/** * Validates the Attach Tags group action. * Gets called for every bug, but performs the real tag validation only * the first time. Any invalid tags will be skipped, as there is no simple * or clean method of presenting these errors to the user. * @param integer Bug ID * @return boolean True */ function action_attach_tags_validate($p_bug_id) { global $g_action_attach_tags_valid; if (!isset($g_action_attach_tags_valid)) { $f_tag_string = gpc_get_string('tag_string'); $f_tag_select = gpc_get_string('tag_select'); global $g_action_attach_tags_attach, $g_action_attach_tags_create, $g_action_attach_tags_failed; $g_action_attach_tags_attach = array(); $g_action_attach_tags_create = array(); $g_action_attach_tags_failed = array(); $t_tags = tag_parse_string($f_tag_string); $t_can_create = access_has_global_level(config_get('tag_create_threshold')); foreach ($t_tags as $t_tag_row) { if (-1 == $t_tag_row['id']) { if ($t_can_create) { $g_action_attach_tags_create[] = $t_tag_row; } else { $g_action_attach_tags_failed[] = $t_tag_row; } } elseif (-2 == $t_tag_row['id']) { $g_action_attach_tags_failed[] = $t_tag_row; } else { $g_action_attach_tags_attach[] = $t_tag_row; } } if (0 < $f_tag_select && tag_exists($f_tag_select)) { $g_action_attach_tags_attach[] = tag_get($f_tag_select); } } global $g_action_attach_tags_attach, $g_action_attach_tags_create, $g_action_attach_tags_failed; return true; }
/** * Validates the Attach Tags group action. * Checks if a user can attach the requested tags to a given bug. * @param integer $p_bug_id Bug ID * @return string|null On failure: the reason for tags failing validation for the given bug. On success: null. */ function action_attach_tags_validate($p_bug_id) { global $g_action_attach_tags_tags; global $g_action_attach_tags_attach; global $g_action_attach_tags_create; $t_can_attach = access_has_bug_level(config_get('tag_attach_threshold'), $p_bug_id); if (!$t_can_attach) { return lang_get('tag_attach_denied'); } if (!isset($g_action_attach_tags_tags)) { if (!isset($g_action_attach_tags_attach)) { $g_action_attach_tags_attach = array(); $g_action_attach_tags_create = array(); } $g_action_attach_tags_tags = tag_parse_string(gpc_get_string('tag_string')); foreach ($g_action_attach_tags_tags as $t_tag_row) { if ($t_tag_row['id'] == -1) { $g_action_attach_tags_create[$t_tag_row['name']] = $t_tag_row; } else { if ($t_tag_row['id'] >= 0) { $g_action_attach_tags_attach[$t_tag_row['name']] = $t_tag_row; } } } } $t_can_create = access_has_bug_level(config_get('tag_create_threshold'), $p_bug_id); if (count($g_action_attach_tags_create) > 0 && !$t_can_create) { return lang_get('tag_create_denied'); } if (count($g_action_attach_tags_create) == 0 && count($g_action_attach_tags_attach) == 0) { return lang_get('tag_none_attached'); } return null; }
function xmlhttprequest_os_build_get_with_prefix() { $f_os_build = gpc_get_string('os_build'); $t_unique_entries = profile_get_field_all_for_user('os_build'); $t_matching_entries = projax_array_filter_by_prefix($t_unique_entries, $f_os_build); echo projax_array_serialize_for_autocomplete($t_matching_entries); }
/** * Executes the custom action on the specified bug id. * * @param $p_bug_id The bug id to execute the custom action on. * @returns true|array Action executed successfully., ( bug_id => reason for failure ) */ function action_update_product_build_process($p_bug_id) { $f_build = gpc_get_string('build'); $t_build = trim($f_build); bug_set_field($p_bug_id, 'build', $t_build); return true; }
/** * Updates a value in the plugin configuration * * @param $value * @param $constant */ public function updateValue($value, $constant) { $act_value = null; if (is_int($value)) { $act_value = gpc_get_int($value, $constant); } if (is_string($value)) { $act_value = gpc_get_string($value, $constant); } if (plugin_config_get($value) != $act_value) { plugin_config_set($value, $act_value); } }
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'current_user_api.php'; require_once 'bug_api.php'; require_once 'date_api.php'; require_once 'icon_api.php'; require_once 'string_api.php'; require_once 'columns_api.php'; require_once 'config_filter_defaults_inc.php'; auth_ensure_user_authenticated(); $f_search = gpc_get_string(FILTER_PROPERTY_FREE_TEXT, false); /** @todo need a better default */ $f_offset = gpc_get_int('offset', 0); $t_cookie_value_id = gpc_get_cookie(config_get('view_all_cookie'), ''); $t_cookie_value = filter_db_get_filter($t_cookie_value_id); $f_highlight_changed = 0; $f_sort = null; $f_dir = null; $t_project_id = 0; $t_columns = helper_get_columns_to_view(COLUMNS_TARGET_PRINT_PAGE); $t_num_of_columns = count($t_columns); # check to see if the cookie exists if (!is_blank($t_cookie_value)) { # check to see if new cookie is needed if (!filter_is_cookie_valid()) { print_header_redirect('view_all_set.php?type=0&print=1');
