private function updateGerritServers(Codendi_Request $request) { $request_gerrit_servers = $request->get('gerrit_servers'); if (is_array($request_gerrit_servers)) { $this->csrf->check(); $this->fetchGerritServers(); $this->updateServers($request_gerrit_servers); $GLOBALS['Response']->redirect('/plugins/git/admin/?pane=gerrit_servers_admin'); } }
public function update() { $this->csrf->check(); $updated = false; $updated |= $this->updateAccessValue(); $updated |= $this->updateProjectAdminValue(); if ($updated) { $this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated')); } $this->redirectToIndex(); }
public function process(Codendi_Request $request, Response $response, PFUser $user) { $this->checkUserIsSiteadmin($user, $response); switch ($request->get('action')) { case 'update': $this->csrf->check(); $this->controller->update($request, $response); break; default: $this->controller->index($this->csrf, $response); } }
function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager) { $request = HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } $csrf->check(); // check against old pw $user_manager = UserManager::instance(); $user = $user_manager->getUserById($user_id); if ($user === null) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found')); return 0; } $password_expiration_checker = new User_PasswordExpirationChecker(); $password_handler = PasswordHandlerFactory::getPasswordHandler(); $login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler); if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password')); return 0; } try { $status_manager = new User_UserStatusManager(); $status_manager->checkStatus($user); } catch (User_StatusInvalidException $exception) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive')); return 0; } if (!$request->exist('form_pw')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed')); return 0; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match')); return 0; } if ($request->get('form_pw') === $request->get('form_oldpw')) { $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password')); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good $user->setPassword($request->get('form_pw')); if (!$user_manager->updateDb($user)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update')); return 0; } return 1; }
public function site_update_allowed_project_list(HTTPRequest $request) { $this->assertSiteAdmin($request); $token = new CSRFSynchronizerToken('/plugins/mediawiki/forge_admin?action=site_update_allowed_project_list'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->allowProject($project_to_add); } $GLOBALS['Response']->redirect('/plugins/mediawiki/forge_admin?action=site_index'); }
public function updateProject(HTTPRequest $request) { $this->checkAccess($request); $token = new CSRFSynchronizerToken('/plugins/phpwiki/admin.php?action=update_project'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->migrateProject($project_to_add); } $GLOBALS['Response']->redirect('/plugins/phpwiki/admin.php?action=index'); }
public function update() { $this->csrf->check(); if ($this->request->get('use_standard_homepage')) { $this->dao->useStandardHomepage(); } else { $this->dao->doNotUseStandardHomepage(); } $headlines = $this->request->get('headlines'); if (is_array($headlines)) { $this->dao->save($headlines); } if ($this->request->get('remove_custom_logo')) { $this->removeCustomLogo(); } $this->moveUploadedLogo(); if (!$this->response->feedbackHasWarningsOrErrors()) { $this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated')); } $this->redirectToIndex(); }
public function updateProject(HTTPRequest $request) { $token = new CSRFSynchronizerToken('/admin/svn/svn_tokens.php?action=update_project'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->allowSVNTokensForProject($project_to_add); } $project_ids_to_remove = $request->get('project-ids-to-revoke'); if ($request->get('revoke-project') && !empty($project_ids_to_remove)) { $this->revokeProjectsAuthorization($project_ids_to_remove); } $GLOBALS['Response']->redirect('/admin/svn/svn_tokens.php?action=index'); }
