} // DB error if (is_object($bug)) { response_header('DB error'); display_bug_error($bug); response_footer(); exit; } // Bug not found with passed id if (!$bug) { response_header('No Such Bug'); display_bug_error("No such bug #{$bug_id}"); response_footer(); exit; } $show_bug_info = bugs_has_access($bug_id, $bug, $pw, $user_flags); if ($edit == 2 && !$show_bug_info && $pw && verify_bug_passwd($bug_id, bugs_get_hash($pw))) { $show_bug_info = true; } if (isset($_POST['ncomment'])) { /* Bugs blocked to user comments can only be commented by the team */ if ($bug['block_user_comment'] == 'Y' && $logged_in != 'developer') { response_header('Adding comments not allowed'); display_bug_error("You're not allowed to add a comment to bug #{$bug_id}"); response_footer(); exit; } } /* Just developers can change private/block_user_comment options */ if (!empty($_POST['in'])) { if ($user_flags & BUGS_DEV_USER) {
if ($patch_name) { $patch_name_url = urlencode($patch_name); } $bug_id = !empty($_GET['bug']) ? (int) $_GET['bug'] : 0; if (empty($bug_id)) { $bug_id = (int) $_GET['bug_id']; } require "{$ROOT_DIR}/include/classes/bug_patchtracker.php"; $patchinfo = new Bug_Patchtracker(); if (!($buginfo = bugs_get_bug($bug_id))) { response_header('Error :: invalid bug selected'); display_bug_error("Invalid bug #{$bug_id} selected"); response_footer(); exit; } if (!bugs_has_access($bug_id, $buginfo, $pw, $user_flags)) { response_header('Error :: No access to bug selected'); display_bug_error("You have no access to bug #{$bug_id}"); response_footer(); exit; } $pseudo_pkgs = get_pseudo_packages(false); if (isset($patch_name) && isset($revision)) { if ($revision == 'latest') { $revisions = $patchinfo->listRevisions($buginfo['id'], $patch_name); if (isset($revisions[0])) { $revision = $revisions[0][0]; } } $path = $patchinfo->getPatchFullpath($bug_id, $patch_name, $revision); if (!file_exists($path)) {
echo json_encode(array('result' => array('error' => 'Missing credentials'))); exit; } bugs_authenticate($user, $pwd, $logged_in, $user_flags); $is_trusted_developer = $user_flags & BUGS_TRUSTED_DEV; if (empty($auth_user->handle)) { echo json_encode(array('result' => array('error' => 'Invalid user or password'))); exit; } // fetch info about the bug into $bug $bug = bugs_get_bug($bug_id); if (!is_array($bug)) { echo json_encode(array('result' => array('error' => 'No such bug'))); exit; } if (!bugs_has_access($bug_id, $bug, $pwd, $user_flags)) { echo json_encode(array('result' => array('error' => 'No access to bug'))); exit; } if (!empty($_POST['ncomment']) && !empty($_POST['user'])) { $user = htmlspecialchars(trim($_POST['user'])); $ncomment = htmlspecialchars(trim($_POST['ncomment'])); $prep = $dbh->prepare("\n\t\tINSERT INTO bugdb_comments (bug, email, ts, comment, reporter_name, comment_type)\n\t\tVALUES (?, ?, NOW(), ?, ?, 'svn')\n\t"); $res = $prep->execute(array($bug_id, "{$user}@php.net", $ncomment, $user)); if ($res) { echo json_encode(array('result' => array('status' => $bug))); exit; } else { echo json_encode(array('result' => array('error' => MDB2::errorMessage($res)))); exit; }