$project = !empty($_GET['project']) ? $_GET['project'] : false; $pseudo_pkgs = get_pseudo_packages($project, false); // false == no read-only packages included // Authenticate bugs_authenticate($user, $pw, $logged_in, $user_flags); $is_trusted_developer = $user_flags & BUGS_TRUSTED_DEV; $is_security_developer = $user_flags & BUGS_SECURITY_DEV; require "{$ROOT_DIR}/include/php_versions.php"; // captcha is not necessary if the user is logged in if (!$logged_in) { require_once 'Text/CAPTCHA/Numeral.php'; $numeralCaptcha = new Text_CAPTCHA_Numeral(); } // Handle input if (isset($_POST['in'])) { $errors = incoming_details_are_valid($_POST['in'], 1, $logged_in); // Check if session answer is set, then compare it with the post captcha value. // If it's not the same, then it's an incorrect password. if (!$logged_in) { if (!isset($_SESSION['answer'])) { $errors[] = 'Please enable cookies so the Captcha system can work'; } elseif ($_POST['captcha'] != $_SESSION['answer']) { $errors[] = 'Incorrect Captcha'; } if (is_spam($_POST['in']['ldesc']) || is_spam($_POST['in']['expres']) || is_spam($_POST['in']['repcode'])) { $errors[] = 'Spam detected'; } } // Set auto-generated password when not supplied or logged in if ($logged_in || $_POST['in']['passwd'] == '') { $_POST['in']['passwd'] = uniqid();
if (isset($auth_user) && $auth_user->registered) { if (auth_check('pear.voter') && !auth_check('pear.dev') && !auth_check('pear.bug')) { // auto-grant bug tracker karma if it isn't present require_once 'Damblan/Karma.php'; $karma = new Damblan_Karma($dbh); $karma->grant($auth_user->user, 'pear.bug'); } if (isset($_SESSION['answer'])) { unset($_SESSION['answer']); } if (isset($_POST['in'])) { $_POST['in']['email'] = $auth_user->email; } } if (isset($_POST['in'])) { $errors = incoming_details_are_valid($_POST['in'], 1, isset($auth_user) && $auth_user->registered); /** * Check if session answer is set, then compare * it with the post captcha value. If it's not * the same, then it's an incorrect password. */ if (isset($_SESSION['answer']) && strlen(trim($_SESSION['answer'])) > 0) { if ($_POST['captcha'] != $_SESSION['answer']) { $errors[] = 'Incorrect Captcha'; } } // try to verify the user if (isset($auth_user)) { $_POST['in']['handle'] = $auth_user->handle; } if (!$errors) {
$reason = str_replace('@svn@', 'pear-core', $reason); $ncomment = "{$reason}\n\n{$ncomment}"; break; default: $reason = str_replace('@svn@', $bug['package_name'], $reason); $ncomment = "{$reason}\n\n{$ncomment}"; break; } } else { $ncomment = "{$reason}\n\n{$ncomment}"; } } } } $from = $auth_user->email; if (!$errors && !($errors = incoming_details_are_valid($_POST['in']))) { $query = 'UPDATE bugdb SET'; // Update email only if it's passed if ($bug['email'] != $_POST['in']['email'] && !empty($_POST['in']['email'])) { $query .= " email='{$_POST['in']['email']}',"; } // Changing the package to 'Security related' should mark the bug as private automatically if ($bug['bug_type'] != $_POST['in']['bug_type']) { if ($_POST['in']['bug_type'] == 'Security' && $_POST['in']['status'] != 'Closed') { $is_private = $_POST['in']['private'] = 'Y'; } } if ($logged_in != 'developer') { // don't reset assigned status $_POST['in']['assign'] = $bug['assign']; }