/**
* Validates the Attach Tags group action.
* Gets called for every bug, but performs the real tag validation only
* the first time. Any invalid tags will be skipped, as there is no simple
* or clean method of presenting these errors to the user.
* @param integer Bug ID
* @return boolean True
*/
function action_attach_tags_validate($p_bug_id)
{
global $g_action_attach_tags_valid;
if (!isset($g_action_attach_tags_valid)) {
$f_tag_string = gpc_get_string('tag_string');
$f_tag_select = gpc_get_string('tag_select');
global $g_action_attach_tags_attach, $g_action_attach_tags_create, $g_action_attach_tags_failed;
$g_action_attach_tags_attach = array();
$g_action_attach_tags_create = array();
$g_action_attach_tags_failed = array();
$t_tags = tag_parse_string($f_tag_string);
$t_can_create = access_has_global_level(config_get('tag_create_threshold'));
foreach ($t_tags as $t_tag_row) {
if (-1 == $t_tag_row['id']) {
if ($t_can_create) {
$g_action_attach_tags_create[] = $t_tag_row;
} else {
$g_action_attach_tags_failed[] = $t_tag_row;
}
} elseif (-2 == $t_tag_row['id']) {
$g_action_attach_tags_failed[] = $t_tag_row;
} else {
$g_action_attach_tags_attach[] = $t_tag_row;
}
}
if (0 < $f_tag_select && tag_exists($f_tag_select)) {
$g_action_attach_tags_attach[] = tag_get($f_tag_select);
}
}
global $g_action_attach_tags_attach, $g_action_attach_tags_create, $g_action_attach_tags_failed;
return true;
}
/**
* Validates the Attach Tags group action.
* Checks if a user can attach the requested tags to a given bug.
* @param integer $p_bug_id Bug ID
* @return string|null On failure: the reason for tags failing validation for the given bug. On success: null.
*/
function action_attach_tags_validate($p_bug_id)
{
global $g_action_attach_tags_tags;
global $g_action_attach_tags_attach;
global $g_action_attach_tags_create;
$t_can_attach = access_has_bug_level(config_get('tag_attach_threshold'), $p_bug_id);
if (!$t_can_attach) {
return lang_get('tag_attach_denied');
}
if (!isset($g_action_attach_tags_tags)) {
if (!isset($g_action_attach_tags_attach)) {
$g_action_attach_tags_attach = array();
$g_action_attach_tags_create = array();
}
$g_action_attach_tags_tags = tag_parse_string(gpc_get_string('tag_string'));
foreach ($g_action_attach_tags_tags as $t_tag_row) {
if ($t_tag_row['id'] == -1) {
$g_action_attach_tags_create[$t_tag_row['name']] = $t_tag_row;
} else {
if ($t_tag_row['id'] >= 0) {
$g_action_attach_tags_attach[$t_tag_row['name']] = $t_tag_row;
}
}
}
}
$t_can_create = access_has_bug_level(config_get('tag_create_threshold'), $p_bug_id);
if (count($g_action_attach_tags_create) > 0 && !$t_can_create) {
return lang_get('tag_create_denied');
}
if (count($g_action_attach_tags_create) == 0 && count($g_action_attach_tags_attach) == 0) {
return lang_get('tag_none_attached');
}
return null;
}
function xmlhttprequest_os_build_get_with_prefix()
{
$f_os_build = gpc_get_string('os_build');
$t_unique_entries = profile_get_field_all_for_user('os_build');
$t_matching_entries = projax_array_filter_by_prefix($t_unique_entries, $f_os_build);
echo projax_array_serialize_for_autocomplete($t_matching_entries);
}
/**
* Executes the custom action on the specified bug id.
*
* @param $p_bug_id The bug id to execute the custom action on.
