function VerifyPageArguments($argspec, $required)
{
global $drewheader;
if ($drewheader) {
trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING);
}
$result = array();
while ($argspec and count($argspec) > 1) {
$name = array_shift($argspec);
$type = array_shift($argspec);
$yep = 0;
unset($object);
switch ($type) {
case PAGEARG_EXPERIMENT:
if (isset($_REQUEST[URL_EXPERIMENT])) {
$idx = $_REQUEST[URL_EXPERIMENT];
$yep = 1;
if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
$object = Experiment::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_EXPTIDX])) {
$idx = $_REQUEST[URL_EXPTIDX];
$yep = 1;
if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) {
$object = Experiment::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) {
$pid = $_REQUEST[URL_PID];
$eid = $_REQUEST[URL_EID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) {
$object = Experiment::LookupByPidEid($pid, $eid);
}
}
break;
case PAGEARG_TEMPLATE:
if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) {
$guid = $_REQUEST[URL_GUID];
$vers = $_REQUEST[URL_VERS];
$yep = 1;
if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) {
$object = Template::Lookup($guid, $vers);
}
} elseif (isset($_REQUEST[URL_TEMPLATE])) {
$guidvers = $_REQUEST[URL_TEMPLATE];
$yep = 1;
if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
$guid = $matches[1];
$vers = $matches[2];
$object = Template::Lookup($guid, $vers);
} else {
PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
}
}
break;
case PAGEARG_INSTANCE:
if (isset($_REQUEST[URL_INSTANCE])) {
$idx = $_REQUEST[URL_INSTANCE];
$yep = 1;
if (ValidateArgument(PAGEARG_INSTANCE, $idx)) {
$object = TemplateInstance::LookupByExptidx($idx);
}
}
break;
case PAGEARG_METADATA:
if (isset($_REQUEST[URL_METADATA])) {
$guidvers = $_REQUEST[URL_METADATA];
$yep = 1;
if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) {
$guid = $matches[1];
$vers = $matches[2];
$object = TemplateMetadata::Lookup($guid, $vers);
} else {
PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}");
}
}
break;
case PAGEARG_PROJECT:
if (isset($_REQUEST[URL_PROJECT])) {
$idx = $_REQUEST[URL_PROJECT];
$yep = 1;
if (ValidateArgument(PAGEARG_PROJECT, $idx)) {
$object = Project::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID])) {
$pid = $_REQUEST[URL_PID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid)) {
$object = Project::Lookup($pid);
}
}
break;
case PAGEARG_GROUP:
if (isset($_REQUEST[URL_GROUP])) {
$idx = $_REQUEST[URL_GROUP];
$yep = 1;
if (ValidateArgument(PAGEARG_GROUP, $idx)) {
$object = Group::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) {
$pid = $_REQUEST[URL_PID];
$gid = $_REQUEST[URL_GID];
$yep = 1;
if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) {
$object = Group::LookupByPidGid($pid, $gid);
}
}
break;
case PAGEARG_NODE:
if (isset($_REQUEST[URL_NODE])) {
$idx = $_REQUEST[URL_NODE];
$yep = 1;
if (ValidateArgument(PAGEARG_NODE, $idx)) {
$object = Node::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_NODEID])) {
$nodeid = $_REQUEST[URL_NODEID];
$yep = 1;
if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
$object = Node::Lookup($nodeid);
}
} elseif (isset($_REQUEST[URL_NODEID_ALT])) {
$nodeid = $_REQUEST[URL_NODEID_ALT];
$yep = 1;
if (ValidateArgument(PAGEARG_NODEID, $nodeid)) {
