/**
* Check if compression handler (ob_gzhandler) should be enabled. Note: this should not be used
* as an indicator of whether output received by a client will be compressed, only whether an
* output handler is used to compress output.
* @return bool
* @access public
*/
function compress_handler_is_enabled() {
global $g_compress_html;
// indicates compression should be disabled for a page. Note: php.ini may still enable zlib.output_compression.
// it may be possible to turn this off through the use of ini_set within that specific page.
if( defined( 'COMPRESSION_DISABLED' ) ) {
return false;
}
// Dont use config_get here so only dependency is on consant.inc.php in this module
// We only actively compress html if global configuration compress_html is set.
if( ON == $g_compress_html ) {
// both compression handlers require zlib module to be loaded
if( !extension_loaded( 'zlib' ) ) {
return false;
}
if ( ini_get( 'zlib.output_compression' ) ) {
/* zlib output compression is already enabled - we can't load the gzip output handler */
return false;
}
// Since php 5.2.10, it's possible to set zlib.output_compression via ini_set.
// This method is preferred over ob_gzhandler
if( php_version_at_least( '5.2.10' ) && ini_get( 'output_handler' ) == '' && function_exists( 'ini_set' ) ) {
ini_set( 'zlib.output_compression', true );
// do it transparently
return false;
}
// if php.ini does not already use ob_gzhandler by default, return true.
return ( 'ob_gzhandler' != ini_get( 'output_handler' ) );
}
}
function access_denied()
{
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
if (!auth_is_user_authenticated()) {
if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') {
if (!isset($_SERVER['REQUEST_URI'])) {
if (!isset($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = '';
}
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($_SERVER['REQUEST_URI']);
print_header_redirect('login_page.php?return=' . $t_return_page);
}
} else {
echo '<center>';
echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>';
print_bracket_link('main_page.php', lang_get('proceed'));
echo '</center>';
}
exit;
}
function auth_ensure_user_authenticated($p_return_page = '')
{
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
# if logged in
if (auth_is_user_authenticated()) {
# check for access enabled
# This also makes sure the cookie is valid
if (OFF == current_user_get_field('enabled')) {
print_header_redirect('logout_page.php');
}
} else {
# not logged in
if (is_blank($p_return_page)) {
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
$p_return_page = $_SERVER['REQUEST_URI'];
}
$p_return_page = string_url($p_return_page);
print_header_redirect('login_page.php?return=' . $p_return_page);
}
}
if (ON == $g_use_iis) {
header("Refresh: 0;{$t_url}");
} else {
header("Location: {$t_url}");
}
exit;
# additional output can cause problems so let's just stop output here
}
# Load UTF8-capable string functions
define('UTF8', $g_library_path . 'utf8');
require_lib('utf8/utf8.php');
require_lib('utf8/str_pad.php');
# Include PHP compatibility file
require_api('php_api.php');
# Enforce our minimum PHP requirements
if (!php_version_at_least(PHP_MIN_VERSION)) {
@ob_end_clean();
echo '<strong>FATAL ERROR: Your version of PHP is too old. MantisBT requires PHP version ' . PHP_MIN_VERSION . ' or newer</strong><br />Your version of PHP is version ' . phpversion();
die;
}
# Ensure that output is blank so far (output at this stage generally denotes
# that an error has occurred)
if (($t_output = ob_get_contents()) != '') {
echo 'Possible Whitespace/Error in Configuration File - Aborting. Output so far follows:<br />';
echo var_dump($t_output);
die;
}
# Start HTML compression handler (if enabled)
require_api('compress_api.php');
compress_start_handler();
# If no configuration file exists, redirect the user to the admin page so
function gpc_get_cookie($p_var_name, $p_default = null)
{
# simulate auto-globals from PHP v4.1.0 (see also code in php_api.php)
if (!php_version_at_least('4.1.0')) {
global $_COOKIE;
}
if (isset($_COOKIE[$p_var_name])) {
$t_result = gpc_strip_slashes($_COOKIE[$p_var_name]);
} else {
if (func_num_args() > 1) {
#check for a default passed in (allowing null)
$t_result = $p_default;
} else {
#trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
echo "Variable '{$p_var_name}' not found";
$t_result = null;
}
}
return $t_result;
}
function db_prepare_string($p_string)
{
global $g_db;
$t_db_type = config_get('db_type');
switch ($t_db_type) {
case 'mssql':
case 'odbc_mssql':
if (ini_get('magic_quotes_sybase')) {
return addslashes($p_string);
} else {
ini_set('magic_quotes_sybase', true);
$t_string = addslashes($p_string);
ini_set('magic_quotes_sybase', false);
return $t_string;
}
case 'mysql':
# mysql_escape_string was deprecated in v4.3.0
if (php_version_at_least('4.3.0')) {
return mysql_real_escape_string($p_string);
} else {
return mysql_escape_string($p_string);
