function testPurify()
{
$p =& Codendi_HTTPPurifier::instance();
$this->assertEqual('a', $p->purify("a"));
$this->assertEqual('a', $p->purify("a\n"));
$this->assertEqual('a', $p->purify("a\nb"));
$this->assertEqual('a', $p->purify("a\r"));
$this->assertEqual('a', $p->purify("a\rb"));
$this->assertEqual('a', $p->purify("a\r\nb"));
$this->assertEqual('a', $p->purify("ab"));
$this->assertEqual('', $p->purify("\rabc"));
$this->assertEqual('', $p->purify("\nabc"));
$this->assertEqual('', $p->purify("\r\nabc"));
$this->assertEqual('', $p->purify("abc"));
}
public function showAttachment($attachment_id)
{
if ($fileinfo = Tracker_FileInfo::instance($this, $attachment_id)) {
if ($fileinfo->fileExists()) {
$http = Codendi_HTTPPurifier::instance();
header('X-Content-Type-Options: nosniff');
header('Content-Type: ' . $http->purify($fileinfo->getFiletype()));
header('Content-Length: ' . $http->purify($fileinfo->getFilesize()));
header('Content-Disposition: attachment; filename="' . $http->purify($fileinfo->getFilename()) . '"');
header('Content-Description: ' . $http->purify($fileinfo->getDescription()));
readfile($fileinfo->getPath());
}
}
exit;
}
/**
* Export results to csv
*
* @param bool $only_columns True if we need to export only the displayed columns. False for all the fields.
*
* @return void
*/
protected function exportToCSV($only_columns)
{
$matching_ids = $this->report->getMatchingIds();
$total_rows = $matching_ids['id'] ? substr_count($matching_ids['id'], ',') + 1 : 0;
if ($only_columns) {
$fields = $this->extractFieldsFromColumns($this->reorderColumnsByRank($this->getColumns()));
} else {
$fields = Tracker_FormElementFactory::instance()->getUsedFields($this->report->getTracker());
}
$lines = array();
$head = array('aid');
foreach ($fields as $field) {
if ($this->canFieldBeExportedToCSV($field)) {
$head[] = $field->getName();
}
}
$lines[] = $head;
$queries = $this->buildOrderedQuery($matching_ids, $fields);
$dao = new DataAccessObject();
$results = array();
foreach ($queries as $sql) {
$results[] = $dao->retrieve($sql);
}
if (!empty($results[0])) {
$i = 0;
//extract the first results
$first_result = array_shift($results);
//loop through it
foreach ($first_result as $row) {
//id, f1, f2
//merge the row with the other results
foreach ($results as $result) {
//[id, f1, f2] + [id, f3, f4]
$row = array_merge($row, $result->getRow());
//row == id, f1, f2, f3, f4...
}
//build the csv line
$line = array();
$line[] = $row['id'];
foreach ($fields as $field) {
if ($this->canFieldBeExportedToCSV($field)) {
$value = isset($row[$field->getName()]) ? $row[$field->getName()] : null;
$line[] = $field->fetchCSVChangesetValue($row['id'], $row['changeset_id'], $value, $this->report);
}
}
$lines[] = $line;
}
$separator = ",";
// by default, comma.
$user = UserManager::instance()->getCurrentUser();
$separator_csv_export_pref = $user->getPreference('user_csv_separator');
switch ($separator_csv_export_pref) {
case "comma":
$separator = ',';
break;
case "semicolon":
$separator = ';';
break;
case "tab":
$separator = chr(9);
break;
}
$http = Codendi_HTTPPurifier::instance();
$file_name = str_replace(' ', '_', 'artifact_' . $this->report->getTracker()->getItemName());
header('Content-Disposition: filename=' . $http->purify($file_name) . '_' . $this->report->getTracker()->getProject()->getUnixName() . '.csv');
header('Content-type: text/csv');
foreach ($lines as $line) {
fputcsv(fopen("php://output", "a"), $line, $separator, '"');
}
die;
} else {
$GLOBALS['Response']->addFeedback('error', 'Unable to export (too many fields?)');
}
}
}
//$sql = $export_select." ".$export_from." ".$export_where." AND a.artifact_id IN ($export_aids) group by a.artifact_id";
if ($multiple_queries) {
$all_results = array();
foreach ($all_queries as $q) {
$result = db_query($q);
$all_results[] = $result;
$rows = db_numrows($result);
}
} else {
$result = db_query($sql);
$rows = db_numrows($result);
}
// Send the result in CSV format
if ($result && $rows > 0) {
$http = Codendi_HTTPPurifier::instance();
$file_name = str_replace(' ', '_', 'artifact_' . $ath->getItemName());
header('Content-Type: text/csv');
header('Content-Disposition: filename=' . $http->purify($file_name) . '_' . $ath->Group->getUnixName() . '.csv');
foreach ($lbl_list as $k => $v) {
$lbl_list[$k] = SimpleSanitizer::unsanitize($v);
}
echo build_csv_header($col_list, $lbl_list) . $eol;
if ($multiple_queries) {
$multiarr = array();
for ($i = 0; $i < $rows; $i++) {
foreach ($all_results as $result) {
$multiarr = array_merge($multiarr, db_fetch_array($result));
}
prepare_artifact_record($ath, $fields, $atid, $multiarr, 'csv');
$curArtifact = new Artifact($ath, $multiarr['artifact_id']);