private function deleteMirror(Codendi_Request $request) { try { $this->csrf->check(); $id = $request->get('mirror_id'); $delete = $this->git_mirror_mapper->delete($id); if (!$delete) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete')); } } catch (Git_Mirror_MirrorNotFoundException $e) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete')); } $GLOBALS['Response']->redirect('/plugins/git/admin/?pane=mirrors_admin'); }
$vId->required(); if (!$request->valid($vId)) { $GLOBALS['Response']->redirect('/my'); } else { $bookmark_id = (int) $request->get('bookmark_id'); } $vUrl = new Valid_String('bookmark_url'); $vUrl->setErrorMessage('Url is required'); $vUrl->required(); $vTitle = new Valid_String('bookmark_title'); $vTitle->setErrorMessage('Title is required'); $vTitle->required(); $bookmark_url_id = '/my/bookmark_edit.php?bookmark_id=' . $bookmark_id; $csrf_token = new CSRFSynchronizerToken($bookmark_url_id); if ($request->isPost() && $request->valid($vUrl) && $request->valid($vTitle)) { $csrf_token->check(); $bookmark_url = $request->get('bookmark_url'); $bookmark_title = $request->get('bookmark_title'); my_check_bookmark_URL($bookmark_url, $bookmark_url_id); bookmark_edit($bookmark_id, $bookmark_url, $bookmark_title); $GLOBALS['Response']->redirect('/my'); } $purifier = Codendi_HTMLPurifier::instance(); $HTML->header(array("title" => $Language->getText('bookmark_edit', 'title'))); print "<H3>" . $Language->getText('bookmark_edit', 'title') . "</H3>\n"; $result = db_query("SELECT * from user_bookmarks where " . "bookmark_id=" . db_ei($bookmark_id) . " and user_id=" . db_ei(user_getid())); if ($result) { $bookmark_url = db_result($result, 0, 'bookmark_url'); $bookmark_title = db_result($result, 0, 'bookmark_title'); } ?>
* (at your option) any later version. * * Tuleap is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Tuleap. If not, see <http://www.gnu.org/licenses/>. */ require_once 'pre.php'; require_once 'common/mail/Codendi_Mail.class.php'; require_once 'common/mail/MassmailSender.class.php'; require_once 'common/include/CSRFSynchronizerToken.class.php'; $csrf = new CSRFSynchronizerToken('massmail_to_project_members.php'); $csrf->check('/my/'); $request = HTTPRequest::instance(); $pm = ProjectManager::instance(); $user = $request->getCurrentUser(); $group_id = $request->get('group_id'); $subject = $request->get('subject'); $body = $request->get('body'); $project = $pm->getProject($group_id); $members = $project->getMembers(); $project_name = $project->getPublicName(); $massmail_sender = new MassmailSender(); $is_sent = $massmail_sender->sendMassmail($project, $user, $subject, $body, $members); if ($is_sent) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('my_index', 'mail_sent', array($project_name))); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('my_index', 'mail_not_sent', array($project_name)));
protected function checkSynchronizerToken($url) { $token = new CSRFSynchronizerToken($url); $token->check(); }
public function process(Tracker_IDisplayTrackerLayout $layout, $request, $current_user) { //TODO: log the admin actions (add a formElement, ...) ? $hp = Codendi_HTMLPurifier::instance(); $func = (string) $request->get('func'); switch ($func) { case 'new-artifact': if ($this->userCanSubmitArtifact($current_user)) { $this->displaySubmit($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'get-create-in-place': if ($this->userCanSubmitArtifact($current_user)) { $artifact_link_id = $request->get('artifact-link-id'); $render_with_javascript = $request->get('fetch-js') == 'false' ? false : true; $renderer = new Tracker_Artifact_Renderer_CreateInPlaceRenderer($this, TemplateRendererFactory::build()->getRenderer(dirname(TRACKER_BASE_DIR) . '/templates')); $renderer->display($artifact_link_id, $render_with_javascript); } else { $GLOBALS['Response']->send400JSONErrors(); } break; case 'new-artifact-link': $link = $request->get('id'); if ($this->userCanSubmitArtifact($current_user)) { $this->displaySubmit($layout, $request, $current_user, $link); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); } break; case 'delete': if ($this->userCanDeleteTracker($current_user)) { if ($this->getTrackerFactory()->markAsDeleted($this->id)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'delete_success', $hp->purify($this->name, CODENDI_PURIFIER_CONVERT_HTML))); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'tracker_deleted', $GLOBALS['sys_email_admin']), CODENDI_PURIFIER_FULL); $reference_manager = ReferenceManager::instance(); $ref = $reference_manager->loadReferenceFromKeywordAndNumArgs(strtolower($this->getItemName()), $this->getGroupId(), 1); if ($ref) { if ($reference_manager->deleteReference($ref)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_reference', 't_r_deleted')); } } EventManager::instance()->processEvent(TRACKER_EVENT_TRACKER_DELETE, array('tracker' => $this)); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'deletion_failed', $hp->purify($this->name, CODENDI_PURIFIER_CONVERT_HTML))); } } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); } $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?group_id=' . $this->group_id); break; case 'admin': if ($this->userIsAdmin($current_user)) { $this->displayAdmin($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-editoptions': if ($this->userIsAdmin($current_user)) { if ($request->get('update')) { $this->editOptions($request); } $this->displayAdminOptions($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-perms': if ($this->userIsAdmin($current_user)) { $this->displayAdminPerms($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-perms-tracker': if ($this->userIsAdmin($current_user)) { $this->getPermissionController()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-perms-fields': if ($this->userIsAdmin($current_user)) { if ($request->exist('update')) { if ($request->exist('permissions') && is_array($request->get('permissions'))) { plugin_tracker_permission_process_update_fields_permissions($this->getGroupId(), $this->getId(), Tracker_FormElementFactory::instance()->getUsedFields($this), $request->get('permissions')); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('project_admin_userperms', 'perm_upd')); } } $this->displayAdminPermsFields($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-formElements': if ($this->userIsAdmin($current_user)) { if (is_array($request->get('add-formElement'))) { list($formElement_id, ) = each($request->get('add-formElement')); if (Tracker_FormElementFactory::instance()->addFormElement($formElement_id)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_index', 'field_added')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . (int) $this->getId() . '&func=admin-formElements'); } } else { if (is_array($request->get('create-formElement'))) { list($type, ) = each($request->get('create-formElement')); if ($request->get('docreate-formElement') && is_array($request->get('formElement_data'))) { try { $this->createFormElement($type, $request->get('formElement_data'), $current_user); } catch (Exception $e) { $GLOBALS['Response']->addFeedback('error', $e->getMessage()); } $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?' . http_build_query(array('tracker' => $this->getId(), 'func' => $func))); } else { Tracker_FormElementFactory::instance()->displayAdminCreateFormElement($layout, $request, $current_user, $type, $this); exit; } } } $this->displayAdminFormElements($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-formElement-update': case 'admin-formElement-remove': case 'admin-formElement-delete': if ($this->userIsAdmin($current_user)) { if ($formElement = Tracker_FormElementFactory::instance()->getFormElementById((int) $request->get('formElement'))) { $formElement->process($layout, $request, $current_user); } else { $this->displayAdminFormElements($layout, $request, $current_user); } } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-semantic': if ($this->userIsAdmin($current_user)) { $this->getTrackerSemanticManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-notifications': if ($this->userIsAdmin($current_user)) { $this->getDateReminderManager()->processReminder($layout, $request, $current_user); $this->getNotificationsManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'notifications': // you just need to be registered to have access to this part if ($current_user->isLoggedIn()) { $this->getDateReminderManager()->processReminder($layout, $request, $current_user); $this->getNotificationsManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'display_reminder_form': print $this->getDateReminderManager()->getDateReminderRenderer()->getNewDateReminderForm(); break; case 'admin-canned': // TODO : project