/**
* Prints the preview of a text file attachment.
* @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function
*/
function print_bug_attachment_preview_text($p_attachment)
{
if (!$p_attachment['exists']) {
return;
}
echo "\n<pre class=\"bug-attachment-preview-text\">";
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
}
break;
case FTP:
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
} else {
$t_ftp = file_ftp_connect();
file_ftp_get($t_ftp, $p_attachment['diskfile'], $p_attachment['diskfile']);
file_ftp_disconnect($t_ftp);
if (file_exists($p_attachment['diskfile'])) {
$t_content = file_get_contents($p_attachment['diskfile']);
}
}
break;
default:
$t_bug_file_table = db_get_table('bug_file');
$c_attachment_id = db_prepare_int($p_attachment['id']);
$t_query = "SELECT * FROM {$t_bug_file_table} WHERE id=" . db_param();
$t_result = db_query_bound($t_query, array($c_attachment_id));
$t_row = db_fetch_array($t_result);
$t_content = $t_row['content'];
}
echo htmlspecialchars($t_content);
echo '</pre>';
}
/**
* Returns the attachment contents
*
* @param int $p_file_id
* @param string $p_type The file type, bug or doc
* @param int $p_user_id
* @return string|soap_fault the string contents, or a soap_fault
*/
function mci_file_get($p_file_id, $p_type, $p_user_id)
{
# we handle the case where the file is attached to a bug
# or attached to a project as a project doc.
$query = '';
switch ($p_type) {
case 'bug':
$t_bug_file_table = db_get_table('bug_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'";
break;
case 'doc':
$t_project_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'";
break;
default:
return new soap_fault('Server', '', 'Invalid file type ' . $p_type . ' .');
}
$result = db_query($query);
if ($result->EOF) {
return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .');
}
$row = db_fetch_array($result);
if ($p_type == 'doc') {
$t_project_id = $row['project_id'];
} else {
if ($p_type == 'bug') {
$t_bug_id = $row['bug_id'];
$t_project_id = bug_get_field($t_bug_id, 'project_id');
}
}
$t_diskfile = file_normalize_attachment_path($row['diskfile'], $t_project_id);
$t_content = $row['content'];
# Check access rights
switch ($p_type) {
case 'bug':
if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) {
return mci_soap_fault_access_denied($p_user_id);
}
break;
case 'doc':
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation')) {
return mci_soap_fault_access_denied($p_user_id);
}
if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) {
return mci_soap_fault_access_denied($p_user_id);
}
break;
}
# dump file content to the connection.
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($t_diskfile)) {
return mci_file_read_local($t_diskfile);
} else {
return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .');
}
case FTP:
if (file_exists($t_diskfile)) {
return mci_file_read_local($t_diskfile);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_diskfile, $t_diskfile);
file_ftp_disconnect($ftp);
return mci_file_read_local($t_diskfile);
}
default:
return $t_content;
}
}
function print_bug_attachments_list($p_bug_id)
{
$t_attachments = file_get_visible_attachments($p_bug_id);
$t_attachments_count = count($t_attachments);
$i = 0;
$image_previewed = false;
foreach ($t_attachments as $t_attachment) {
$t_file_display_name = string_display_line($t_attachment['display_name']);
$t_filesize = number_format($t_attachment['size']);
$t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']);
if ($image_previewed) {
$image_previewed = false;
echo '<br />';
}
if ($t_attachment['can_download']) {
$t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">';
$t_href_end = '</a>';
$t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&type=bug\" target=\"_blank\">^</a>]";
} else {
$t_href_start = '';
$t_href_end = '';
$t_href_clicket = '';
}
if (!$t_attachment['exists']) {
print_file_icon($t_file_display_name);
echo ' <span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')';
} else {
echo $t_href_start;
print_file_icon($t_file_display_name);
echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>';
}
if ($t_attachment['can_delete']) {
echo ' [';
print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small');
echo ']';
}
if ($t_attachment['exists']) {
if (FTP == config_get('file_upload_method') && $t_attachment['exists']) {
echo ' (' . lang_get('cached') . ')';
}
if ($t_attachment['preview'] && $t_attachment['type'] == 'text') {
$c_id = db_prepare_int($t_attachment['id']);
$t_bug_file_table = db_get_table('mantis_bug_file_table');
echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>";
echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>";
echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]";
echo "<pre>";
/** @todo Refactor into a method that gets contents for download / preview. */
switch (config_get('file_upload_method')) {
case DISK:
if ($t_attachment['exists']) {
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
case FTP:
if (file_exists($t_attachment['exists'])) {
file_get_contents($t_attachment['diskfile']);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']);
file_ftp_disconnect($ftp);
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
default:
$query = "SELECT *\n\t \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t \t\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_id));
$row = db_fetch_array($result);
$v_content = $row['content'];