$object = Node::Lookup($nodeid);
}
}
break;
case PAGEARG_USER:
if (isset($_REQUEST[URL_USER])) {
$idx = $_REQUEST[URL_USER];
$yep = 1;
if (ValidateArgument(PAGEARG_USER, $idx)) {
$object = User::Lookup($idx);
}
} elseif (isset($_REQUEST[URL_UID])) {
$uid = $_REQUEST[URL_UID];
$yep = 1;
if (ValidateArgument(PAGEARG_UID, $uid)) {
$object = User::Lookup($uid);
}
}
break;
case PAGEARG_IMAGE:
if (isset($_REQUEST[URL_IMAGEID])) {
$imageid = $_REQUEST[URL_IMAGEID];
$yep = 1;
if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
$object = Image::Lookup($imageid);
}
} elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$imageid = $_REQUEST[$name];
$yep = 1;
if (ValidateArgument(PAGEARG_IMAGE, $imageid)) {
$object = Image::Lookup($imageid);
}
}
break;
case PAGEARG_OSINFO:
if (isset($_REQUEST[URL_OSID])) {
$osid = $_REQUEST[URL_OSID];
$yep = 1;
if (ValidateArgument(PAGEARG_OSINFO, $osid)) {
$object = OSinfo::Lookup($osid);
}
}
break;
case PAGEARG_BOOLEAN:
if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$object = $_REQUEST[$name];
$yep = 1;
if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) {
$object = True;
} elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) {
$object = False;
}
}
break;
case PAGEARG_INTEGER:
case PAGEARG_NUMERIC:
case PAGEARG_ARRAY:
if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") {
$object = $_REQUEST[$name];
$yep = 1;
if (!ValidateArgument($type, $object)) {
unset($object);
}
}
break;
case PAGEARG_ANYTHING:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Anything allowed, caller BETTER check it.
}
break;
case PAGEARG_ALPHALIST:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) {
unset($object);
} else {
$object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]);
}
}
break;
case PAGEARG_STRING:
default:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Pages never get arguments with special chars. Check.
if (preg_match("/[\\'\"]/", $object)) {
$object = htmlspecialchars($object);
PAGEARGERROR("Invalid characters in '{$name}': {$object}");
}
}
break;
case PAGEARG_PASSWORD:
default:
if (isset($_REQUEST[$name])) {
$object = $_REQUEST[$name];
$yep = 1;
# Only printable chars.
if (!preg_match("/^[ -~]+\$/", $object)) {
PAGEARGERROR("Invalid characters in '{$name}'");
}
}
break;
case PAGEARG_LOGFILE:
if (isset($_REQUEST[URL_LOGFILE])) {
$logid = $_REQUEST[URL_LOGFILE];
$yep = 1;
if (ValidateArgument(PAGEARG_LOGFILE, $logid)) {
$object = Logfile::Lookup($logid);
}
}
break;
}
if (isset($object)) {
$result[$name] = $object;
$GLOBALS[$name] = $object;
} elseif ($yep) {
#
# Value supplied but could not be mapped to object.
# Lets make that clear in the error message.
#
USERERROR("Could not map page arguments to '{$name}'", 1);
} elseif ($required) {
PAGEARGERROR("Must provide '{$name}' page argument");
} else {
unset($GLOBALS[$name]);
}
}
return $result;
}
#
# Okay, validate form arguments.
#
$errors = array();
# Some local variables.
$nsfilelocale = 0;
$thensfile = 0;
$deletensfile = 0;
#
# Project:
#
if (!isset($formfields["pid"]) || $formfields["pid"] == "") {
$errors["Project"] = "Not Selected";
} elseif (!TBvalid_pid($formfields["pid"])) {
$errors["Project"] = TBFieldErrorString();
} elseif (!($project = Project::Lookup($formfields["pid"]))) {
$errors["Project"] = "No such project";
