/**
* Delete an issue attachment given its id.
*
* @param string $p_username The name of the user trying to add an attachment to an issue.
* @param string $p_password The password of the user.
* @param integer $p_issue_attachment_id The id of the attachment to be deleted.
* @return true: success, false: failure
*/
function mc_issue_attachment_delete( $p_username, $p_password, $p_issue_attachment_id ) {
$t_user_id = mci_check_login( $p_username, $p_password );
if( $t_user_id === false ) {
return mci_soap_fault_login_failed();
}
$t_bug_id = file_get_field( $p_issue_attachment_id, 'bug_id' );
if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id, $t_user_id ) ) {
return mci_soap_fault_access_denied( $t_user_id );
}
return file_delete( $p_issue_attachment_id, 'bug' );
}
/**
* Delete a project attachment given its id.
*
* @param string $p_username The name of the user trying to add an attachment to an issue.
* @param string $p_password The password of the user.
* @param integer $p_project_attachment_id The id of the attachment to be deleted.
* @return true: success, false: failure
*/
function mc_project_attachment_delete($p_username, $p_password, $p_project_attachment_id)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return new soap_fault('Client', '', 'Access Denied');
}
$t_project_id = file_get_field($p_project_attachment_id, 'project_id', 'project');
if (!access_has_project_level(config_get('upload_project_file_threshold'), $t_project_id, $t_user_id)) {
return new soap_fault('Client', '', 'Access Denied');
}
return file_delete($p_project_attachment_id, 'project');
}
/**
* Delete an issue attachment given its id.
*
* @param string $p_username The name of the user trying to add an attachment to an issue.
* @param string $p_password The password of the user.
* @param integer $p_issue_attachment_id The id of the attachment to be deleted.
* @return true: success, false: failure
*/
function mc_issue_attachment_delete($p_username, $p_password, $p_issue_attachment_id)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$t_bug_id = file_get_field($p_issue_attachment_id, 'bug_id');
# Perform access control checks
$t_attachment_owner = file_get_field($p_issue_attachment_id, 'user_id');
$t_current_user_is_attachment_owner = $t_attachment_owner == $t_user_id;
# Factor in allow_delete_own_attachments=ON|OFF
if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) {
# Check access against delete_attachments_threshold
if (!access_has_bug_level(config_get('delete_attachments_threshold'), $t_bug_id, $t_user_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
}
return file_delete($p_issue_attachment_id, 'bug');
}
/**
* Prints the preview of an image file attachment.
* @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function
*/
function print_bug_attachment_preview_image($p_attachment)
{
$t_preview_style = 'border: 0;';
$t_max_width = config_get('preview_max_width');
if ($t_max_width > 0) {
$t_preview_style .= ' max-width:' . $t_max_width . 'px;';
}
$t_max_height = config_get('preview_max_height');
if ($t_max_height > 0) {
$t_preview_style .= ' max-height:' . $t_max_height . 'px;';
}
$t_title = file_get_field($p_attachment['id'], 'title');
$t_image_url = $p_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline');
echo "\n<div class=\"bug-attachment-preview-image\">";
echo '<a href="' . string_attribute($p_attachment['download_url']) . '">';
echo '<img src="' . string_attribute($t_image_url) . '" alt="' . string_attribute($t_title) . '" style="' . string_attribute($t_preview_style) . '" />';
echo '</a></div>';
}
function print_bug_attachments_list($p_bug_id)
{
$t_attachments = file_get_visible_attachments($p_bug_id);
$t_attachments_count = count($t_attachments);
$i = 0;
$image_previewed = false;
foreach ($t_attachments as $t_attachment) {
$t_file_display_name = string_display_line($t_attachment['display_name']);
$t_filesize = number_format($t_attachment['size']);
$t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']);
if ($image_previewed) {
$image_previewed = false;
echo '<br />';
}
if ($t_attachment['can_download']) {
$t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">';
$t_href_end = '</a>';
$t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&type=bug\" target=\"_blank\">^</a>]";
} else {
$t_href_start = '';
$t_href_end = '';
$t_href_clicket = '';
}
if (!$t_attachment['exists']) {
print_file_icon($t_file_display_name);
echo ' <span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')';
} else {
echo $t_href_start;
print_file_icon($t_file_display_name);
echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>';
}
if ($t_attachment['can_delete']) {
echo ' [';
print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small');
echo ']';
}
if ($t_attachment['exists']) {