}
echo htmlspecialchars($v_content);
echo "</pre></span>\n";
}
if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') {
$t_preview_style = 'border: 0;';
$t_max_width = config_get('preview_max_width');
if ($t_max_width > 0) {
$t_preview_style .= ' max-width:' . $t_max_width . 'px;';
}
$t_max_height = config_get('preview_max_height');
if ($t_max_height > 0) {
$t_preview_style .= ' max-height:' . $t_max_height . 'px;';
}
$t_preview_style = 'style="' . $t_preview_style . '"';
$t_title = file_get_field($t_attachment['id'], 'title');
$t_image_url = $t_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline');
echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}";
$image_previewed = true;
}
}
if ($i != $t_attachments_count - 1) {
echo "<br />\n";
$i++;
}
}
}
# prepare variables for insertion
$c_file_name = db_prepare_string($v_name);
$c_file_type = db_prepare_string($v_type);
$t_file_size = filesize($v_tmp_name);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
if (FTP == $t_method) {
$conn_id = file_ftp_connect();
file_ftp_delete($conn_id, $t_disk_file_name);
file_ftp_put($conn_id, $t_disk_file_name, $v_tmp_name);
file_ftp_disconnect($conn_id);
}
if (file_exists($t_disk_file_name)) {
file_delete_local($t_disk_file_name);
}
if (!move_uploaded_file($v_tmp_name, $t_disk_file_name)) {
trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
}
chmod($t_disk_file_name, config_get('attachments_file_permissions'));
$c_content = '';
break;
case DATABASE:
$c_content = db_prepare_binary_string(fread(fopen($v_tmp_name, 'rb'), $v_size));
# command when IE is used over HTTPS.
global $g_allow_file_cache;
if (isset($_SERVER["HTTPS"]) && "on" == $_SERVER["HTTPS"] && preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) {
# Suppress "Pragma: no-cache" header.
} else {
if (!isset($g_allow_file_cache)) {
header('Pragma: no-cache');
}
}
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time()));
# dump file content to the connection.
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($v_diskfile)) {
readfile($v_diskfile);
}
break;
case FTP:
if (file_exists($v_diskfile)) {
readfile($v_diskfile);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $v_diskfile, $v_diskfile);
file_ftp_disconnect($ftp);
readfile($v_diskfile);
}
break;
default:
echo $v_content;
}
exit;
/**
* Add a file to the system using the configured storage method
*
* @param integer $p_bug_id the bug id
* @param array $p_file the uploaded file info, as retrieved from gpc_get_file()
*/
function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null)
{
file_ensure_uploaded($p_file);
$t_file_name = $p_file['name'];
$t_tmp_file = $p_file['tmp_name'];
if (!file_type_check($t_file_name)) {
trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
}
if (!file_is_name_unique($t_file_name, $p_bug_id)) {
trigger_error(ERROR_FILE_DUPLICATE, ERROR);
}
if ('bug' == $p_table) {
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_id = bug_format_id($p_bug_id);
} else {
$t_project_id = helper_get_current_project();
$t_bug_id = 0;
}
if ($p_user_id === null) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = (int) $p_user_id;
}
# prepare variables for insertion
$c_bug_id = db_prepare_int($p_bug_id);
$c_project_id = db_prepare_int($t_project_id);
$c_file_type = db_prepare_string($p_file['type']);
$c_title = db_prepare_string($p_title);
$c_desc = db_prepare_string($p_desc);
if ($t_project_id == ALL_PROJECTS) {
$t_file_path = config_get('absolute_path_default_upload_folder');
} else {
$t_file_path = project_get_field($t_project_id, 'file_path');
if (is_blank($t_file_path)) {
$t_file_path = config_get('absolute_path_default_upload_folder');
}
}
$c_file_path = db_prepare_string($t_file_path);
$c_new_file_name = db_prepare_string($t_file_name);
$t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
$t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path);
$t_disk_file_name = $t_file_path . $t_unique_name;
$c_unique_name = db_prepare_string($t_unique_name);
$t_file_size = filesize($t_tmp_file);
if (0 == $t_file_size) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
}
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
if (!file_exists($t_disk_file_name)) {
if (FTP == $t_method) {
$conn_id = file_ftp_connect();
file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file);
file_ftp_disconnect($conn_id);
}
if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) {
trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
}
chmod($t_disk_file_name, config_get('attachments_file_permissions'));
$c_content = "''";
} else {
trigger_error(ERROR_FILE_DUPLICATE, ERROR);
}
break;
case DATABASE:
$c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size));
break;
default:
trigger_error(ERROR_GENERIC, ERROR);
}
$t_file_table = db_get_table('mantis_' . $p_table . '_file_table');
$c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id;
$query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
db_query($query);
if ('bug' == $p_table) {
# updated the last_updated date
$result = bug_update_date($p_bug_id);
# log new bug
history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name);
}
}
/**
* Get file content
*
* @param int $p_file_id file id
* @param string $p_type file type (either 'bug' or 'doc')
* @return array|bool array containing file type and content or false on failure to retrieve file
*/
function file_get_content($p_file_id, $p_type = 'bug')
