/** * Return SVN path the user is not allowed to see * * @param PFUser $user * * @return string */ protected function getForbiddenPaths(PFUser $user) { $forbidden = svn_utils_get_forbidden_paths($user->getName(), $this->project->getSVNRootPath()); $where_forbidden = ""; foreach ($forbidden as $no_access => $v) { $where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'"; } return $where_forbidden; }
private function import_dumpfile(Project $project, $xml_svn, $extraction_path) { $attrs = $xml_svn->attributes(); if (!isset($attrs['dump-file'])) { return true; } $rootpath_arg = escapeshellarg($project->getSVNRootPath()); $dumpfile_arg = escapeshellarg("{$extraction_path}/{$attrs["dump-file"]}"); $commandline = "svnadmin load {$rootpath_arg} <{$dumpfile_arg} 2>&1"; $this->logger->info($commandline); try { $cmd = new System_Command(); $command_output = $cmd->exec($commandline); $return_status = 0; } catch (System_Command_CommandException $e) { $command_output = $e->output; $return_status = $e->return_value; } foreach ($command_output as $line) { $this->logger->debug($line); } $this->logger->debug("Exited with status {$return_status}"); return 0 === $return_status; }
/** * Rename svn repository (following project unix_name change) * * @param Project $project * @param String $newName * * @return Boolean */ public function renameSVNRepository(Project $project, $newName) { return rename($project->getSVNRootPath(), $GLOBALS['svn_prefix'] . '/' . $newName); }
function svn_get_revisions(Project $project, $offset, $chunksz, $_rev_id = '', $_commiter = '', $_srch = '', $order_by = '', $pv = 0, $foundRows = true) { global $_path; $um = UserManager::instance(); //check user access rights $forbidden = svn_utils_get_forbidden_paths($um->getCurrentUser()->getName(), $project->getSVNRootPath()); $select = 'SELECT'; $group_by = ''; if ($foundRows) { $select .= ' SQL_CALC_FOUND_ROWS'; } $select .= ' svn_commits.revision as revision, svn_commits.id as commit_id, svn_commits.description as description, svn_commits.date as date, svn_commits.whoid'; $from = " FROM svn_commits"; $where = " WHERE svn_commits.group_id=" . db_ei($project->getGroupId()); //check user access rights if (!empty($forbidden)) { $from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)"; $from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)"; $where_forbidden = ""; foreach ($forbidden as $no_access => $v) { if ($no_access == $_path) { $_path = ''; } $where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'"; } $where .= $where_forbidden; $group_by .= ' GROUP BY revision'; } //if status selected, and more to where clause if ($_path != '') { $path_str = " AND svn_dirs.dir like '%" . db_es($_path) . "%'"; if (!isset($forbidden) || empty($forbidden)) { $from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)"; $from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)"; $group_by .= ' GROUP BY revision'; } } else { $path_str = ""; } //if revision selected, and more to where clause if (isset($_rev_id) && $_rev_id != '') { $commit_str = " AND svn_commits.revision='" . db_ei($_rev_id) . "' "; } else { $commit_str = ''; } if (isset($_commiter) && $_commiter && $_commiter != 100) { $commiter_str = " AND svn_commits.whoid='" . db_ei($um->getUserByUserName($_commiter)->getId()) . "' "; } else { //no assigned to was chosen, so don't add it to where clause $commiter_str = ''; } if (isset($_srch) && $_srch != '') { $srch_str = " AND svn_commits.description like '%" . db_es(htmlspecialchars($_srch)) . "%'"; } else { $srch_str = ""; } $where .= $commiter_str . $commit_str . $srch_str . $path_str; if (!isset($pv) || !$pv) { $limit = " LIMIT " . db_ei($offset) . "," . db_ei($chunksz); } // SQLi Warning: no real possibility to escape $order_by here. // We rely on a proper filtering of user input by calling methods. if (!isset($order_by) || $order_by == '') { $order_by = " ORDER BY revision DESC "; } $sql = $select . $from . $where . $group_by . $order_by . $limit; //echo $sql."<br>\n"; $result = db_query($sql); // Compute the number of rows. $totalrows = -1; if ($foundRows) { $sql1 = 'SELECT FOUND_ROWS() as nb'; $result1 = db_query($sql1); if ($result1 && !db_error($result1)) { $row1 = db_fetch_array($result1); $totalrows = $row1['nb']; } } return array($result, $totalrows); }
/** * Update renamed ugroup line or comment invalid ugroup lines for all lines of .SVNAccessFile * * @param Project $project Project of the svn repository * @param String $contents Text to validate * @param Boolean $verbose Show feedback or not * * @return String */ public function parseGroupLines($project, $contents, $verbose = false) { $defaultLines = explode("\n", $this->getPlatformBlock($project->getSVNRootPath())); $groups = array(); $currentSection = -1; foreach ($defaultLines as $line) { $currentSection = $this->getCurrentSection($line, $currentSection); if ($currentSection == 'groups') { $groups = $this->accumulateDefinedGroups($groups, $line, true); } } $lines = explode("\n", $contents); $validContents = ''; foreach ($lines as $line) { $currentSection = $this->getCurrentSection($line, $currentSection); switch ($currentSection) { case 'groups': $groups = $this->accumulateDefinedGroups($groups, $line, false); $validContents .= $line . PHP_EOL; break; default: $validContents .= $this->validateUGroupLine($groups, $line, $verbose) . PHP_EOL; break; } } return substr($validContents, 0, -1); }
/** * Returns revision info for a project E.g. array( * lucky luke, //author * 1545654656, //datestamp * 16, //log message size (in bytes) * 'my message', //log message * ); * * @param Project $project * @param int $revision * * @throw SVN_SvnlookException * * @return array */ public function getInfo(Project $project, $revision) { $command = 'info -r ' . escapeshellarg($revision) . ' ' . escapeshellarg($project->getSVNRootPath()); return $this->execute($command); }
public function userCanRead(PFUser $user, Project $project, $svnpath) { include_once 'www/svn/svn_utils.php'; return svn_utils_check_access($user->getUserName(), $project->getSVNRootPath(), $svnpath); }
private function importAccessFile(Project $project, $xml_svn) { $dao = $this->getAccessFileDAO(); $tagname = "access-file"; $contents = (string) $xml_svn->{$tagname} . "\n"; $writer = new SVN_AccessFile_Writer($project->getSVNRootPath()); $this->logger->debug("Write SVN AccessFile: " . $writer->filename()); if (!$dao->saveNewAccessFileVersionInProject($project->getID(), $contents)) { throw new SVNXMLImporterException("Could not save new access file version"); } if (!$writer->write_with_defaults($contents)) { throw new SVNXMLImporterException("Could not write to " . $writer->filename()); } }