}
# For some reason mysqli_escape_string( $p_string ) always returns an empty
# string. This is happening with PHP v5.0.2.
# For some reason mysqli_escape_string( $p_string ) always returns an empty
# string. This is happening with PHP v5.0.2.
case 'mysqli':
$t_escaped = $g_db->qstr($p_string, false);
return substr($t_escaped, 1, strlen($t_escaped) - 2);
case 'postgres':
case 'postgres64':
case 'postgres7':
case 'pgsql':
return pg_escape_string($p_string);
default:
error_parameters('db_type', $t_db_type);
trigger_error(ERROR_CONFIG_OPT_INVALID, ERROR);
}
}
function output($p_format = 'dot', $p_headers = false)
{
# Check if it is a recognized format.
if (!isset($this->formats[$p_format])) {
trigger_error(ERROR_GENERIC, ERROR);
}
$t_binary = $this->formats[$p_format]['binary'];
$t_type = $this->formats[$p_format]['type'];
$t_mime = $this->formats[$p_format]['mime'];
# Send Content-Type header, if requested.
if ($p_headers) {
header('Content-Type: ' . $t_mime);
}
# Retrieve the source dot document into a buffer
ob_start();
$this->generate();
$t_dot_source = ob_get_contents();
ob_end_clean();
# There are three different ways to generate the output depending
# on the operating system and PHP version.
if ('WIN' == substr(PHP_OS, 0, 3)) {
# If we are under Windows, we use the COM interface provided
# by WinGraphviz. Thanks Paul!
# Issue #4625: Work around WinGraphviz bug that fails with
# graphs with zero or one node. It is probably too much to
# generate a graphic output just to explain it to the user,
# so we just return a null content.
if (count($this->nodes) <= 1) {
return;
}
$t_graphviz = new COM($this->graphviz_com_module);
# Check if we managed to instantiate the COM object.
if (is_null($t_graphviz)) {
# We can't display any message or trigger an error on
# failure, since we may have already sent a Content-type
# header potentially incompatible with the any html output.
return;
}
if ($t_binary) {
# Image formats
$t_dot_output = $t_graphviz->ToBinaryGraph($t_dot_source, $t_type);
if ($p_headers) {
# Headers were requested, use another output buffer
# to retrieve the size for Content-Length.
ob_start();
echo base64_decode($t_dot_output->ToBase64String());
header('Content-Length: ' . ob_get_length());
ob_end_flush();
} else {
# No need for headers, send output directly.
echo base64_decode($ret->ToBase64String());
}
} else {
# Text formats
$t_dot_output = $t_graphviz->ToTextGraph($t_dot_source, $t_type);
if ($p_headers) {
header('Content-Length: ' . strlen($t_dot_output));
}
echo $t_dot_output;
}
unset($t_graphviz);
} else {
if (php_version_at_least('4.3.0')) {
# If we are not under Windows, use proc_open whenever possible,
# (PHP >= 4.3.0) since it avoids the need of temporary files.
# Start dot process
$t_command = $this->graphviz_tool . ' -T' . $p_format;
$t_descriptors = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', 'php://stderr', 'w'));
$t_proccess = proc_open($t_command, $t_descriptors, $t_pipes);
if (is_resource($t_proccess)) {
# Filter generated output through dot
fwrite($t_pipes[0], $t_dot_source);
fclose($t_pipes[0]);
if ($p_headers) {
# Headers were requested, use another output buffer to
# retrieve the size for Content-Length.
ob_start();
while (!feof($t_pipes[1])) {
echo fgets($t_pipes[1], 1024);
}
header('Content-Length: ' . ob_get_length());
ob_end_flush();
} else {
# No need for headers, send output directly.
while (!feof($t_pipes[1])) {
print fgets($t_pipes[1], 1024);
}
}
fclose($t_pipes[1]);
proc_close($t_proccess);
