function ticket_row_editor()
{
global $c, $id, $editor, $can_write_principal, $privilege_names;
$ticketrow = new Editor("Tickets", "access_ticket");
$ticketrow->SetSubmitName('ticketrow');
dbg_error_log("ERROR", "Creating ticketrow editor: %s - %s", $can_write_principal, $ticketrow->IsSubmit());
if ($can_write_principal && $ticketrow->IsSubmit()) {
$username = $editor->Value('username');
$ugly_path = $_POST['target'];
if ($ugly_path == '/' . $username || $ugly_path == '/' . $username . '/') {
$target_collection = $id;
} else {
$username_len = strlen($username) + 2;
$sql = "SELECT collection_id FROM collection WHERE dav_name = :exact_name";
$sql .= " AND substring(dav_name FROM 1 FOR {$username_len}) = '/{$username}/'";
$params = array(':exact_name' => $ugly_path);
if (!preg_match('#/$#', $ugly_path)) {
$sql .= " OR dav_name = :truncated_name OR dav_name = :trailing_slash_name";
$params[':truncated_name'] = preg_replace('#[^/]*$#', '', $ugly_path);
$params[':trailing_slash_name'] = $ugly_path . "/";
}
$sql .= " ORDER BY LENGTH(dav_name) DESC LIMIT 1";
$qry = new AwlQuery($sql, $params);
if ($qry->Exec() && $qry->rows() > 0) {
$row = $qry->Fetch();
$target_collection = $row->collection_id;
} else {
$c->messages[] = translate('Can only add tickets for existing collection paths which you own');
return $ticketrow;
}
}
$_POST['dav_owner_id'] = $id;
$_POST['target_collection_id'] = $target_collection;
$ticket_id = clean_by_regex($_POST['ticket_id'], '/[A-Za-z0-9]+/');
$ticketrow->SetWhere('dav_owner_id=' . $id . ' AND ticket_id=' . AwlQuery::quote($ticket_id));
if (isset($_POST['ticket_privileges'])) {
$privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['ticket_privileges']);
$privs_dec = privilege_to_bits($priv_names);
$_POST['privileges'] = sprintf('%024s', decbin($privs_dec));
$ticketrow->Assign('privileges', $privs_dec);
}
$c->messages[] = translate('Creating new ticket granting privileges to this Principal');
$ticketrow->Write();
}
return $ticketrow;
}
/**
* Convert a parameter to a global. We first look in _POST and then in _GET,
* and if they passed in a bunch of valid characters, we will make sure the
* incoming is cleaned to only match that set.
*
* @param string $varname The name of the global variable to put the answer in
* @param string $match_regex The part of the parameter matching this regex will be returned
* @param string $alias1 An alias for the name that we should look for first.
* @param " ... More aliases, in the order which they should be examined. $varname will be appended to the end.
*/
function param_to_global()
{
$args = func_get_args();
$varname = array_shift($args);
$GLOBALS[$varname] = null;
$match_regex = null;
$argc = func_num_args();
if ($argc > 1) {
$match_regex = array_shift($args);
}
$args[] = $varname;
foreach ($args as $k => $name) {
if (isset($_POST[$name])) {
$result = $_POST[$name];
break;
} else {
if (isset($_GET[$name])) {
$result = $_GET[$name];
break;
}
}
}
if (!isset($result)) {
return null;
}
if (isset($match_regex)) {
$result = clean_by_regex($result, $match_regex);
}
$GLOBALS[$varname] = $result;
return $result;
}