if (FTP == config_get('file_upload_method') && $t_attachment['exists']) {
echo ' (' . lang_get('cached') . ')';
}
if ($t_attachment['preview'] && $t_attachment['type'] == 'text') {
$c_id = db_prepare_int($t_attachment['id']);
$t_bug_file_table = db_get_table('mantis_bug_file_table');
echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>";
echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>";
echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]";
echo "<pre>";
/** @todo Refactor into a method that gets contents for download / preview. */
switch (config_get('file_upload_method')) {
case DISK:
if ($t_attachment['exists']) {
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
case FTP:
if (file_exists($t_attachment['exists'])) {
file_get_contents($t_attachment['diskfile']);
} else {
$ftp = file_ftp_connect();
file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']);
file_ftp_disconnect($ftp);
$v_content = file_get_contents($t_attachment['diskfile']);
}
break;
default:
$query = "SELECT *\n\t \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t \t\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_id));
$row = db_fetch_array($result);
$v_content = $row['content'];
}
echo htmlspecialchars($v_content);
echo "</pre></span>\n";
}
if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') {
$t_preview_style = 'border: 0;';
$t_max_width = config_get('preview_max_width');
if ($t_max_width > 0) {
$t_preview_style .= ' max-width:' . $t_max_width . 'px;';
}
$t_max_height = config_get('preview_max_height');
if ($t_max_height > 0) {
$t_preview_style .= ' max-height:' . $t_max_height . 'px;';
}
$t_preview_style = 'style="' . $t_preview_style . '"';
$t_title = file_get_field($t_attachment['id'], 'title');
$t_image_url = $t_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline');
echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}";
$image_previewed = true;
}
}
if ($i != $t_attachments_count - 1) {
echo "<br />\n";
$i++;
}
}
}
require_api('database_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('utility_api.php');
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) {
access_denied();
}
$f_file_id = gpc_get_int('file_id');
$c_file_id = db_prepare_int($f_file_id);
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
$t_proj_file_table = db_get_table('project_file');
$query = "SELECT *\n\t\tFROM {$t_proj_file_table}\n\t\tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_file_id));
$row = db_fetch_array($result);
extract($row, EXTR_PREFIX_ALL, 'v');
$v_title = string_attribute($v_title);
$v_description = string_textarea($v_description);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
html_page_top();
?>
<br />
<div>
<form method="post" enctype="multipart/form-data" action="proj_doc_update.php">
$t_project_id = file_get_field($f_file_id, 'project_id', 'project');
access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id);
if (is_blank($f_title)) {
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$c_file_id = db_prepare_int($f_file_id);
$c_title = db_prepare_string($f_title);
$c_description = db_prepare_string($f_description);
$t_project_file_table = db_get_table('mantis_project_file_table');
/** @todo (thraxisp) this code should probably be integrated into file_api to share methods used to store files */
file_ensure_uploaded($f_file);
extract($f_file, EXTR_PREFIX_ALL, 'v');
if (is_uploaded_file($v_tmp_name)) {
$t_project_id = helper_get_current_project();
# grab the original file path and name
$t_disk_file_name = file_get_field($f_file_id, 'diskfile', 'project');
$t_file_path = dirname($t_disk_file_name);
# prepare variables for insertion
$c_file_name = db_prepare_string($v_name);
$c_file_type = db_prepare_string($v_type);
$t_file_size = filesize($v_tmp_name);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: bug_file_delete.php,v 1.30.14.1 2007-10-13 22:32:38 giallu Exp $
# --------------------------------------------------------
# Delete a file from a bug and then view the bug
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'file_api.php';
# helper_ensure_post();
$f_file_id = gpc_get_int('file_id');
$t_bug_id = file_get_field($f_file_id, 'bug_id');
access_ensure_bug_level(config_get('update_bug_threshold'), $t_bug_id);
$t_bug = bug_get($t_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
# in case the current project is not the same project of the bug we are viewing...
# ... override the current project. This to avoid problems with categories and handlers lists etc.
$g_project_override = $t_bug->project_id;
}
helper_ensure_confirmed(lang_get('delete_attachment_sure_msg'), lang_get('delete_attachment_button'));
file_delete($f_file_id, 'bug');
print_header_redirect_view($t_bug_id);
/**
* Delete File
* @param integer $p_file_id File identifier.
* @param string $p_table Table identifier.