}
} else {
# If proc_open is not available (PHP < 4.3.0), use passthru.
# @@@ Remove this whole block once Mantis PHP requirements
# @@@ becomes higher.
# We need a temporary file.
if (isset($_ENV['TMPDIR'])) {
$t_tmpdir = $_ENV['TMPDIR'];
} else {
$t_tmpdir = '/tmp';
}
$t_filename = tempnam($t_tmpdir, 'mantis-dot-');
register_shutdown_function('unlink', $t_filename);
if ($t_file = @fopen($t_filename, 'w')) {
fputs($t_file, $t_dot_source);
fclose($t_file);
}
# Now we process it through dot or neato
$t_command = $this->graphviz_tool . ' -T' . $p_format . ' ' . $t_filename;
if ($p_headers) {
# Headers were requested, use another output buffer to
# retrieve the size for Content-Length.
ob_start();
passthru($t_command);
header('Content-Length: ' . ob_get_length());
ob_end_flush();
} else {
# No need for headers, send output directly.
passthru($t_command);
}
}
}
}
function run($p_execute, $p_limit, $p_advanced)
{
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
if ($p_execute) {
# Mark this as a long process and ignore user aborts
helper_begin_long_process(true);
# Disable compression so we can stream
compress_disable();
# Flush the output buffer
@ob_end_flush();
echo '<b>Please be patient, this may take a while...</b>';
}
# Form
echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">';
# Execute All Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />";
# Print All Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" /><br /><br />";
if ($p_advanced) {
# Execute Selected Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_selected\" value=\"Execute Selected\" />";
# Print Selected Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_selected\" value=\"Print Selected\" />";
}
# Table
echo '<table width="80%" bgcolor="#222222" border="0" cellpadding="10" cellspacing="1">';
echo "<tr><td bgcolor=\"#e8e8e8\" colspan=\"3\"><span class=\"title\">{$this->upgrade_name}</span></td></tr>";
# Headings
echo '<tr bgcolor="#ffffff"><th width="70%">Description</th><th nowrap="nowrap">Upgrade ID</th><th width="30%">Status</th></tr>';
$t_error = false;
foreach ($this->item_array as $item) {
$t_state = '';
if ($item->is_applied()) {
if (!$p_advanced) {
continue;
#next one
}
$t_state = 'disabled="disabled"';
$t_color = '#00ff88';
$t_message = 'Previously Applied';
} else {
if (null !== $p_limit && is_array($p_limit) && !in_array($item->id, $p_limit)) {
$t_color = '#ffff88';
$t_message = 'Skipped';
} else {
if ($p_execute) {
if ($t_error) {
$t_state = 'checked="checked"';
$t_color = '#ff0088';
$t_message = 'Skipped due to previous error';
continue;
# next one
}
if ($item->execute()) {
$t_state = 'disabled="disabled"';
$t_color = '#00ff88';
$t_message = 'Applied';
} else {
$t_state = 'checked="checked"';
$t_color = '#ff0088';
$t_message = 'ERROR: ' . $item->error;
$t_error = true;
}
} else {
# not applied but not executing
$t_color = '#ff0088';
$t_message = 'Not Applied';
$t_state = 'checked="checked"';
}
}
}
echo '<tr bgcolor="#ffffff"><td>';
echo $item->description;
# description
echo '</td>';
echo '<td nowrap="nowrap">';
if ($p_advanced) {
echo "<input type=\"checkbox\" name=\"{$this->upgrade_file}_execute_list[]\" value=\"{$item->id}\" {$t_state} /> ";
}
echo "{$item->id}</td>";
echo "<td bgcolor=\"{$t_color}\">{$t_message}</td>";
echo '</tr>';
}
echo '</table>';
# Execute All Button
echo "<br /><input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />";
# Print All Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" />";
if ($p_advanced) {
# Execute Selected Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_selected\" value=\"Execute Selected\" />";
# Print Selected Button
echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_selected\" value=\"Print Selected\" />";
}
}
function file_put_contents($filename, $data)
{
if (($h = fopen($filename, 'w')) === false) {
return false;
}
if (($bytes = @fwrite($h, $data)) === false) {
return false;
}
fclose($h);
return $bytes;
}
}
# --------------------
# vsprintf is normally in PEAR
if (!function_exists('vsprintf')) {
function vsprintf($format, $args)
{
array_unshift($args, $format);
return call_user_func_array('sprintf', $args);
}
}
# --------------------
# support for file upload error definitions
# errors are defined in PHP 4.2.0, but the definition constants are not available
# until 4.3.0
if (!php_version_at_least('4.2.999')) {