} else { access_ensure_global_level(config_get('add_profile_threshold')); } profile_create($t_user_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); if (ALL_USERS == $t_user_id) { print_header_redirect('manage_prof_menu_page.php'); } else { print_header_redirect('account_prof_menu_page.php'); } break; case 'update': $f_platform = gpc_get_string('platform'); $f_os = gpc_get_string('os'); $f_os_build = gpc_get_string('os_build'); $f_description = gpc_get_string('description'); if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('manage_prof_menu_page.php'); } else { profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description); form_security_purge('profile_update'); print_header_redirect('account_prof_menu_page.php'); } break; case 'delete': if (profile_is_global($f_profile_id)) { access_ensure_global_level(config_get('manage_global_profile_threshold')); profile_delete(ALL_USERS, $f_profile_id);
* @uses string_api.php */ /** * MantisBT Core API's */ require_once 'core.php'; require_api('authentication_api.php'); require_api('constant_inc.php'); require_api('current_user_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); auth_ensure_user_authenticated(); $f_ref = string_sanitize_url(gpc_get_string('ref', '')); if (count(current_user_get_accessible_projects()) == 1) { $t_project_ids = current_user_get_accessible_projects(); $t_project_id = (int) $t_project_ids[0]; if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) { $t_ref_urlencoded = string_url($f_ref); print_header_redirect("set_project.php?project_id={$t_project_id}&ref={$t_ref_urlencoded}", true); /* print_header_redirect terminates script execution */ } } html_page_top(lang_get('select_project_button')); ?> <!-- Project Select Form BEGIN --> <div id="select-project-div" class="form-container"> <form id="select-project-form" method="post" action="set_project.php">
function gpc_get_custom_field($p_var_name, $p_custom_field_type, $p_default = null) { switch ($p_custom_field_type) { case CUSTOM_FIELD_TYPE_MULTILIST: case CUSTOM_FIELD_TYPE_CHECKBOX: $t_values = gpc_get_string_array($p_var_name, $p_default); if (null !== $t_values && '' != $t_values) { return implode('|', $t_values); } else { return ''; } break; case CUSTOM_FIELD_TYPE_DATE: $t_day = gpc_get_int($p_var_name . "_day", 0); $t_month = gpc_get_int($p_var_name . "_month", 0); $t_year = gpc_get_int($p_var_name . "_year", 0); if ($t_year == 0 || $t_month == 0 || $t_day == 0) { if ($p_default == null) { return ''; } else { return $p_default; } } else { return strtotime($t_year . "-" . $t_month . "-" . $t_day); } break; default: return gpc_get_string($p_var_name, $p_default); } }
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'news_api.php'; require_once 'string_api.php'; news_ensure_enabled(); $f_news_id = gpc_get_int('news_id'); $f_action = gpc_get_string('action', ''); # If deleting item redirect to delete script if ('delete' == $f_action) { form_security_validate('news_delete'); $row = news_get_row($f_news_id); # This check is to allow deleting of news items that were left orphan due to bug #3723 if (project_exists($row['project_id'])) { access_ensure_project_level(config_get('manage_news_threshold'), $row['project_id']); } helper_ensure_confirmed(lang_get('delete_news_sure_msg'), lang_get('delete_news_item_button')); news_delete($f_news_id); form_security_purge('news_delete'); print_header_redirect('news_menu_page.php', true); } # Retrieve news item data and prefix with v_ $row = news_get_row($f_news_id);
# GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: adm_config_set.php,v 1.4.2.1 2007-10-13 22:32:27 giallu Exp $ # -------------------------------------------------------- # This page stores the reported bug require_once 'core.php'; $t_core_path = config_get('core_path'); # helper_ensure_post(); $f_user_id = gpc_get_int('user_id'); $f_project_id = gpc_get_int('project_id'); $f_config_option = gpc_get_string('config_option'); $f_type = gpc_get_string('type'); $f_value = gpc_get_string('value'); if (is_blank($f_config_option)) { error_parameters('config_option'); trigger_error(ERROR_EMPTY_FIELD, ERROR); } if ($f_project_id == ALL_PROJECTS) { access_ensure_global_level(config_get('set_configuration_threshold')); } else { access_ensure_project_level(config_get('set_configuration_threshold'), $f_project_id); } # make sure that configuration option specified is a valid one. $t_not_found_value = '***CONFIG OPTION NOT FOUND***'; if (config_get_global($f_config_option, $t_not_found_value) === $t_not_found_value) { error_parameters($f_config_option); trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, ERROR); }
# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: manage_proj_ver_add.php,v 1.31.2.1 2007-10-13 22:33:45 giallu Exp $ # -------------------------------------------------------- require_once 'core.php'; $t_core_path = config_get('core_path'); require_once $t_core_path . 