t_user = $t_users[$i];
?>
<tr>
<td>
<a href="manage_user_edit_page.php?user_id=<?php
echo $t_user['id'];
?>
">
<?php
echo $t_display[$i];
?>
</a>
</td>
<td>
/**
* Get a URL parameter containing a generated form security token.
* @param string Form name
* @return string Hidden form element to output
*/
function form_security_param($p_form_name)
{
// TBD: verify if we should implement similar verification
// if ( PHP_CLI == php_mode() || OFF == config_get_global( 'form_security_validation' ) ) {
// return '';
// }
$t_string = form_security_token($p_form_name);
# Create the GET parameter to be used in a URL for a secure link
$t_form_token = $p_form_name . '_token';
$t_param = '&%s=%s';
$t_param = sprintf($t_param, $t_form_token, $t_string);
return $t_param;
}