define('UPLOAD_ERR_INI_SIZE', 1);
define('UPLOAD_ERR_FORM_SIZE', 2);
define('UPLOAD_ERR_PARTIAL', 3);
define('UPLOAD_ERR_NO_FILE', 4);
}
function html_login_info()
{
$t_username = current_user_get_field('username');
$t_access_level = get_enum_element('access_levels', current_user_get_access_level());
$t_now = date(config_get('complete_date_format'));
$t_realname = current_user_get_field('realname');
print '<table class="hide">';
print '<tr>';
print '<td class="login-info-left">';
if (current_user_is_anonymous()) {
if (!php_version_at_least('4.1.0')) {
global $_SERVER;
}
$t_return_page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
}
$t_return_page = string_url($t_return_page);
print lang_get('anonymous') . ' | <a href="login_page.php?return=' . $t_return_page . '">' . lang_get('login_link') . '</a>';
if (config_get('allow_signup') == ON) {
print ' | <a href="signup_page.php">' . lang_get('signup_link') . '</a>';
}
} else {
echo lang_get('logged_in_as'), ": <span class=\"italic\">", string_display($t_username), "</span> <span class=\"small\">";
echo is_blank($t_realname) ? "({$t_access_level})" : "(", string_display($t_realname), " - {$t_access_level})";
echo "</span>";
}
print '</td>';
print '<td class="login-info-middle">';
print "<span class=\"italic\">{$t_now}</span>";
print '</td>';
print '<td class="login-info-right">';
print '<form method="post" name="form_set_project" action="set_project.php">';
echo lang_get('email_project'), ': ';
if (ON == config_get('use_javascript')) {
print '<select name="project_id" class="small" onchange="document.forms.form_set_project.submit();">';
} else {
print '<select name="project_id" class="small">';
}
print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true);
print '</select> ';
print '<input type="submit" class="button-small" value="' . lang_get('switch') . '" />';
print '</form>';
print '</td>';
print '</tr>';
print '</table>';
}
function file_add($p_bug_id, $p_tmp_file, $p_file_name, $p_file_type = '', $p_table = 'bug', $p_file_error = 0, $p_title = '', $p_desc = '')
{
if (php_version_at_least('4.2.0')) {
switch ((int) $p_file_error) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
break;
default:
break;
}
}
if ('' == $p_tmp_file || '' == $p_file_name) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
}
if (!is_readable($p_tmp_file)) {
trigger_error(ERROR_UPLOAD_FAILURE, ERROR);
}
if (!file_type_check($p_file_name)) {
trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR);
}
if (!file_is_name_unique($p_file_name, $p_bug_id)) {
trigger_error(ERROR_DUPLICATE_FILE, ERROR);
}
if ('bug' == $p_table) {
$t_project_id = bug_get_field($p_bug_id, 'project_id');
$t_bug_id = bug_format_id($p_bug_id);
} else {
$t_project_id = helper_get_current_project();
$t_bug_id = 0;
}
# prepare variables for insertion
$c_bug_id = db_prepare_int($p_bug_id);
$c_project_id = db_prepare_int($t_project_id);
$c_file_type = db_prepare_string($p_file_type);
$c_title = db_prepare_string($p_title);
$c_desc = db_prepare_string($p_desc);
if ($t_project_id == ALL_PROJECTS) {
$t_file_path = config_get('absolute_path_default_upload_folder');
} else {
$t_file_path = project_get_field($t_project_id, 'file_path');
if ($t_file_path == '') {
$t_file_path = config_get('absolute_path_default_upload_folder');
}
}
$c_file_path = db_prepare_string($t_file_path);
$c_new_file_name = db_prepare_string($p_file_name);
$t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id;
$t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path);
$c_disk_file_name = db_prepare_string($t_disk_file_name);
$t_file_size = filesize($p_tmp_file);
if (0 == $t_file_size) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
}
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
if (!file_exists($t_disk_file_name)) {
if (FTP == $t_method) {
$conn_id = file_ftp_connect();
file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file);
file_ftp_disconnect($conn_id);
}
if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) {
trigger_error(FILE_MOVE_FAILED, ERROR);
}
chmod($t_disk_file_name, 0400);
$c_content = '';
} else {
trigger_error(ERROR_FILE_DUPLICATE, ERROR);
}
break;
case DATABASE:
$c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size));
break;
default:
trigger_error(ERROR_GENERIC, ERROR);
}
$t_file_table = config_get('mantis_' . $p_table . '_file_table');
$c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id;
$query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', " . db_now() . ", '{$c_content}')";
db_query($query);
if ('bug' == $p_table) {
# updated the last_updated date
$result = bug_update_date($p_bug_id);
# log new bug
history_log_event_special($p_bug_id, FILE_ADDED, $p_file_name);
}
}
$f_description = gpc_get_string('description');
$f_file = gpc_get_file('file');
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
if (is_blank($f_title)) {
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$c_file_id = db_prepare_int($f_file_id);
$c_title = db_prepare_string($f_title);
$c_description = db_prepare_string($f_description);
$t_project_file_table = config_get('mantis_project_file_table');
#@@@ (thraxisp) this code should probably be integrated into file_api to share
# methods used to store files
extract($f_file, EXTR_PREFIX_ALL, 'v');
if (is_uploaded_file($v_tmp_name)) {
if (php_version_at_least('4.2.0')) {
switch ((int) $v_error) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
break;
default:
break;
}
}
if ('' == $v_tmp_name || '' == $v_name) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
function string_html_specialchars($p_string)
{
if (php_version_at_least('4.1.0')) {
return htmlspecialchars($p_string, ENT_COMPAT, lang_get('charset'));
} else {
return htmlspecialchars($p_string);
}
}
function error_print_stack_trace()
{
if (extension_loaded('xdebug')) {
#check for xdebug presence
$t_stack = xdebug_get_function_stack();
# reverse the array in a separate line of code so the
# array_reverse() call doesn't appear in the stack
$t_stack = array_reverse($t_stack);
array_shift($t_stack);
#remove the call to this function from the stack trace
print '<center><table class="width75">';
foreach ($t_stack as $t_frame) {
print '<tr ' . helper_alternate_class() . '>';
print '<td>' . string_html_entities($t_frame['file']) . '</td><td>' . $t_frame['line'] . '</td><td>' . (isset($t_frame['function']) ? $t_frame['function'] : '???') . '</td>';
$t_args = array();
if (isset($t_frame['params'])) {
foreach ($t_frame['params'] as $t_value) {
$t_args[] = error_build_parameter_string($t_value);
}
}
print '<td>( ' . string_html_entities(implode($t_args, ', ')) . ' )</td></tr>';
}
print '</table></center>';
} else {
if (php_version_at_least('4.3')) {
$t_stack = debug_backtrace();
array_shift($t_stack);
#remove the call to this function from the stack trace
array_shift($t_stack);
#remove the call to the error handler from the stack trace
print '<center><table class="width75">';
print '<tr><th>Filename</th><th>Line</th><th>Function</th><th>Args</th></tr>';
foreach ($t_stack as $t_frame) {
print '<tr ' . helper_alternate_class() . '>';
print '<td>' . string_html_entities($t_frame['file']) . '</td><td>' . $t_frame['line'] . '</td><td>' . $t_frame['function'] . '</td>';
$t_args = array();
if (isset($t_frame['args'])) {
foreach ($t_frame['args'] as $t_value) {
$t_args[] = error_build_parameter_string($t_value);
}
}
print '<td>( ' . string_html_entities(implode($t_args, ', ')) . ' )</td></tr>';
}
print '</table></center>';
}
}
}
}
}
# if we get here, the versions must match exactly so:
return true;
}
# --------------------
# Enforce our minimum requirements
if (!php_version_at_least(PHP_MIN_VERSION)) {
ob_end_clean();
echo '<strong>Your version of PHP is too old. Webnotes requires PHP version ' . PHP_MIN_VERSION . ' or newer</strong><br />';
phpinfo();
die;
}
ini_set('magic_quotes_runtime', 0);
# Experimental support for $_* auto-global variables in PHP < 4.1.0
if (!php_version_at_least('4.1.0')) {
global $_REQUEST, $_GET, $_POST, $_COOKIE, $_SERVER;
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_COOKIE = $HTTP_COOKIE_VARS;
$_SERVER = $HTTP_SERVER_VARS;
$_REQUEST = $HTTP_COOKIE_VARS;
foreach ($HTTP_POST_VARS as $key => $value) {
$_REQUEST[$key] = $value;
}
foreach ($HTTP_GET_VARS as $key => $value) {
$_REQUEST[$key] = $value;
}
}
# @@@ Experimental
# deal with register_globals being Off
function gpc_get_file($p_var_name, $p_default = null)
{
# simulate auto-globals from PHP v4.1.0 (see also code in php_api.php)
if (!php_version_at_least('4.1.0')) {
global $_FILES;