'version_api.php'; form_security_validate('manage_proj_ver_add'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_version = gpc_get_string('version'); $f_add_and_edit = gpc_get_bool('add_and_edit_version'); access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); if (is_blank($f_version)) { trigger_error(ERROR_EMPTY_FIELD, ERROR); } # We reverse the array so that if the user enters multiple versions # they will likely appear with the last item entered at the top of the list # (i.e. in reverse chronological order). Unless we find a way to make the # date_order fields different for each one, however, this is fragile, since # the DB may actually pull the rows out in any order $t_versions = array_reverse(explode('|', $f_version)); $t_version_count = count($t_versions); foreach ($t_versions as $t_version) { if (is_blank($t_version)) { continue;
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Slack Integration; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA * or see http://www.gnu.org/licenses/. */ form_security_validate('plugin_Slack_config_edit'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_plugin_threshold')); $f_url_webhook = gpc_get_string('url_webhook'); $f_bot_name = gpc_get_string('bot_name'); $f_bot_icon = gpc_get_string('bot_icon'); $f_skip_bulk = gpc_get_bool('skip_bulk'); $f_default_channel = gpc_get_string('default_channel'); if (plugin_config_get('url_webhook') != $f_url_webhook) { plugin_config_set('url_webhook', $f_url_webhook); } if (plugin_config_get('bot_name') != $f_bot_name) { plugin_config_set('bot_name', $f_bot_name); } if (plugin_config_get('bot_icon') != $f_bot_icon) { plugin_config_set('bot_icon', $f_bot_icon); } if (plugin_config_get('skip_bulk') != $f_skip_bulk) { plugin_config_set('skip_bulk', $f_skip_bulk); } if (plugin_config_get('default_channel') != $f_default_channel) { plugin_config_set('default_channel', $f_default_channel); }
} /** * Delete a session variable. * @param string Session variable name */ function session_delete( $p_name ) { global $g_session; $g_session->delete( $p_name ); } /** * Destroy the session entirely. */ function session_clean() { global $g_session; $g_session->destroy(); } # Initialize the session if ( PHP_CGI == php_mode() ) { $t_session_id = gpc_get_string( 'session_id', '' ); if ( empty( $t_session_id ) ) { session_init(); } else { session_init( $t_session_id ); } }
require_api('email_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); require_api('user_api.php'); require_api('utility_api.php'); form_security_validate('account_update'); auth_ensure_user_authenticated(); current_user_ensure_unprotected(); $f_email = gpc_get_string('email', ''); $f_realname = gpc_get_string('realname', ''); $f_password = gpc_get_string('password', ''); $f_password_confirm = gpc_get_string('password_confirm', ''); // get the user id once, so that if we decide in the future to enable this for // admins / managers to change details of other users. $t_user_id = auth_get_current_user_id(); $t_redirect = 'account_page.php'; $t_email_updated = false; $t_password_updated = false; $t_realname_updated = false; /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */ if (OFF == config_get('use_ldap_email')) { $f_email = email_append_domain($f_email); email_ensure_valid($f_email); email_ensure_not_disposable($f_email); if ($f_email != user_get_email($t_user_id)) { user_set_email($t_user_id, $f_email); $t_email_updated = true;
<?php # phpWebNotes - a php based note addition system # Copyright (C) 2000-2002 Webnotes Team - webnotes-devel@sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the files README and LICENSE for details # -------------------------------------------------------- # $Id: login_page.php,v 1.22 2002/09/22 04:17:38 vboctor Exp $ # -------------------------------------------------------- require_once 'core' . DIRECTORY_SEPARATOR . 'api.php'; ### Check to see if already logged in if (isset($g_string_cookie_val) && !empty($g_string_cookie_val)) { login_cookie_check($g_admin_page); } $f_msg = gpc_get_string('f_msg', ''); print_html_top(); print_head_top(); print_title($g_window_title); print_css($g_css_inc_file); print_meta_inc($g_meta_inc_file); print_head_bottom(); print_body_top(); print_header($g_page_title); print_top_page($g_top_page_inc); if ($f_msg === 'error') { echo <<<EOT \t\t<div class="error" align="center"> \t\t\t<strong>ERROR:</strong> Unauthorised access for supplied user name and password. \t\t</div> EOT; }