} else {
#
# Group: If none specified, then use default group (see below).
#
if (isset($formfields["gid"]) && $formfields["gid"] != "") {
if (!TBvalid_gid($formfields["gid"])) {
$errors["Group"] = TBFieldErrorString();
} elseif (!($group = Group::LookupByPidGid($formfields["pid"], $formfields["gid"]))) {
$errors["Group"] = "No such group in project'";
}
} else {
$group = $project->DefaultGroup();
}
}
function AccessCheck($user, $access_type)
{
global $TBDB_TRUST_USER;
$pid_idx = $this->pid_idx();
if (!($project = Project::Lookup($pid_idx))) {
TBERROR("ExperimentStats::AccessCheck: " . "Cannot map project {$pid_idx} to its object", 1);
}
return $project->AccessCheck($user, $TBDB_TRUST_USER);
}
function Project()
{
$pid_idx = $this->pid_idx();
if ($this->project) {
return $this->project;
}
$this->project = Project::Lookup($pid_idx);
if (!$this->project) {
TBERROR("Could not lookup project {$pid_idx}!", 1);
}
return $this->project;
}
function FirstApprovedProject()
{
$uid_idx = $this->uid_idx();
$query_result = DBQueryFatal("select pid_idx from group_membership " . "where uid_idx='{$uid_idx}' and pid=gid and " . " trust!='" . TBDB_TRUSTSTRING_NONE . "' " . "order by date_approved asc limit 1");
if (mysql_num_rows($query_result) == 0) {
return null;
}
$row = mysql_fetch_array($query_result);
$pid_idx = $row["pid_idx"];
if (!($project = Project::Lookup($pid_idx))) {
TBERROR("User::FirstApprovedProject: " . "Could not load project {$pid_idx}!", 1);
}
return $project;
}
}
#
# Figure out the NS file to give to the script. Eventually we will allow
# it to come inline as an XML argument.
#
if ($nsfilelocale == "copyid") {
if (preg_match("/^([-\\w]+),([-\\w]+)\$/", $formfields['copyid'], $matches)) {
$copypid = $matches[1];
$copyeid = $matches[2];
$okay = 0;
#
# Project level check if not a current experiment.
#
if ($experiment = Experiment::LookupByPidEid($copypid, $copyeid)) {
$okay = $experiment->AccessCheck($this_user, $TB_EXPT_READINFO);
} elseif ($project = Project::Lookup($copypid)) {
$okay = $project->AccessCheck($this_user, $TB_PROJECT_READINFO);
}
if (!$okay) {
$errors["Project/Group"] = "Not enough permission to copy experiment {$copypid}/{$copyeid}";
EXPERROR();
}
if ($copypid != $exp_pid) {
$extragroups = ",{$copypid}";
}
}
$thensfile = "-c " . escapeshellarg($formfields['copyid']);
} elseif ($nsfilelocale == "local") {
#
# No way to tell from here if this file actually exists, since
# the web server runs as user nobody. The startexp script checks
function AccessCheck($user, $access_type)
{
global $TB_OSID_READINFO;
global $TB_OSID_MODIFYINFO;
global $TB_OSID_DESTROY;
global $TB_OSID_MIN;
global $TB_OSID_MAX;
global $TBDB_TRUST_USER;
global $TBDB_TRUST_LOCALROOT;
$mintrust = $TB_OSID_READINFO;
if ($access_type < $TB_OSID_MIN || $access_type > $TB_OSID_MAX) {
TBERROR("Invalid access type {$access_type}!", 1);
}
#
# Admins do whatever they want!
#
if (ISADMIN()) {
return 1;
}
#
# No GIDs yet.
#
$pid = $this->pid();
$shared = $this->shared();
$uid = $user->uid();
#
# Global OSIDs can be read by anyone.
#
if ($shared) {
if ($access_type == $TB_OSID_READINFO) {
return 1;
}
return 0;
}
#
# Otherwise must have proper trust in the project.
#
if ($access_type == $TB_OSID_READINFO) {
$mintrust = $TBDB_TRUST_USER;
} else {
$mintrust = $TBDB_TRUST_LOCALROOT;
