function svn_data_get_revision_detail($group_id, $commit_id, $rev_id = 0, $order = '')
{
$order_str = "";
if ($order) {
if ($order != 'filename') {
// SQLi Warning: no real possibility to escape $order here.
// We rely on a proper filtering of user input by calling methods.
$order_str = " ORDER BY " . $order;
} else {
$order_str = " ORDER BY dir, file";
}
}
//check user access rights
$pm = ProjectManager::instance();
$project = $pm->getProject($group_id);
$forbidden = svn_utils_get_forbidden_paths(user_getname(), $project->getSVNRootPath());
$where_forbidden = "";
if (!empty($forbidden)) {
while (list($no_access, ) = each($forbidden)) {
$where_forbidden .= " AND svn_dirs.dir not like '%" . db_es(substr($no_access, 1)) . "%' ";
}
}
// if the subversion revision id is given then it akes precedence on
// the internal commit_id (this is to make it easy for users to build
// URL to access a revision
if ($rev_id) {
// To be done -> get the commit ID from the svn-commit table
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.revision=" . db_ei($rev_id) . " " . "AND svn_commits.group_id=" . db_ei($group_id) . " " . $where_forbidden . $order_str;
} else {
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.id=" . db_ei($commit_id) . " " . $where_forbidden . $order_str;
}
$result = db_query($sql);
return $result;
}
function svn_get_revisions(Project $project, $offset, $chunksz, $_rev_id = '', $_commiter = '', $_srch = '', $order_by = '', $pv = 0, $foundRows = true)
{
global $_path;
$um = UserManager::instance();
//check user access rights
$forbidden = svn_utils_get_forbidden_paths($um->getCurrentUser()->getName(), $project->getSVNRootPath());
$select = 'SELECT';
$group_by = '';
if ($foundRows) {
$select .= ' SQL_CALC_FOUND_ROWS';
}
$select .= ' svn_commits.revision as revision, svn_commits.id as commit_id, svn_commits.description as description, svn_commits.date as date, svn_commits.whoid';
$from = " FROM svn_commits";
$where = " WHERE svn_commits.group_id=" . db_ei($project->getGroupId());
//check user access rights
if (!empty($forbidden)) {
$from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)";
$from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)";
$where_forbidden = "";
foreach ($forbidden as $no_access => $v) {
if ($no_access == $_path) {
$_path = '';
}
$where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'";
}
$where .= $where_forbidden;
$group_by .= ' GROUP BY revision';
}
//if status selected, and more to where clause
if ($_path != '') {
$path_str = " AND svn_dirs.dir like '%" . db_es($_path) . "%'";
if (!isset($forbidden) || empty($forbidden)) {
$from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)";
$from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)";
$group_by .= ' GROUP BY revision';
}
} else {
$path_str = "";
}
//if revision selected, and more to where clause
if (isset($_rev_id) && $_rev_id != '') {
$commit_str = " AND svn_commits.revision='" . db_ei($_rev_id) . "' ";
} else {
$commit_str = '';
}
if (isset($_commiter) && $_commiter && $_commiter != 100) {
$commiter_str = " AND svn_commits.whoid='" . db_ei($um->getUserByUserName($_commiter)->getId()) . "' ";
} else {
//no assigned to was chosen, so don't add it to where clause
$commiter_str = '';
}
if (isset($_srch) && $_srch != '') {
$srch_str = " AND svn_commits.description like '%" . db_es(htmlspecialchars($_srch)) . "%'";
} else {
$srch_str = "";
}
$where .= $commiter_str . $commit_str . $srch_str . $path_str;
if (!isset($pv) || !$pv) {
$limit = " LIMIT " . db_ei($offset) . "," . db_ei($chunksz);
}
// SQLi Warning: no real possibility to escape $order_by here.
// We rely on a proper filtering of user input by calling methods.
if (!isset($order_by) || $order_by == '') {
$order_by = " ORDER BY revision DESC ";
}
$sql = $select . $from . $where . $group_by . $order_by . $limit;
//echo $sql."<br>\n";
$result = db_query($sql);
// Compute the number of rows.
$totalrows = -1;
if ($foundRows) {
$sql1 = 'SELECT FOUND_ROWS() as nb';
$result1 = db_query($sql1);
if ($result1 && !db_error($result1)) {
$row1 = db_fetch_array($result1);
$totalrows = $row1['nb'];
}
}
return array($result, $totalrows);
}
/**
* Return SVN path the user is not allowed to see
*
* @param PFUser $user
*
* @return string
*/
protected function getForbiddenPaths(PFUser $user)
{
$forbidden = svn_utils_get_forbidden_paths($user->getName(), $this->project->getSVNRootPath());
$where_forbidden = "";
foreach ($forbidden as $no_access => $v) {
$where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'";
}
return $where_forbidden;
}