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'news_api.php'; require_once 'print_api.php'; news_ensure_enabled(); form_security_validate('news_add'); access_ensure_project_level(config_get('manage_news_threshold')); $f_view_state = gpc_get_int('view_state'); $f_headline = gpc_get_string('headline'); $f_announcement = gpc_get_bool('announcement'); $f_body = gpc_get_string('body'); $t_news_id = news_create(helper_get_current_project(), auth_get_current_user_id(), $f_view_state, $f_announcement, $f_headline, $f_body); form_security_purge('news_add'); $t_news_row = news_get_row($t_news_id); html_page_top(); ?> <br /> <div align="center"> <?php echo lang_get('operation_successful') . '<br />'; print_bracket_link('news_menu_page.php', lang_get('proceed')); echo '<br /><br />'; print_news_entry_from_row($t_news_row); ?> </div>
require_api( 'authentication_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); require_api( 'gpc_api.php' ); require_api( 'print_api.php' ); require_api( 'user_api.php' ); # check if at least one way to get here is enabled if ( OFF == config_get( 'allow_signup' ) && OFF == config_get( 'lost_password_feature' ) && OFF == config_get( 'send_reset_password' ) ) { trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR ); } $f_user_id = gpc_get_string('id'); $f_confirm_hash = gpc_get_string('confirm_hash'); # force logout on the current user if already authenticated if( auth_is_user_authenticated() ) { auth_logout(); # reload the page after logout print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" ); } $t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id ); if ( $f_confirm_hash != $t_calculated_confirm_hash ) { trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR ); }
/** * Make sure that our filters are entirely correct and complete (it is possible that they are not). * We need to do this to cover cases where we don't have complete control over the filters given. * @param array $p_filter_arr A Filter definition. * @return array * @todo function needs to be abstracted */ function filter_ensure_valid_filter(array $p_filter_arr) { # extend current filter to add information passed via POST if (!isset($p_filter_arr['_version'])) { $p_filter_arr['_version'] = FILTER_VERSION; } $t_cookie_vers = (int) substr($p_filter_arr['_version'], 1); if (substr(FILTER_VERSION, 1) > $t_cookie_vers) { # if the version is old, update it $p_filter_arr['_version'] = FILTER_VERSION; } if (!isset($p_filter_arr['_view_type'])) { $p_filter_arr['_view_type'] = gpc_get_string('view_type', 'simple'); } if (!isset($p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE])) { $p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE] = gpc_get_int(FILTER_PROPERTY_ISSUES_PER_PAGE, config_get('default_limit_view')); } if (!isset($p_filter_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED])) { $p_filter_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED] = config_get('default_show_changed'); } if (!isset($p_filter_arr[FILTER_PROPERTY_STICKY])) { $p_filter_arr[FILTER_PROPERTY_STICKY] = gpc_string_to_bool(config_get('show_sticky_issues')); } if (!isset($p_filter_arr[FILTER_PROPERTY_SORT_FIELD_NAME])) { $p_filter_arr[FILTER_PROPERTY_SORT_FIELD_NAME] = 'last_updated'; } if (!isset($p_filter_arr[FILTER_PROPERTY_SORT_DIRECTION])) { $p_filter_arr[FILTER_PROPERTY_SORT_DIRECTION] = 'DESC'; } if (!isset($p_filter_arr[FILTER_PROPERTY_PLATFORM])) { $p_filter_arr[FILTER_PROPERTY_PLATFORM] = array(0 => (string) META_FILTER_ANY); } if (!isset($p_filter_arr[FILTER_PROPERTY_OS])) { $p_filter_arr[FILTER_PROPERTY_OS] = array(0 => (string) META_FILTER_ANY); } if (!isset($p_filter_arr[FILTER_PROPERTY_OS_BUILD])) { $p_filter_arr[FILTER_PROPERTY_OS_BUILD] = array(0 => (string) META_FILTER_ANY); } if (!isset($p_filter_arr[FILTER_PROPERTY_PROJECT_ID])) { $p_filter_arr[FILTER_PROPERTY_PROJECT_ID] = array(0 => META_FILTER_CURRENT); } if (!isset($p_filter_arr[FILTER_PROPERTY_START_MONTH])) { $p_filter_arr[FILTER_PROPERTY_START_MONTH] = gpc_get_string(FILTER_PROPERTY_START_MONTH, date('m')); } if (!isset($p_filter_arr[FILTER_PROPERTY_START_DAY])) { $p_filter_arr[FILTER_PROPERTY_START_DAY] = gpc_get_string(FILTER_PROPERTY_START_DAY, 1); } if (!isset($p_filter_arr[FILTER_PROPERTY_START_YEAR])) { $p_filter_arr[FILTER_PROPERTY_START_YEAR] = gpc_get_string(FILTER_PROPERTY_START_YEAR, date('Y')); } if (!isset($p_filter_arr[FILTER_PROPERTY_END_MONTH])) { $p_filter_arr[FILTER_PROPERTY_END_MONTH] = gpc_get_string(FILTER_PROPERTY_END_MONTH, date('m')); } if (!isset($p_filter_arr[FILTER_PROPERTY_END_DAY])) { $p_filter_arr[FILTER_PROPERTY_END_DAY] = gpc_get_string(FILTER_PROPERTY_END_DAY, date('d')); } if (!isset($p_filter_arr[FILTER_PROPERTY_END_YEAR])) { $p_filter_arr[FILTER_PROPERTY_END_YEAR] = gpc_get_string(FILTER_PROPERTY_END_YEAR, date('Y')); } if (!isset($p_filter_arr[FILTER_PROPERTY_SEARCH])) { $p_filter_arr[FILTER_PROPERTY_SEARCH] = ''; } if (!isset($p_filter_arr[FILTER_PROPERTY_FILTER_BY_DATE])) { $p_filter_arr[FILTER_PROPERTY_FILTER_BY_DATE] = gpc_get_bool(FILTER_PROPERTY_FILTER_BY_DATE, false); } if (!isset($p_filter_arr[FILTER_PROPERTY_VIEW_STATE])) { $p_filter_arr[FILTER_PROPERTY_VIEW_STATE] = gpc_get(FILTER_PROPERTY_VIEW_STATE, META_FILTER_ANY); } else { if (filter_field_is_any($p_filter_arr[FILTER_PROPERTY_VIEW_STATE])) { $p_filter_arr[FILTER_PROPERTY_VIEW_STATE] = META_FILTER_ANY; } } if (!isset($p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_TYPE])) { $p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_TYPE] = gpc_get_int(FILTER_PROPERTY_RELATIONSHIP_TYPE, -1); } if (!isset($p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_BUG])) { $p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_BUG] = gpc_get_int(FILTER_PROPERTY_RELATIONSHIP_BUG, 0); } if (!isset($p_filter_arr[FILTER_PROPERTY_TARGET_VERSION])) { $p_filter_arr[FILTER_PROPERTY_TARGET_VERSION] = (string) META_FILTER_ANY; } if (!isset($p_filter_arr[FILTER_PROPERTY_TAG_STRING])) { $p_filter_arr[FILTER_PROPERTY_TAG_STRING] = gpc_get_string(FILTER_PROPERTY_TAG_STRING, ''); } if (!isset($p_filter_arr[FILTER_PROPERTY_TAG_SELECT])) { $p_filter_arr[FILTER_PROPERTY_TAG_SELECT] = gpc_get_string(FILTER_PROPERTY_TAG_SELECT, ''); } if (!isset($p_filter_arr[FILTER_PROPERTY_MATCH_TYPE])) { $p_filter_arr[FILTER_PROPERTY_MATCH_TYPE] = gpc_get_int(FILTER_PROPERTY_MATCH_TYPE, FILTER_MATCH_ALL); } # initialize plugin filters $t_plugin_filters = filter_get_plugin_filters(); foreach ($t_plugin_filters as $t_field_name => $t_filter_object) { if (!isset($p_filter_arr[$t_field_name])) { switch ($t_filter_object->type) { case FILTER_TYPE_STRING: $p_filter_arr[$t_field_name] = gpc_get_string($t_field_name, $t_filter_object->default); break; case FILTER_TYPE_INT: $p_filter_arr[$t_field_name] = gpc_get_int($t_field_name, (int) $t_filter_object->default); break; case FILTER_TYPE_BOOLEAN: $p_filter_arr[$t_field_name] = gpc_get_bool($t_field_name, (bool) $t_filter_object->default); break; case FILTER_TYPE_MULTI_STRING: $p_filter_arr[$t_field_name] = gpc_get_string_array($t_field_name, array(0 => (string) META_FILTER_ANY)); break; case FILTER_TYPE_MULTI_INT: $p_filter_arr[$t_field_name] = gpc_get_int_array($t_field_name, array(0 => META_FILTER_ANY)); break; default: $p_filter_arr[$t_field_name] = (string) META_FILTER_ANY; } } if (!$t_filter_object->validate($p_filter_arr[$t_field_name])) { $p_filter_arr[$t_field_name] = $t_filter_object->default; } } $t_custom_fields = custom_field_get_ids(); # @@@ (thraxisp) This should really be the linked ids, but we don't know the project $f_custom_fields_data = array(); if (is_array($t_custom_fields) && count($t_custom_fields) > 0) { foreach ($t_custom_fields as $t_cfid) { if (is_array(gpc_get('custom_field_' . $t_cfid, null))) { $f_custom_fields_data[$t_cfid] = gpc_get_string_array('custom_field_' . $t_cfid, array(META_FILTER_ANY)); } else { $f_custom_fields_data[$t_cfid] = gpc_get_string('custom_field_' . $t_cfid, (string) META_FILTER_ANY); $f_custom_fields_data[$t_cfid] = array($f_custom_fields_data[$t_cfid]); } } } # validate sorting $t_fields = helper_get_columns_to_view(); $t_n_fields = count($t_fields); for ($i = 0; $i < $t_n_fields; $i++) { if (isset($t_fields[$i]) && in_array($t_fields[$i], array('selection', 'edit', 'bugnotes_count', 'attachment_count'))) { unset($t_fields[$i]); } } # Make sure array is no longer than 2 elements $t_sort_fields = explode(',', $p_filter_arr['sort']); if (count($t_sort_fields) > 2) { $t_sort_fields = array_slice($t_sort_fields, 0, 2); } # Make sure array is no longer than 2 elements $t_dir_fields = explode(',', $p_filter_arr['dir']); if (count($t_dir_fields) > 2) { $t_dir_fields = array_slice($t_dir_fields, 0, 2); } # Validate the max of two segments for $t_sort_fields and $t_dir_fields for ($i = 0; $i < 2; $i++) { if (isset($t_sort_fields[$i])) { $t_drop = false; $t_sort = $t_sort_fields[$i]; if (strpos($t_sort, 'custom_') === 0) { if (false === custom_field_get_id_from_name(utf8_substr($t_sort, utf8_strlen('custom_')))) { $t_drop = true; } } else { if (!in_array($t_sort, $t_fields)) { $t_drop = true; } } if (!in_array($t_dir_fields[$i], array('ASC', 'DESC'))) { $t_drop = true; } if ($t_drop) { unset($t_sort_fields[$i]); unset($t_dir_fields[$i]); } } } if (count($t_sort_fields) > 0) { $p_filter_arr['sort'] = implode(',', $t_sort_fields); $p_filter_arr['dir'] = implode(',', $t_dir_fields); } else { $p_filter_arr['sort'] = 'last_updated'; $p_filter_arr['dir'] = 'DESC'; } # validate or filter junk from other fields $t_multi_select_list = array(FILTER_PROPERTY_CATEGORY_ID => 'string', FILTER_PROPERTY_SEVERITY => 'int', FILTER_PROPERTY_STATUS => 'int', FILTER_PROPERTY_REPORTER_ID => 'int', FILTER_PROPERTY_HANDLER_ID => 'int', FILTER_PROPERTY_NOTE_USER_ID => 'int', FILTER_PROPERTY_RESOLUTION => 'int', FILTER_PROPERTY_PRIORITY => 'int', FILTER_PROPERTY_BUILD => 'string', FILTER_PROPERTY_VERSION => 'string', FILTER_PROPERTY_HIDE_STATUS => 'int', FILTER_PROPERTY_FIXED_IN_VERSION => 'string', FILTER_PROPERTY_TARGET_VERSION => 'string', FILTER_PROPERTY_MONITOR_USER_ID => 'int', FILTER_PROPERTY_PROFILE_ID => 'int'); foreach ($t_multi_select_list as $t_multi_field_name => $t_multi_field_type) { if (!isset($p_filter_arr[$t_multi_field_name])) { if (FILTER_PROPERTY_HIDE_STATUS == $t_multi_field_name) { $p_filter_arr[$t_multi_field_name] = array(config_get('hide_status_default')); } else { if ('custom_fields' == $t_multi_field_name) { $p_filter_arr[$t_multi_field_name] = array($f_custom_fields_data); } else { $p_filter_arr[$t_multi_field_name] = array(META_FILTER_ANY); } } } else { if (!is_array($p_filter_arr[$t_multi_field_name])) { $p_filter_arr[$t_multi_field_name] = array($p_filter_arr[$t_multi_field_name]); } $t_checked_array = array(); foreach ($p_filter_arr[$t_multi_field_name] as $t_filter_value) { $t_filter_value = stripslashes($t_filter_value); if ($t_filter_value === 'any' || $t_filter_value === '[any]') { $t_filter_value = META_FILTER_ANY; } if ($t_filter_value === 'none' || $t_filter_value === '[none]') { $t_filter_value = META_FILTER_NONE; } if ('string' == $t_multi_field_type) { $t_checked_array[] = $t_filter_value; } else { if ('int' == $t_multi_field_type) { $t_checked_array[] = (int) $t_filter_value; } else { if ('array' == $t_multi_field_type) { $t_checked_array[] = $t_filter_value; } } } } $p_filter_arr[$t_multi_field_name] = $t_checked_array; } } if (is_array($t_custom_fields) && count($t_custom_fields) > 0) { foreach ($t_custom_fields as $t_cfid) { if (!isset($p_filter_arr['custom_fields'][$t_cfid])) { $p_filter_arr['custom_fields'][$t_cfid] = array(META_FILTER_ANY); } else { if (!is_array($p_filter_arr['custom_fields'][$t_cfid])) { $p_filter_arr['custom_fields'][$t_cfid] = array($p_filter_arr['custom_fields'][$t_cfid]); } $t_checked_array = array(); foreach ($p_filter_arr['custom_fields'][$t_cfid] as $t_filter_value) { $t_filter_value = stripslashes($t_filter_value); if ($t_filter_value === 'any' || $t_filter_value === '[any]') { $t_filter_value = META_FILTER_ANY; } $t_checked_array[] = $t_filter_value; } $p_filter_arr['custom_fields'][$t_cfid] = $t_checked_array; } } } # all of our filter values are now guaranteed to be there, and correct. return $p_filter_arr; }
require_api('config_api.php'); require_api('constant_inc.php'); require_api('current_user_api.php'); require_api('database_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); require_api('string_api.php'); require_api('user_api.php'); require_api('utility_api.php'); require_css('login.css'); $f_error = gpc_get_bool('error'); $f_cookie_error = gpc_get_bool('cookie_error'); $f_return = string_sanitize_url(gpc_get_string('return', '')); $f_username = gpc_get_string('username', ''); $f_perm_login = gpc_get_bool('perm_login', false); $f_secure_session = gpc_get_bool('secure_session', false); $f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null); # Set username to blank if invalid to prevent possible XSS exploits if (!user_is_name_valid($f_username)) { $f_username = ''; } $t_session_validation = ON == config_get_global('session_validation'); # If user is already authenticated and not anonymous if (auth_is_user_authenticated() && !current_user_is_anonymous()) { # If return URL is specified redirect to it; otherwise use default page if (!is_blank($f_return)) { print_header_redirect($f_return, false, false, true); } else { print_header_redirect(config_get('default_home_page'));
require_api('custom_field_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('print_api.php'); form_security_validate('manage_custom_field_update'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_custom_fields_threshold')); $f_field_id = gpc_get_int('field_id'); $f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php')); $t_values['name'] = gpc_get_string('name'); $t_values['type'] = gpc_get_int('type'); $t_values['possible_values'] = gpc_get_string('possible_values'); $t_values['default_value'] = gpc_get_string('default_value'); $t_values['valid_regexp'] = gpc_get_string('valid_regexp'); $t_values['access_level_r'] = gpc_get_int('access_level_r'); $t_values['access_level_rw'] = gpc_get_int('access_level_rw'); $t_values['length_min'] = gpc_get_int('length_min'); $t_values['length_max'] = gpc_get_int('length_max'); $t_values['display_report'] = gpc_get_bool('display_report'); $t_values['display_update'] = gpc_get_bool('display_update'); $t_values['display_resolved'] = gpc_get_bool('display_resolved'); $t_values['display_closed'] = gpc_get_bool('display_closed'); $t_values['require_report'] = gpc_get_bool('require_report'); $t_values['require_update'] = gpc_get_bool('require_update'); $t_values['require_resolved'] = gpc_get_bool('require_resolved'); $t_values['require_closed'] = gpc_get_bool('require_closed'); $t_values['filter_by'] = gpc_get_bool('filter_by'); custom_field_update($f_field_id, $t_values); form_security_purge('manage_custom_field_update');