members can access this part ? if ($this->userIsAdmin($current_user)) { $this->getCannedResponseManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case Workflow::FUNC_ADMIN_RULES: case Workflow::FUNC_ADMIN_CROSS_TRACKER_TRIGGERS: case Workflow::FUNC_ADMIN_TRANSITIONS: case Workflow::FUNC_ADMIN_GET_TRIGGERS_RULES_BUILDER_DATA: case Workflow::FUNC_ADMIN_ADD_TRIGGER: case Workflow::FUNC_ADMIN_DELETE_TRIGGER: if ($this->userIsAdmin($current_user)) { $this->getWorkflowManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-csvimport': $session = new Codendi_Session(); if ($this->userIsAdmin($current_user)) { if ($request->exist('action') && $request->get('action') == 'import_preview' && array_key_exists('csv_filename', $_FILES)) { // display preview before importing artifacts $this->displayImportPreview($layout, $request, $current_user, $session); } elseif ($request->exist('action') && $request->get('action') == 'import') { $csv_header = $session->get('csv_header'); $csv_body = $session->get('csv_body'); if ($this->importFromCSV($layout, $request, $current_user, $csv_header, $csv_body)) { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin_import', 'import_succeed')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin_import', 'import_failed')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } } $this->displayAdminCSVImport($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-export': if ($this->userIsAdmin($current_user)) { // TODO: change directory $xml_element = new SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?><tracker />'); $this->sendXML($this->exportToXML($xml_element)); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-dependencies': if ($this->userIsAdmin($current_user)) { $this->getGlobalRulesManager()->process($layout, $request, $current_user); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'submit-artifact': $action = new Tracker_Action_CreateArtifact($this, $this->getTrackerArtifactFactory(), $this->getTrackerFactory(), $this->getFormElementFactory()); $action->process($layout, $request, $current_user); break; case 'submit-copy-artifact': $logger = new Tracker_XML_Importer_CopyArtifactInformationsAggregator(new BackendLogger()); $xml_importer = $this->getArtifactXMLImporterForArtifactCopy($logger); $artifact_factory = $this->getTrackerArtifactFactory(); $file_xml_updater = $this->getFileXMLUpdater(); $export_children_collector = $this->getChildrenCollector($request); $file_path_xml_exporter = new Tracker_XML_Exporter_LocalAbsoluteFilePathXMLExporter(); $artifact_xml_exporter = $this->getArtifactXMLExporter($export_children_collector, $file_path_xml_exporter, $current_user); $action = new Tracker_Action_CopyArtifact($this, $artifact_factory, $artifact_xml_exporter, $xml_importer, $this->getChangesetXMLUpdater(), $file_xml_updater, new Tracker_XML_Exporter_ChildrenXMLExporter($artifact_xml_exporter, $file_xml_updater, $artifact_factory, $export_children_collector), new Tracker_XML_Importer_ChildrenXMLImporter($xml_importer, $this->getTrackerFactory(), $this->getTrackerArtifactFactory(), new Tracker_XML_ChildrenCollector()), new Tracker_XML_Importer_ArtifactImportedMapping(), $logger); $action->process($layout, $request, $current_user); break; case 'submit-artifact-in-place': $action = new Tracker_Action_CreateArtifactFromModal($request, $this, $this->getTrackerArtifactFactory()); $action->process($current_user); break; case 'admin-hierarchy': if ($this->userIsAdmin($current_user)) { $this->displayAdminItemHeader($layout, 'hierarchy'); $this->getHierarchyController($request)->edit(); $this->displayFooter($layout); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-hierarchy-update': if ($this->userIsAdmin($current_user)) { $this->getHierarchyController($request)->update(); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-clean': if ($this->userIsAdmin($current_user)) { $this->displayAdminClean($layout); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-delete-artifact-confirm': if ($this->userIsAdmin($current_user)) { $token = new CSRFSynchronizerToken(TRACKER_BASE_URL . '/?tracker=' . (int) $this->id . '&func=admin-delete-artifact-confirm'); $token->check(); $artifact_id = $request->getValidated('id', 'uint', 0); $artifact = $this->getTrackerArtifactFactory()->getArtifactById($artifact_id); if ($artifact) { $this->displayAdminConfirmDelete($layout, $artifact); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_error_noart', array($request->get('id')))); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId() . '&func=admin-clean'); } } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'admin-delete-artifact': if ($this->userIsAdmin($current_user)) { $token = new CSRFSynchronizerToken(TRACKER_BASE_URL . '/?tracker=' . (int) $this->id . '&func=admin-delete-artifact'); $token->check(); if ($request->exist('confirm')) { $artifact = $this->getTrackerArtifactFactory()->getArtifactById($request->get('id')); if ($artifact && $artifact->getTrackerId() == $this->getId()) { $artifact->delete($current_user); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_info_deleted', array($request->get('id')))); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_error_noart', array($request->get('id')))); } } else { $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('plugin_tracker_admin', 'clean_cancel_deleted')); } $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId() . '&func=admin'); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } break; case 'create_new_public_report': if (!$this->userIsAdmin($current_user)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker_admin', 'access_denied')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } $name = $request->get('new_report_name'); $validator = new Valid_String('new_report_name'); $validator->required(); if (!$request->valid($validator)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_tracker', 'create_new_report_invalid')); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); } $hp = Codendi_HTMLPurifier::instance(); $hp->purify($name); $report = new Tracker_Report(0, $name, 'Public rapport', 0, 0, null, 0, $this->getId(), 1, null, 0); $report->criterias = array(); $this->getReportFactory()->saveObject($this->id, $report); $GLOBALS['Response']->redirect(TRACKER_BASE_URL . '/?tracker=' . $this->getId()); break; default: if ($this->userCanView($current_user)) { $this->displayAReport($layout, $request, $current_user); } break; } return false; }
public function updateConfiguration() { $token = new CSRFSynchronizerToken('/plugins/agiledashboard/?action=admin'); $token->check(); if (!$this->request->getCurrentUser()->isAdmin($this->group_id)) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $GLOBALS['Language']->getText('global', 'perm_denied')); return; } $response = new AgileDashboardConfigurationResponse($this->request->getProject(), $this->request->exist('home-ease-onboarding')); if ($this->request->exist('activate-kanban')) { $updater = new AgileDashboardKanbanConfigurationUpdater($this->request, $this->config_manager, $response, new AgileDashboard_FirstKanbanCreator($this->request->getProject(), $this->kanban_manager, $this->tracker_factory, TrackerXmlImport::build())); } else { $updater = new AgileDashboardScrumConfigurationUpdater($this->request, $this->config_manager, $response, new AgileDashboard_FirstScrumCreator($this->request->getProject(), $this->planning_factory, $this->tracker_factory, new ProjectXMLImporter(EventManager::instance(), ProjectManager::instance(), new XML_RNGValidator(), new UGroupManager(), UserManager::instance(), new XMLImportHelper(), new ProjectXMLImporterLogger()))); } return $updater->updateConfiguration(); }
private function checkIfRequestIsValid() { if (!$this->request->exist('activate-ad-component') && !$this->request->exist('scrum-title-admin') && !$this->request->exist('kanban-title-admin')) { $this->notifyErrorAndRedirectToAdmin(); return false; } $token = new CSRFSynchronizerToken('/plugins/agiledashboard/?action=admin'); $token->check('/', $this->request); return true; }
