?> </textarea> </td> </tr> <tr class="row-1"> <th class="category"> <?php echo lang_get('filename'); ?> </th> <td> <?php $t_href = '<a href="file_download.php?file_id=' . $v_id . '&type=doc">'; echo $t_href; print_file_icon($v_filename); echo '</a> ' . $t_href . file_get_display_name($v_filename) . '</a>'; ?> </td> </tr> <tr class="row-2"> <td class="category"> <?php echo lang_get('select_file'); ?> <br /> <?php // FIXME: hard coded "k" in here. ?> <span class="small"><?php echo lang_get('max_file_size_label') . lang_get('word_separator') . number_format($t_max_file_size / 1000); ?>
/** * Copies all attachments from the source bug to the destination bug * * Does not perform history logging and does not perform access checks. * * @param integer $p_source_bug_id Source Bug. * @param integer $p_dest_bug_id Destination Bug. * @return void */ function file_copy_attachments($p_source_bug_id, $p_dest_bug_id) { $t_query = 'SELECT * FROM {bug_file} WHERE bug_id = ' . db_param(); $t_result = db_query($t_query, array($p_source_bug_id)); $t_count = db_num_rows($t_result); $t_project_id = bug_get_field($p_source_bug_id, 'project_id'); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($t_result); # prepare the new diskfile name and then copy the file $t_source_file = $t_bug_file['folder'] . $t_bug_file['diskfile']; if (config_get('file_upload_method') == DISK) { $t_source_file = file_normalize_attachment_path($t_source_file, $t_project_id); $t_file_path = dirname($t_source_file) . DIRECTORY_SEPARATOR; } else { $t_file_path = $t_bug_file['folder']; } $t_new_diskfile_name = file_generate_unique_name($t_file_path); $t_new_diskfile_location = $t_file_path . $t_new_diskfile_name; $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { # Skip copy operation if file does not exist (i.e. target bug will have missing attachment) # @todo maybe we should trigger an error instead in this case ? if (file_exists($t_source_file)) { copy($t_source_file, $t_new_diskfile_location); chmod($t_new_diskfile_location, config_get('attachments_file_permissions')); } } $t_query = 'INSERT INTO {bug_file} ( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, user_id, content ) VALUES ( ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query($t_query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_file_path, $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['user_id'], $t_bug_file['content'])); } }
case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { access_denied(); } access_ensure_project_level(config_get('view_proj_doc_threshold'), $v_project_id); break; } # flush output buffer to protect download @ob_end_clean(); # Make sure that IE can download the attachments under https. header('Pragma: public'); header('Content-Type: ' . $v_file_type); header('Content-Length: ' . $v_filesize); # Added Quotes (") around file name. header('Content-Disposition: attachment; filename="' . file_get_display_name($v_filename) . '"'); header('Content-Description: Download Data'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', db_unixtimestamp($v_date_added))); # To fix an IE bug which causes problems when downloading # attached files via HTTPS, we disable the "Pragma: no-cache" # command when IE is used over HTTPS. global $g_allow_file_cache; if (isset($_SERVER["HTTPS"]) && "on" == $_SERVER["HTTPS"] && preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) { # Suppress "Pragma: no-cache" header. } else { if (!isset($g_allow_file_cache)) { header('Pragma: no-cache'); } } header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time())); # dump file content to the connection.
# Make sure that IE can download the attachments under https. header('Pragma: public'); # To fix an IE bug which causes problems when downloading # attached files via HTTPS, we disable the "Pragma: no-cache" # command when IE is used over HTTPS. global $g_allow_file_cache; if (http_is_protocol_https() && is_browser_internet_explorer()) { # Suppress "Pragma: no-cache" header. } else { if (!isset($g_allow_file_cache)) { header('Pragma: no-cache'); } } header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time())); header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $v_date_added)); $t_filename = file_get_display_name($v_filename); # For Internet Explorer 8 as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx # Don't let IE second guess our content-type! header('X-Content-Type-Options: nosniff'); http_content_disposition_header($t_filename, $f_show_inline); header('Content-Length: ' . $v_filesize); # If finfo is available (always true for PHP >= 5.3.0) we can use it to determine the MIME type of files $finfo = finfo_get_if_available(); $t_content_type = $v_file_type; $t_content_type_override = file_get_content_type_override($t_filename); # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: $t_local_disk_file = file_normalize_attachment_path($v_diskfile, $t_project_id); if (file_exists($t_local_disk_file)) { if ($finfo) {
/** * * Copies all attachments from the source bug to the destination bug * * <p>Does not perform history logging and does not perform access checks.