$f_priority = $t_bug->priority; $f_summary = $t_bug->summary; $f_description = $t_bug->description; $f_additional_info = $t_bug->additional_information; $f_view_state = $t_bug->view_state; $t_project_id = $t_bug->project_id; } else { access_ensure_project_level(config_get('report_bug_threshold')); $f_product_version = gpc_get_string('product_version', ''); $f_category = gpc_get_string('category', config_get('default_bug_category')); $f_reproducibility = gpc_get_int('reproducibility', config_get('default_bug_reproducibility')); $f_severity = gpc_get_int('severity', config_get('default_bug_severity')); $f_priority = gpc_get_int('priority', config_get('default_bug_priority')); $f_summary = gpc_get_string('summary', ''); $f_description = gpc_get_string('description', ''); $f_additional_info = gpc_get_string('additional_info', config_get('default_bug_additional_info')); $f_view_state = gpc_get_int('view_state', config_get('default_bug_view_status')); $t_project_id = helper_get_current_project(); $t_changed_project = false; } $f_report_stay = gpc_get_bool('report_stay', false); html_page_top1(lang_get('report_bug_link')); html_page_top2(); print_recently_visited(); ?> <br /> <div align="center"> <form name="report_bug_form" method="post" <?php if (file_allow_bug_upload()) { echo 'enctype="multipart/form-data"';
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'email_api.php'; form_security_validate('signup'); $f_username = strip_tags(gpc_get_string('username')); $f_email = strip_tags(gpc_get_string('email')); $f_captcha = gpc_get_string('captcha', ''); $f_username = trim($f_username); $f_email = email_append_domain(trim($f_email)); $f_captcha = utf8_strtolower(trim($f_captcha)); # Retrieve captcha key now, as session might get cleared by logout $t_form_key = session_get_int(CAPTCHA_KEY, null); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); } # Check to see if signup is allowed if (OFF == config_get_global('allow_signup')) { print_header_redirect('login_page.php'); exit; } if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) {
$f_view_type = 'simple'; } $t_select_modifier = ''; if ('advanced' == $f_view_type) { $t_select_modifier = ' multiple="multiple" size="10"'; } /** * Prepend headers to the dynamic filter forms that are sent as the response from this page. */ function return_dynamic_filters_prepend_headers() { if (!headers_sent()) { header('Content-Type: text/html; charset=utf-8'); } } $f_filter_target = gpc_get_string('filter_target'); $t_function_name = 'print_filter_' . utf8_substr($f_filter_target, 0, -7); if (function_exists($t_function_name)) { return_dynamic_filters_prepend_headers(); call_user_func($t_function_name); } else { if ('custom_field' == utf8_substr($f_filter_target, 0, 12)) { # custom function $t_custom_id = utf8_substr($f_filter_target, 13, -7); return_dynamic_filters_prepend_headers(); print_filter_custom_field($t_custom_id); } else { $t_plugin_filters = filter_get_plugin_filters(); $t_found = false; foreach ($t_plugin_filters as $t_field_name => $t_filter_object) { if ($t_field_name . '_filter' == $f_filter_target) {
$f_os_build = gpc_get_string('os_build', ''); $f_product_version = gpc_get_string('product_version', ''); $f_target_version = gpc_get_string('target_version', ''); $f_profile_id = gpc_get_int('profile_id', 0); $f_handler_id = gpc_get_int('handler_id', 0); $f_category_id = gpc_get_int('category_id', 0); $f_reproducibility = gpc_get_int('reproducibility', (int) config_get('default_bug_reproducibility')); $f_eta = gpc_get_int('eta', (int) config_get('default_bug_eta')); $f_severity = gpc_get_int('severity', (int) config_get('default_bug_severity')); $f_priority = gpc_get_int('priority', (int) config_get('default_bug_priority')); $f_summary = gpc_get_string('summary', ''); $f_description = gpc_get_string('description', ''); $f_steps_to_reproduce = gpc_get_string('steps_to_reproduce', config_get('default_bug_steps_to_reproduce')); $f_additional_info = gpc_get_string('additional_info', config_get('default_bug_additional_info')); $f_view_state = gpc_get_int('view_state', (int) config_get('default_bug_view_status')); $f_due_date = gpc_get_string('due_date', ''); if ($f_due_date == '') { $f_due_date = date_get_null(); } $t_changed_project = false; } $f_report_stay = gpc_get_bool('report_stay', false); $f_copy_notes_from_parent = gpc_get_bool('copy_notes_from_parent', false); $f_copy_attachments_from_parent = gpc_get_bool('copy_attachments_from_parent', false); $t_fields = config_get('bug_report_page_fields'); $t_fields = columns_filter_disabled($t_fields); $t_show_category = in_array('category_id', $t_fields); $t_show_reproducibility = in_array('reproducibility', $t_fields); $t_show_eta = in_array('eta', $t_fields); $t_show_severity = in_array('severity', $t_fields); $t_show_priority = in_array('priority', $t_fields);