}
#
# Need the project object to complete this test.
#
if (!($project = Project::Lookup($pid))) {
TBERROR("Could not map project {$pid} to its object", 1);
}
if (TBMinTrust($project->UserTrust($user), $mintrust)) {
return 1;
} elseif (!$this->ezid()) {
return 0;
}
#
# If this is an ez image, look in the image permissions.
# First look for a user permission, then look for a group permission.
#
$osid = $this->osid();
$uid_idx = $user->uid_idx();
$trust_none = TBDB_TRUSTSTRING_NONE;
$query_result = DBQueryFatal("select allow_write from image_permissions " . "where imageid='{$osid}' and " . " permission_type='user' and " . " permission_idx='{$uid_idx}'");
if (mysql_num_rows($query_result)) {
$row = mysql_fetch_array($query_result);
# Only allowed to read.
if ($access_type == $TB_OSID_READINFO) {
return 1;
}
}
$trust_none = TBDB_TRUSTSTRING_NONE;
$query_result = DBQueryFatal("select allow_write from group_membership as g " . "left join image_permissions as p on " . " p.permission_type='group' and " . " p.permission_idx=g.gid_idx " . "where g.uid_idx='{$uid_idx}' and " . " p.imageid='{$osid}' and " . " trust!='{$trust_none}'");
if (mysql_num_rows($query_result)) {
# Only allowed to read.
if ($access_type == $TB_OSID_READINFO) {
return 1;
}
}
return 0;
}
function LoadProject()
{
$pid_idx = $this->pid_idx();
if (!($project = Project::Lookup($pid_idx))) {
TBERROR("Group::LoadProject: Could not load project {$pid_idx}!", 1);
}
$this->project = $project;
return 0;
}
PAGEARGERROR("Project {$pid} is not a valid project!");
}
# Must be admin or project/group root.
if (!$isadmin && !TBMinTrust(TBGrpTrust($uid, $pid, $pid), $TBDB_TRUST_GROUPROOT)) {
USERERROR("You do not have permission to toggle {$type}!", 1);
}
$zapurl = CreateURL("showproject", $project);
$project->SetCVSRepoPublic($value);
$unix_pid = $project->unix_gid();
SUEXEC($uid, $unix_pid, "webcvsrepo_ctrl {$pid}", SUEXEC_ACTION_DIE);
} elseif ($type == "workbench") {
# Must validate the pid since we allow non-admins to do this.
if (!TBvalid_pid($pid)) {
PAGEARGERROR("Invalid characters in {$pid}");
}
if (!($project = Project::Lookup($pid))) {
PAGEARGERROR("Project {$pid} is not a valid project!");
}
# Must be admin
if (!$isadmin) {
USERERROR("You do not have permission to toggle {$type}!", 1);
}
$zapurl = CreateURL("showproject", $project);
$project->SetAllowWorkbench($value);
} elseif ($type == "hiderun") {
RequiredPageArguments("instance", PAGEARG_INSTANCE, "runidx", PAGEARG_INTEGER);
if (!$instance->AccessCheck($this_user, $TB_EXPT_MODIFY)) {
USERERROR("You do not have permission to modify this instance", 1);
}
$instance->SetRunHidden($runidx, $value);
} else {
function Project()
{
$pid = $this->pid();
if (!($project = Project::Lookup($pid))) {
TBERROR("Could not lookup project {$pid}!", 1);
}
return $project;
}
function PendingProjectList()
{
$result = array();
$query_result = DBQueryFatal("select pid_idx, " . " DATE_FORMAT(created, '%m/%d/%y') as day_created " . " from projects " . "where approved='0' order by created desc");
while ($row = mysql_fetch_array($query_result)) {
$pid_idx = $row["pid_idx"];
$created = $row["day_created"];
if (!($project = Project::Lookup($pid_idx))) {
TBERROR("Project::PendingProjectList: " . "Could not load project {$pid_idx}!", 1);
}
$project->SetTempData($created);
$result[] = $project;
}
return $result;
}