function testPurify() { $p =& Codendi_HTTPPurifier::instance(); $this->assertEqual('a', $p->purify("a")); $this->assertEqual('a', $p->purify("a\n")); $this->assertEqual('a', $p->purify("a\nb")); $this->assertEqual('a', $p->purify("a\r")); $this->assertEqual('a', $p->purify("a\rb")); $this->assertEqual('a', $p->purify("a\r\nb")); $this->assertEqual('a', $p->purify("ab")); $this->assertEqual('', $p->purify("\rabc")); $this->assertEqual('', $p->purify("\nabc")); $this->assertEqual('', $p->purify("\r\nabc")); $this->assertEqual('', $p->purify("abc")); }
public function showAttachment($attachment_id) { if ($fileinfo = Tracker_FileInfo::instance($this, $attachment_id)) { if ($fileinfo->fileExists()) { $http = Codendi_HTTPPurifier::instance(); header('X-Content-Type-Options: nosniff'); header('Content-Type: ' . $http->purify($fileinfo->getFiletype())); header('Content-Length: ' . $http->purify($fileinfo->getFilesize())); header('Content-Disposition: attachment; filename="' . $http->purify($fileinfo->getFilename()) . '"'); header('Content-Description: ' . $http->purify($fileinfo->getDescription())); readfile($fileinfo->getPath()); } } exit; }
/** * Export results to csv * * @param bool $only_columns True if we need to export only the displayed columns. False for all the fields. * * @return void */ protected function exportToCSV($only_columns) { $matching_ids = $this->report->getMatchingIds(); $total_rows = $matching_ids['id'] ? substr_count($matching_ids['id'], ',') + 1 : 0; if ($only_columns) { $fields = $this->extractFieldsFromColumns($this->reorderColumnsByRank($this->getColumns())); } else { $fields = Tracker_FormElementFactory::instance()->getUsedFields($this->report->getTracker()); } $lines = array(); $head = array('aid'); foreach ($fields as $field) { if ($this->canFieldBeExportedToCSV($field)) { $head[] = $field->getName(); } } $lines[] = $head; $queries = $this->buildOrderedQuery($matching_ids, $fields); $dao = new DataAccessObject(); $results = array(); foreach ($queries as $sql) { $results[] = $dao->retrieve($sql); } if (!empty($results[0])) { $i = 0; //extract the first results $first_result = array_shift($results); //loop through it foreach ($first_result as $row) { //id, f1, f2 //merge the row with the other results foreach ($results as $result) { //[id, f1, f2] + [id, f3, f4] $row = array_merge($row, $result->getRow()); //row == id, f1, f2, f3, f4... } //build the csv line $line = array(); $line[] = $row['id']; foreach ($fields as $field) { if ($this->canFieldBeExportedToCSV($field)) { $value = isset($row[$field->getName()]) ? $row[$field->getName()] : null; $line[] = $field->fetchCSVChangesetValue($row['id'], $row['changeset_id'], $value, $this->report); } } $lines[] = $line; } $separator = ","; // by default, comma. $user = UserManager::instance()->getCurrentUser(); $separator_csv_export_pref = $user->getPreference('user_csv_separator'); switch ($separator_csv_export_pref) { case "comma": $separator = ','; break; case "semicolon": $separator = ';'; break; case "tab": $separator = chr(9); break; } $http = Codendi_HTTPPurifier::instance(); $file_name = str_replace(' ', '_', 'artifact_' . $this->report->getTracker()->getItemName()); header('Content-Disposition: filename=' . $http->purify($file_name) . '_' . $this->report->getTracker()->getProject()->getUnixName() . '.csv'); header('Content-type: text/csv'); foreach ($lines as $line) { fputcsv(fopen("php://output", "a"), $line, $separator, '"'); } die; } else { $GLOBALS['Response']->addFeedback('error', 'Unable to export (too many fields?)'); } }
} //$sql = $export_select." ".$export_from." ".$export_where." AND a.artifact_id IN ($export_aids) group by a.artifact_id"; if ($multiple_queries) { $all_results = array(); foreach ($all_queries as $q) { $result = db_query($q); $all_results[] = $result; $rows = db_numrows($result); } } else { $result = db_query($sql); $rows = db_numrows($result); } // Send the result in CSV format if ($result && $rows > 0) { $http = Codendi_HTTPPurifier::instance(); $file_name = str_replace(' ', '_', 'artifact_' . $ath->getItemName()); header('Content-Type: text/csv'); header('Content-Disposition: filename=' . $http->purify($file_name) . '_' . $ath->Group->getUnixName() . '.csv'); foreach ($lbl_list as $k => $v) { $lbl_list[$k] = SimpleSanitizer::unsanitize($v); } echo build_csv_header($col_list, $lbl_list) . $eol; if ($multiple_queries) { $multiarr = array(); for ($i = 0; $i < $rows; $i++) { foreach ($all_results as $result) { $multiarr = array_merge($multiarr, db_fetch_array($result)); } prepare_artifact_record($ath, $fields, $atid, $multiarr, 'csv'); $curArtifact = new Artifact($ath, $multiarr['artifact_id']);