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Mantis. If not, see <http://www.gnu.org/licenses/>. # -------------------------------------------------------- # $Id: manage_custom_field_delete.php,v 1.17.2.1 2007-10-13 22:33:27 giallu Exp $ # -------------------------------------------------------- require_once 'core.php'; $t_core_path = config_get('core_path'); require_once $t_core_path . 'custom_field_api.php'; form_security_validate('manage_custom_field_delete'); auth_reauthenticate(); access_ensure_global_level(config_get('manage_custom_fields_threshold')); $f_field_id = gpc_get_int('field_id'); $f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php')); $t_definition = custom_field_get_definition($f_field_id); if (0 < count(custom_field_get_project_ids($f_field_id))) { helper_ensure_confirmed(lang_get('confirm_used_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button')); } else { helper_ensure_confirmed(lang_get('confirm_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button')); } custom_field_destroy($f_field_id); form_security_purge('manage_custom_field_delete'); html_page_top1(); html_meta_redirect($f_return); html_page_top2(); ?> <br /> <div align="center">
# You should have received a copy of the GNU General Public License # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. /** * @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'icon_api.php'; auth_reauthenticate(); $f_sort = gpc_get_string('sort', 'name'); $f_dir = gpc_get_string('dir', 'ASC'); if ('ASC' == $f_dir) { $t_direction = ASCENDING; } else { $t_direction = DESCENDING; } html_page_top(lang_get('manage_projects_link')); print_manage_menu('manage_proj_page.php'); # Project Menu Form BEGIN ?> <br /> <table class="width100" cellspacing="1"> <tr> <td class="form-title" colspan="5"> <?php echo lang_get('projects_title');
<?php # phpWebNotes - a php based note addition system # Copyright (C) 2000-2002 Webnotes Team - webnotes-devel@sourceforge.net # This program is distributed under the terms and conditions of the GPL # See the files README and LICENSE for details # -------------------------------------------------------- # $Id: note_add.php,v 1.20 2003/09/13 06:59:30 vboctor Exp $ # -------------------------------------------------------- require_once 'core' . DIRECTORY_SEPARATOR . 'api.php'; access_ensure_check_action(ACTION_NOTES_SUBMIT); $f_page_id = gpc_get_int('f_page_id'); $f_note_id = gpc_get_int('f_note_id'); $f_email = stripslashes(gpc_get_string('f_email')); $f_note = stripslashes(gpc_get_string('f_note')); ### insert note if (0 == $f_note_id) { $result = note_add($f_page_id, $f_email, $REMOTE_ADDR, $f_note); if ($result !== false) { email_note_added($result); } } else { $result = note_update($f_note_id, $f_email, $f_note); email_note_updated($f_note_id); } $t_page_info = page_get_info(page_where_id_equals($f_page_id)); if (false === $t_page_info) { echo "page not found"; exit; } $t_url = $t_page_info['url'];
* @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses core.php * @uses config_api.php * @uses gpc_api.php */ /** * MantisBT Core API's */ require_once 'core.php'; require_api('config_api.php'); require_api('gpc_api.php'); $f_type = gpc_get_string('type', 'text'); header('Content-Type: application/opensearchdescription+xml'); ?> <OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/"> <?php $t_path = config_get_global('path'); if (utf8_strtolower($f_type) == 'id') { echo '<ShortName>MantisBT IssueId</ShortName>'; echo '<Description>MantisBT Issue Id</Description>'; echo '<InputEncoding>UTF-8</InputEncoding>'; } else { echo '<ShortName>MantisBT Search</ShortName>'; echo '<Description>MantisBT Text Search</Description>'; echo '<InputEncoding>UTF-8</InputEncoding>'; }
* @uses config_api.php * @uses event_api.php * @uses form_api.php * @uses gpc_api.php * @uses print_api.php * @uses project_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('authentication_api.php'); require_api('config_api.php'); require_api('event_api.php'); require_api('form_api.php'); require_api('gpc_api.php'); require_api('print_api.php'); require_api('project_api.php'); form_security_validate('manage_proj_update'); auth_reauthenticate(); $f_project_id = gpc_get_int('project_id'); $f_name = gpc_get_string('name'); $f_description = gpc_get_string('description'); $f_status = gpc_get_int('status'); $f_view_state = gpc_get_int('view_state'); $f_file_path = gpc_get_string('file_path', ''); $f_enabled = gpc_get_bool('enabled'); $f_inherit_global = gpc_get_bool('inherit_global', 0); access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id); project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global); event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id)); form_security_purge('manage_proj_update'); print_header_redirect('manage_proj_page.php');