}
if (isset($_FILES[$p_var_name])) {
# FILES are not escaped even if magic_quotes is ON, this applies to Windows paths.
$t_result = $_FILES[$p_var_name];
} else {
if (func_num_args() > 1) {
#check for a default passed in (allowing null)
$t_result = $p_default;
} else {
error_parameters($p_var_name);
trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
}
}
return $t_result;
}
function plugins_releasemgt_file_add($p_tmp_file, $p_file_name, $p_file_type, $p_project_id, $p_version_id, $p_description, $p_file_error)
{
if (php_version_at_least('4.2.0')) {
switch ((int) $p_file_error) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
break;
default:
break;
}
}
if ('' == $p_tmp_file || '' == $p_file_name) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
}
if (!is_readable($p_tmp_file)) {
trigger_error(ERROR_UPLOAD_FAILURE, ERROR);
}
if (!plugins_releasemgt_file_is_name_unique($p_file_name, $p_project_id, $p_version_id)) {
trigger_error(ERROR_DUPLICATE_FILE, ERROR);
}
$c_version_id = db_prepare_int($p_version_id);
$c_project_id = db_prepare_int($p_project_id);
$c_file_type = db_prepare_string($p_file_type);
$c_title = db_prepare_string($p_file_name);
$c_desc = db_prepare_string($p_description);
$t_file_path = dirname(plugin_config_get('disk_dir', PLUGINS_RELEASEMGT_DISK_DIR_DEFAULT) . DIRECTORY_SEPARATOR . '.') . DIRECTORY_SEPARATOR;
$c_file_path = db_prepare_string($t_file_path);
$c_new_file_name = db_prepare_string($p_file_name);
$t_file_hash = $p_version_id . '-' . $t_project_id;
$t_disk_file_name = $t_file_path . plugins_releasemgt_file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path);
$c_disk_file_name = db_prepare_string($t_disk_file_name);
$t_file_size = filesize($p_tmp_file);
if (0 == $t_file_size) {
trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
}
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = plugin_config_get('upload_method', PLUGINS_RELEASEMGT_UPLOAD_METHOD_DEFAULT);
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
if (!file_exists($t_disk_file_name)) {
if (FTP == $t_method) {
$conn_id = plugins_releasemgt_file_ftp_connect();
file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file);
file_ftp_disconnect($conn_id);
}
if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) {
trigger_error(FILE_MOVE_FAILED, ERROR);
}
chmod($t_disk_file_name, 0644);
$c_content = '';
} else {
trigger_error(ERROR_FILE_DUPLICATE, ERROR);
}
break;
case DATABASE:
$c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size));
break;
default:
trigger_error(ERROR_GENERIC, ERROR);
}
$t_file_table = plugin_table('file');
$query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(project_id, version_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_project_id}, {$c_version_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . date("Y-m-d H:i:s") . "', '{$c_content}')";
db_query($query);
$t_file_id = db_insert_id();
return $t_file_id;
}
function helper_ensure_confirmed($p_message, $p_button_label)
{
if (true == gpc_get_bool('_confirmed')) {
return true;
}
if (!php_version_at_least('4.1.0')) {
global $_POST, $_GET;
}
html_page_top1();
html_page_top2();
# @@@ we need to improve this formatting. I'd like the text to only
# be about 50% the width of the screen so that it doesn't become to hard
# to read.
print "<br />\n<div align=\"center\">\n";
print_hr();
print "\n{$p_message}\n";
print '<form method="post" action="' . $_SERVER['PHP_SELF'] . "\">\n";
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
print "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n";
print '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />';
print "\n</form>\n";
print_hr();
print "</div>\n";
html_page_bottom1();
exit;
}