* @return boolean
*/
function file_delete($p_file_id, $p_table = 'bug')
{
$t_upload_method = config_get('file_upload_method');
$c_file_id = (int) $p_file_id;
$t_filename = file_get_field($p_file_id, 'filename', $p_table);
$t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
if ($p_table == 'bug') {
$t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table);
$t_project_id = bug_get_field($t_bug_id, 'project_id');
} else {
$t_project_id = file_get_field($p_file_id, 'project_id', $p_table);
}
if (DISK == $t_upload_method) {
$t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id);
if (file_exists($t_local_disk_file)) {
file_delete_local($t_local_disk_file);
}
}
if ('bug' == $p_table) {
# log file deletion
history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
}
$t_file_table = db_get_table($p_table . '_file');
$t_query = 'DELETE FROM ' . $t_file_table . ' WHERE id=' . db_param();
db_query($t_query, array($c_file_id));
return true;
}
function file_delete($p_file_id, $p_table = 'bug')
{
$t_upload_method = config_get('file_upload_method');
$c_file_id = db_prepare_int($p_file_id);
$t_filename = file_get_field($p_file_id, 'filename', $p_table);
$t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
if ($p_table == 'bug') {
$t_bug_id = file_get_field($p_file_id, 'bug_id', $p_table);
$t_project_id = bug_get_field($t_bug_id, 'project_id');
} else {
$t_project_id = file_get_field($p_file_id, 'project_id', $p_table);
}
if (DISK == $t_upload_method || FTP == $t_upload_method) {
if (FTP == $t_upload_method) {
$ftp = file_ftp_connect();
file_ftp_delete($ftp, $t_diskfile);
file_ftp_disconnect($ftp);
}
$t_local_disk_file = file_normalize_attachment_path($t_diskfile, $t_project_id);
if (file_exists($t_local_disk_file)) {
file_delete_local($t_local_disk_file);
}
}
if ('bug' == $p_table) {
# log file deletion
history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
}
$t_file_table = db_get_table('mantis_' . $p_table . '_file_table');
$query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id=" . db_param();
db_query_bound($query, array($c_file_id));
return true;
}
* @uses lang_api.php
* @uses print_api.php
*/
require_once 'core.php';
require_api('access_api.php');
require_api('bug_api.php');
require_api('config_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('helper_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('bug_file_delete');
$f_file_id = gpc_get_int('file_id');
$t_bug_id = file_get_field($f_file_id, 'bug_id');
$t_bug = bug_get($t_bug_id, true);
if ($t_bug->project_id != helper_get_current_project()) {
# in case the current project is not the same project of the bug we are viewing...
# ... override the current project. This to avoid problems with categories and handlers lists etc.
$g_project_override = $t_bug->project_id;
}
$t_attachment_owner = file_get_field($f_file_id, 'user_id');
$t_current_user_is_attachment_owner = $t_attachment_owner == auth_get_current_user_id();
if (!$t_current_user_is_attachment_owner || $t_current_user_is_attachment_owner && !config_get('allow_delete_own_attachments')) {
access_ensure_bug_level(config_get('delete_attachments_threshold'), $t_bug_id);
}
helper_ensure_confirmed(lang_get('delete_attachment_sure_msg'), lang_get('delete_attachment_button'));
file_delete($f_file_id, 'bug');
form_security_purge('bug_file_delete');
print_header_redirect_view($t_bug_id);
function file_delete($p_file_id, $p_table = 'bug')
{
$t_upload_method = config_get('file_upload_method');
$c_file_id = db_prepare_int($p_file_id);
$t_filename = file_get_field($p_file_id, 'filename', $p_table);
$t_diskfile = file_get_field($p_file_id, 'diskfile', $p_table);
if (DISK == $t_upload_method || FTP == $t_upload_method) {
if (FTP == $t_upload_method) {
$ftp = file_ftp_connect();
file_ftp_delete($ftp, $t_diskfile);
file_ftp_disconnect($ftp);
}
if (file_exists($t_diskfile)) {
file_delete_local($t_diskfile);
}
}
if ('bug' == $p_table) {
# log file deletion
$t_bug_id = file_get_field($p_file_id, 'bug_id', 'bug');
history_log_event_special($t_bug_id, FILE_DELETED, file_get_display_name($t_filename));
}
$t_file_table = config_get('mantis_' . $p_table . '_file_table');
$query = "DELETE FROM {$t_file_table}\n\t\t\t\tWHERE id='{$c_file_id}'";
db_query($query);
return true;
}