</p> * * @param int $p_source_bug_id * @param int $p_dest_bug_id */ function file_copy_attachments($p_source_bug_id, $p_dest_bug_id) { $t_mantis_bug_file_table = db_get_table('bug_file'); $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param(); $result = db_query_bound($query, array($p_source_bug_id)); $t_count = db_num_rows($result); $t_bug_file = array(); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($result); # prepare the new diskfile name and then copy the file $t_file_path = dirname($t_bug_file['folder']); $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path); $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { copy($t_bug_file['diskfile'], $t_new_diskfile_name); chmod($t_new_diskfile_name, config_get('attachments_file_permissions')); } $query = "INSERT INTO {$t_mantis_bug_file_table}\n \t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n \t\t\t\t\t\tVALUES ( " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ",\n \t\t\t\t\t\t\t\t " . db_param() . ");"; db_query_bound($query, array($p_dest_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content'])); } }
/** * Copy a bug from one project to another. Also make copies of issue notes, attachments, history, * email notifications etc. * @todo Not managed FTP file upload * @param array p_bug_id integer representing bug id * @param int p_target_project_id * @param bool p_copy_custom_fields * @param bool p_copy_relationships * @return int representing the new bugid * @access public */ function bug_copy($p_bug_id, $p_target_project_id = null, $p_copy_custom_fields = false, $p_copy_relationships = false, $p_copy_history = false, $p_copy_attachments = false, $p_copy_bugnotes = false, $p_copy_monitoring_users = false) { global $g_db; $t_mantis_custom_field_string_table = db_get_table('custom_field_string'); $t_mantis_bug_file_table = db_get_table('bug_file'); $t_mantis_bugnote_table = db_get_table('bugnote'); $t_mantis_bugnote_text_table = db_get_table('bugnote_text'); $t_mantis_bug_history_table = db_get_table('bug_history'); $t_mantis_db = $g_db; $t_bug_id = db_prepare_int($p_bug_id); $t_target_project_id = db_prepare_int($p_target_project_id); $t_bug_data = bug_get($t_bug_id, true); # retrieve the project id associated with the bug if ($p_target_project_id == null || is_blank($p_target_project_id)) { $t_target_project_id = $t_bug_data->project_id; } $t_bug_data->project_id = $t_target_project_id; $t_new_bug_id = $t_bug_data->create(); # MASC ATTENTION: IF THE SOURCE BUG HAS TO HANDLER THE bug_create FUNCTION CAN TRY TO AUTO-ASSIGN THE BUG # WE FORCE HERE TO DUPLICATE THE SAME HANDLER OF THE SOURCE BUG # @todo VB: Shouldn't we check if the handler in the source project is also a handler in the destination project? bug_set_field($t_new_bug_id, 'handler_id', $t_bug_data->handler_id); bug_set_field($t_new_bug_id, 'duplicate_id', $t_bug_data->duplicate_id); bug_set_field($t_new_bug_id, 'status', $t_bug_data->status); bug_set_field($t_new_bug_id, 'resolution', $t_bug_data->resolution); bug_set_field($t_new_bug_id, 'projection', $t_bug_data->projection); bug_set_field($t_new_bug_id, 'date_submitted', $t_bug_data->date_submitted); bug_set_field($t_new_bug_id, 'last_updated', $t_bug_data->last_updated); bug_set_field($t_new_bug_id, 'eta', $t_bug_data->eta); bug_set_field($t_new_bug_id, 'fixed_in_version', $t_bug_data->fixed_in_version); bug_set_field($t_new_bug_id, 'target_version', $t_bug_data->target_version); bug_set_field($t_new_bug_id, 'sponsorship_total', 0); bug_set_field($t_new_bug_id, 'sticky', 0); bug_set_field($t_new_bug_id, 'due_date', $t_bug_data->due_date); # COPY CUSTOM FIELDS if ($p_copy_custom_fields) { $query = "SELECT field_id, bug_id, value\n\t\t\t\t\t FROM {$t_mantis_custom_field_string_table}\n\t\t\t\t\t WHERE bug_id=" . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_custom = db_fetch_array($result); $c_field_id = db_prepare_int($t_bug_custom['field_id']); $c_new_bug_id = db_prepare_int($t_new_bug_id); $c_value = $t_bug_custom['value']; $query = "INSERT INTO {$t_mantis_custom_field_string_table}\n\t\t\t\t\t\t ( field_id, bug_id, value )\n\t\t\t\t\t\t VALUES (" . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query_bound($query, array($c_field_id, $c_new_bug_id, $c_value)); } } # Copy Relationships if ($p_copy_relationships) { relationship_copy_all($t_bug_id, $t_new_bug_id); } # Copy bugnotes if ($p_copy_bugnotes) { $query = "SELECT *\n\t\t\t\t\t FROM {$t_mantis_bugnote_table}\n\t\t\t\t\t WHERE bug_id=" . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_note = db_fetch_array($result); $t_bugnote_text_id = $t_bug_note['bugnote_text_id']; $query2 = "SELECT *\n\t\t\t\t\t\t FROM {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t WHERE id=" . db_param(); $result2 = db_query_bound($query2, array($t_bugnote_text_id)); $t_count2 = db_num_rows($result2); $t_bugnote_text_insert_id = -1; if ($t_count2 > 0) { $t_bugnote_text = db_fetch_array($result2); $query2 = "INSERT INTO {$t_mantis_bugnote_text_table}\n\t\t\t\t\t\t\t ( note )\n\t\t\t\t\t\t\t VALUES ( " . db_param() . ' )'; db_query_bound($query2, array($t_bugnote_text['note'])); $t_bugnote_text_insert_id = db_insert_id($t_mantis_bugnote_text_table); } $query2 = "INSERT INTO {$t_mantis_bugnote_table}\n\t\t\t\t\t\t ( bug_id, reporter_id, bugnote_text_id, view_state, date_submitted, last_modified )\n\t\t\t\t\t\t VALUES ( " . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ",\n\t\t\t\t\t\t \t\t\t" . db_param() . ')'; db_query_bound($query2, array($t_new_bug_id, $t_bug_note['reporter_id'], $t_bugnote_text_insert_id, $t_bug_note['view_state'], $t_bug_note['date_submitted'], $t_bug_note['last_modified'])); } } # Copy attachments if ($p_copy_attachments) { $query = 'SELECT * FROM ' . $t_mantis_bug_file_table . ' WHERE bug_id = ' . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); $t_bug_file = array(); for ($i = 0; $i < $t_count; $i++) { $t_bug_file = db_fetch_array($result); # prepare the new diskfile name and then copy the file $t_file_path = dirname($t_bug_file['folder']); $t_new_diskfile_name = $t_file_path . file_generate_unique_name('bug-' . $t_bug_file['filename'], $t_file_path); $t_new_file_name = file_get_display_name($t_bug_file['filename']); if (config_get('file_upload_method') == DISK) { copy($t_bug_file['diskfile'], $t_new_diskfile_name); chmod($t_new_diskfile_name, config_get('attachments_file_permissions')); } $query = "INSERT INTO {$t_mantis_bug_file_table}\n\t\t\t\t\t\t( bug_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content )\n\t\t\t\t\t\tVALUES ( " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ",\n\t\t\t\t\t\t\t\t " . db_param() . ");"; db_query_bound($query, array($t_new_bug_id, $t_bug_file['title'], $t_bug_file['description'], $t_new_diskfile_name, $t_new_file_name, $t_bug_file['folder'], $t_bug_file['filesize'], $t_bug_file['file_type'], $t_bug_file['date_added'], $t_bug_file['content'])); } } # Copy users monitoring bug if ($p_copy_monitoring_users) { bug_monitor_copy($t_bug_id, $t_new_bug_id); } # COPY HISTORY history_delete($t_new_bug_id); # should history only be deleted inside the if statement below? if ($p_copy_history) { $query = "SELECT *\n\t\t\t\t\t FROM {$t_mantis_bug_history_table}\n\t\t\t\t\t WHERE bug_id = " . db_param(); $result = db_query_bound($query, array($t_bug_id)); $t_count = db_num_rows($result); for ($i = 0; $i < $t_count; $i++) { $t_bug_history = db_fetch_array($result); $query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t\t ( user_id, bug_id, date_modified, field_name, old_value, new_value, type )\n\t\t\t\t\t\t VALUES ( " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . ",\n\t\t\t\t\t\t \t\t " . db_param() . " );"; db_query_bound($query, array($t_bug_history['user_id'], $t_new_bug_id, $t_bug_history['date_modified'], $t_bug_history['field_name'], $t_bug_history['old_value'], $t_bug_history['new_value'], $t_bug_history['type'])); } } return $t_new_bug_id; }
function file_delete($p_file_id, $p_table = 'bug') { $t_upload_method = config_get('file_upload_method'); $c_file_id = db_prepare_int($p_file_id); $t_filename = file_get_field($p_file_id, 'filename', $p_table); $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table); if (DISK == $t_upload_method || FTP == $t_upload_method) { if (FTP == $t_upload_method) { $ftp = file_ftp_connect(); file_ftp_delete($ftp, $t_diskfile); file_ftp_disconnect($ftp); } if (file_exists($t_diskfile)) { file_delete_local($t_diskfile); } } if ('bug' == $p_table) { # log file deletion $t_bug_id = file_get_field($p_file_id, 'bug_id', 'bug'); history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename)); } $t_file_table = config_get('mantis_' . $p_table . '_file_table'); $query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id='{$c_file_id}'"; db_query($query); return true; }
function file_delete($p_file_id, $p_table = 'bug') { $t_upload_method = config_get('file_upload_method'); $c_file_id = db_prepare_int($p_file_id); $t_filename = file_get_field($p_file_id, 'filename', $p_table); $t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table); if ($p_table == 'bug') { $t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table); $t_project_id = bug_get_field($t_bug_id, 'project_id'); } else { $t_project_id = file_get_field($p_file_id, 'project_id', $p_table); } if (DISK == $t_upload_method || FTP == $t_upload_method) { if (FTP == $t_upload_method) { $ftp = file_ftp_connect(); file_ftp_delete($ftp, $t_diskfile); file_ftp_disconnect($ftp); } $t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id); if (file_exists($t_local_disk_file)) { file_delete_local($t_local_disk_file); } } if ('bug' == $p_table) { # log file deletion history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename)); } $t_file_table = db_get_table($p_table . '_file'); $query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id=" . db_param(); db_query_bound($query, array($c_file_id)); return true; }