// SourceForge: Breaking Down the Barriers to Open Source Development // Copyright 1999-2000 (c) The SourceForge Crew // http://sourceforge.net // require_once 'pre.php'; require_once 'bookmarks.php'; $request = HTTPRequest::instance(); $HTML->header(array("title" => $Language->getText('bookmark_delete', 'title'))); print "<H3>" . $Language->getText('bookmark_delete', 'title') . "</H3>\n"; $vId = new Valid_UInt('bookmark_id'); $vId->required(); if ($request->valid($vId)) { $bookmark_id = (int) $request->get('bookmark_id'); $csrf_token = new CSRFSynchronizerToken('bookmark_delete'); if ($request->isPost()) { $csrf_token->check('/my/bookmark_delete.php?bookmark_id=' . $bookmark_id); bookmark_delete($bookmark_id); print '<p>' . $Language->getText('bookmark_delete', 'deleted') . '</p>'; } else { print '<form method="post">'; print '<p>' . $Language->getText('my_index', 'del_bookmark') . '</p>'; print '<input type="hidden" name="bookmark_id" value="' . $bookmark_id . '"/>'; print $csrf_token->fetchHTMLInput(); print '<input type="submit" value="' . $Language->getText('global', 'btn_submit') . '">'; print '</form>'; } print "<p><a href=\"/my/\">[" . $Language->getText('global', 'back_home') . "]</a></p>"; } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'missing_parameters')); $GLOBALS['Response']->redirect('/my'); }
// Valid group id $valid_groupid = new Valid_GroupId(); $valid_groupid->required(); if (!$request->valid($valid_groupid)) { exit_error($Language->getText('project_admin_index', 'invalid_p'), $Language->getText('project_admin_index', 'p_not_found')); } $group_id = $request->get('group_id'); //must be a project admin session_require(array('group' => $group_id, 'admin_flags' => 'A')); $user_manager = UserManager::instance(); $generic_user_factory = new GenericUserFactory($user_manager, ProjectManager::instance(), new GenericUserDao()); $generic_user = $generic_user_factory->fetch($group_id); $redirect_url = '/project/admin/editgenericmember.php?group_id=' . (int) $group_id; $token = new CSRFSynchronizerToken($redirect_url); if ($request->get('update_generic_user')) { $token->check(); $password = $request->getValidated('password'); $email = $request->getValidated('email'); if ($password) { $generic_user->setPassword($password); } $generic_user->setEmail($email); if ($user_manager->updateDb($generic_user)) { $GLOBALS['Response']->addFeedback('info', $Language->getText('project_admin', 'generic_member_updated')); } else { $GLOBALS['Response']->addFeedback('warning', $Language->getText('project_admin', 'generic_member_not_changed')); } $GLOBALS['HTML']->redirect($redirect_url); } $hp = Codendi_HTMLPurifier::instance(); $title = $Language->getText('project_admin', 'generic_member_settings');
private function checkSynchronizerToken($url) { $token = new CSRFSynchronizerToken($url); $token->check(); }
if (isset($_FILES['avatar'])) { $handle = new Upload($_FILES['avatar']); $handle->image_resize = true; $handle->image_ratio_crop = 'L'; $handle->image_y = 50; $handle->image_x = 50; $handle->image_background_color = '#FFFFFF'; $handle->image_convert = 'png'; $handle->file_new_name_body = 'avatar'; $handle->file_safe_name = false; $handle->file_force_extension = false; $handle->file_new_name_ext = ''; $handle->allowed = 'image/*'; $handle->file_overwrite = true; if ($handle->uploaded && Config::get('sys_enable_avatars', true)) { $csrf->check(); $user_id = (string) $user->getId(); $avatar_path = Config::get('sys_avatar_path', Config::get('sys_data_dir') . '/user/avatar/'); $path = "{$avatar_path}/" . substr($user_id, -2, 1) . '/' . substr($user_id, -1, 1) . "/{$user_id}"; $handle->process($path); if ($handle->processed) { $user->sethasAvatar(); $user_manager->updateDb($user); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('account_change_avatar', 'success')); $GLOBALS['Response']->redirect('/account/'); } else { $GLOBALS['Response']->addFeedback('error', $handle->error); } } } $title = $Language->getText('account_change_avatar', 'title');
/* * Copyright (c) Enalean, 2011. All Rights Reserved. * * This file is a part of Tuleap. * * Tuleap is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * Tuleap is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Tuleap. If not, see <http://www.gnu.org/licenses/>. */ require_once 'pre.php'; require_once 'common/dao/SessionDao.class.php'; require_once 'common/include/CSRFSynchronizerToken.class.php'; session_require(array('group' => '1', 'admin_flags' => 'A')); $request = HTTPRequest::instance(); if ($request->exist('reset_all_sessions')) { $csrf = new CSRFSynchronizerToken('/admin/sessions.php'); $csrf->check('/admin/userlist.php'); $session_dao = new SessionDao(); $session_dao->deleteAll(); } $GLOBALS['HTML']->redirect('/');