{
# we handle the case where the file is attached to a bug
# or attached to a project as a project doc.
$query = '';
switch ($p_type) {
case 'bug':
$t_bug_file_table = db_get_table('bug_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id=" . db_param();
break;
case 'doc':
$t_project_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id=" . db_param();
break;
default:
return false;
}
$result = db_query_bound($query, array($p_file_id));
$row = db_fetch_array($result);
if ($f_type == 'bug') {
$t_project_id = bug_get_field($row['bug_id'], 'project_id');
} else {
$t_project_id = $row['bug_id'];
}
# If finfo is available (always true for PHP >= 5.3.0) we can use it to determine the MIME type of files
$finfo_available = false;
if (class_exists('finfo')) {
$t_info_file = config_get('fileinfo_magic_db_file');
if (is_blank($t_info_file)) {
$finfo = new finfo(FILEINFO_MIME);
} else {
$finfo = new finfo(FILEINFO_MIME, $t_info_file);
}
if ($finfo) {
$finfo_available = true;
}
}
$t_content_type = $row['file_type'];
switch (config_get('file_upload_method')) {
case DISK:
$t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id);
if (file_exists($t_local_disk_file)) {
if ($finfo_available) {
$t_file_info_type = $finfo->file($t_local_disk_file);
if ($t_file_info_type !== false) {
$t_content_type = $t_file_info_type;
}
}
return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file));
}
break;
case FTP:
$t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id);
if (!file_exists($t_local_disk_file)) {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_local_disk_file, $row['diskfile']);
file_ftp_disconnect($ftp);
}
if ($finfo_available) {
$t_file_info_type = $finfo->file($t_local_disk_file);
if ($t_file_info_type !== false) {
$t_content_type = $t_file_info_type;
}
}
return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file));
break;
default:
if ($finfo_available) {
$t_file_info_type = $finfo->buffer($row['content']);
if ($t_file_info_type !== false) {
$t_content_type = $t_file_info_type;
}
}
return array('type' => $t_content_type, 'content' => $row['content']);
break;
}
}
function mci_file_get($p_file_id, $p_type, $p_user_id)
{
# we handle the case where the file is attached to a bug
# or attached to a project as a project doc.
$query = '';
switch ($p_type) {
case 'bug':
$t_bug_file_table = config_get('mantis_bug_file_table');
$query = "SELECT *\r\n\t\t\t\t\tFROM {$t_bug_file_table}\r\n\t\t\t\t\tWHERE id='{$p_file_id}'";
break;
case 'doc':
$t_project_file_table = config_get('mantis_project_file_table');
$query = "SELECT *\r\n\t\t\t\t\tFROM {$t_project_file_table}\r\n\t\t\t\t\tWHERE id='{$p_file_id}'";
break;
default:
return new soap_fault('Client', '', 'Access Denied');
}
$result = db_query($query);
$row = db_fetch_array($result);
extract($row, EXTR_PREFIX_ALL, 'v');
# Check access rights
switch ($p_type) {
case 'bug':
if (!mci_file_can_download_bug_attachments($v_bug_id, $p_user_id)) {
return new soap_fault('Client', '', 'Access Denied');
}
break;
case 'doc':
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation')) {
return new soap_fault('Client', '', 'Access Denied');
}
if (!access_has_project_level(config_get('view_proj_doc_threshold'), $v_project_id, $p_user_id)) {
return new soap_fault('Client', '', 'Access Denied');
}
break;
}
# dump file content to the connection.
switch (config_get('file_upload_method')) {
case DISK:
if (file_exists($v_diskfile)) {
return base64_encode(mci_file_read_local($v_diskfile));
} else {
return null;
}
case FTP:
if (file_exists($v_diskfile)) {
return base64_encode(mci_file_read_local($v_diskfile));
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $v_diskfile, $v_diskfile);
file_ftp_disconnect($ftp);
return base64_encode(mci_file_read_local($v_diskfile));
}
default:
return base64_encode($v_content);
}
}
