logError("invalid ticket id/request"); httpNotFound(); } // try to fetch the id $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); if ($DATA === false || isTicketExpired($DATA)) { if ($DATA === false) { logEvent("unknown ticket requested"); } else { logTicketEvent($DATA, "expired ticket requested"); } httpNotFound(); } // check for password if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) { logTicketEvent($DATA, "missing credentials", LOG_ERR); httpBadRequest(); } // open the file first $fd = fopen($DATA["path"], "r"); if ($fd === false) { logTicketEvent($DATA, "data file " . $DATA["path"] . " is missing!", LOG_ERR); httpInternalError(); } // update range parameters if (!empty($_SERVER["HTTP_RANGE"])) { preg_match("/^bytes=(\\d*)-(\\d*)/", $_SERVER["HTTP_RANGE"], $range); } if (empty($range[1]) || $range[1] < 0 || $range[1] >= $DATA["size"]) { $range[1] = 0;
require_once "grantfuncs.php"; // try to fetch the grant $id = $_REQUEST["g"]; if (!isGrantId($id)) { $id = false; $GRANT = false; } else { $sql = "SELECT * FROM \"grant\" WHERE id = " . $db->quote($id); $GRANT = $db->query($sql)->fetch(); } $ref = "{$masterPath}?g={$id}"; if ($GRANT === false || isGrantExpired($GRANT)) { includeTemplate("{$style}/include/nogrant.php", array('id' => $id)); exit; } if (hasPassHash($GRANT) && !isset($_SESSION['g'][$id])) { if (!empty($_POST['p']) && checkPassHash('"grant"', $GRANT, $_POST['p'])) { // authorize the grant for this session $_SESSION['g'][$id] = array('pass' => $_POST["p"]); } else { include "grantp.php"; exit; } } // upload handler function failUpload($file) { unlink($file); return false; } function handleUpload($GRANT, $FILE)
<?php $act = "tedit"; $ref = pageLinkAct(array('id' => $id, 'src' => $src)); $title = sprintf(T_("Editing ticket %s"), "<span class=\"ticketid\">{$id}</span>"); pageHeader(array('title' => $title)); // form values $name = anyOf(@$_POST['name'], $DATA['name']); $comment = anyOf(@$_POST['comment'], $DATA['cmt']); $hasPass = hasPassHash($DATA); $pass = anyOf(@$_POST['pass'], ""); $clear = anyOf(@$_POST['clear'], ""); $permanent = anyOf(@$_POST['ticket_permanent'], !($DATA['expire'] || $DATA["last_time"] || $DATA["expire_dln"])); $notify = anyOf(@$_POST['notify'], join(", ", getEMailAddrs($DATA['notify_email']))); // current expiration values if (isset($_POST['ticket_totaldays'])) { $totalDays = $_POST['ticket_totaldays']; } elseif ($DATA["expire"]) { $totalDays = ceil(($DATA["expire"] - time()) / (3600 * 24)); } elseif ($permanent) { $totalDays = $defaults['ticket']['total'] / (3600 * 24); } else { $totalDays = 0; } if (isset($_POST['ticket_lastdldays'])) { $lastDlDays = $_POST['ticket_lastdldays']; } elseif ($DATA["last_time"]) { $lastDlDays = ceil($DATA["last_time"] / (3600 * 24)); } elseif ($permanent) { $lastDlDays = $defaults['ticket']['lastdl'] / (3600 * 24); } else {