* @returns true|array Action executed successfully., ( bug_id => reason for failure )
*/
function action_update_product_build_process($p_bug_id)
{
$f_build = gpc_get_string('build');
$t_build = trim($f_build);
bug_set_field($p_bug_id, 'build', $t_build);
return true;
}
/**
* Updates a value in the plugin configuration
*
* @param $value
* @param $constant
*/
public function updateValue($value, $constant)
{
$act_value = null;
if (is_int($value)) {
$act_value = gpc_get_int($value, $constant);
}
if (is_string($value)) {
$act_value = gpc_get_string($value, $constant);
}
if (plugin_config_get($value) != $act_value) {
plugin_config_set($value, $act_value);
}
}
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'current_user_api.php';
require_once 'bug_api.php';
require_once 'date_api.php';
require_once 'icon_api.php';
require_once 'string_api.php';
require_once 'columns_api.php';
require_once 'config_filter_defaults_inc.php';
auth_ensure_user_authenticated();
$f_search = gpc_get_string(FILTER_PROPERTY_FREE_TEXT, false);
/** @todo need a better default */
$f_offset = gpc_get_int('offset', 0);
$t_cookie_value_id = gpc_get_cookie(config_get('view_all_cookie'), '');
$t_cookie_value = filter_db_get_filter($t_cookie_value_id);
$f_highlight_changed = 0;
$f_sort = null;
$f_dir = null;
$t_project_id = 0;
$t_columns = helper_get_columns_to_view(COLUMNS_TARGET_PRINT_PAGE);
$t_num_of_columns = count($t_columns);
# check to see if the cookie exists
if (!is_blank($t_cookie_value)) {
# check to see if new cookie is needed
if (!filter_is_cookie_valid()) {
print_header_redirect('view_all_set.php?type=0&print=1');
} else {
access_ensure_global_level(config_get('add_profile_threshold'));
}
profile_create($t_user_id, $f_platform, $f_os, $f_os_build, $f_description);
form_security_purge('profile_update');
if (ALL_USERS == $t_user_id) {
print_header_redirect('manage_prof_menu_page.php');
} else {
print_header_redirect('account_prof_menu_page.php');
}
break;
case 'update':
$f_platform = gpc_get_string('platform');
$f_os = gpc_get_string('os');
$f_os_build = gpc_get_string('os_build');
$f_description = gpc_get_string('description');
if (profile_is_global($f_profile_id)) {
access_ensure_global_level(config_get('manage_global_profile_threshold'));
profile_update(ALL_USERS, $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
form_security_purge('profile_update');
print_header_redirect('manage_prof_menu_page.php');
} else {
profile_update(auth_get_current_user_id(), $f_profile_id, $f_platform, $f_os, $f_os_build, $f_description);
form_security_purge('profile_update');
print_header_redirect('account_prof_menu_page.php');
}
break;
case 'delete':
if (profile_is_global($f_profile_id)) {
access_ensure_global_level(config_get('manage_global_profile_threshold'));
profile_delete(ALL_USERS, $f_profile_id);
* @uses string_api.php
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_api('authentication_api.php');
require_api('constant_inc.php');
require_api('current_user_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
auth_ensure_user_authenticated();
$f_ref = string_sanitize_url(gpc_get_string('ref', ''));
if (count(current_user_get_accessible_projects()) == 1) {
$t_project_ids = current_user_get_accessible_projects();
$t_project_id = (int) $t_project_ids[0];
if (count(current_user_get_accessible_subprojects($t_project_id)) == 0) {
$t_ref_urlencoded = string_url($f_ref);
print_header_redirect("set_project.php?project_id={$t_project_id}&ref={$t_ref_urlencoded}", true);
/* print_header_redirect terminates script execution */
}
}
html_page_top(lang_get('select_project_button'));
?>
<!-- Project Select Form BEGIN -->
<div id="select-project-div" class="form-container">
<form id="select-project-form" method="post" action="set_project.php">
function gpc_get_custom_field($p_var_name, $p_custom_field_type, $p_default = null)
{
switch ($p_custom_field_type) {
case CUSTOM_FIELD_TYPE_MULTILIST:
case CUSTOM_FIELD_TYPE_CHECKBOX:
$t_values = gpc_get_string_array($p_var_name, $p_default);
if (null !== $t_values && '' != $t_values) {
return implode('|', $t_values);
} else {
return '';
}
break;
case CUSTOM_FIELD_TYPE_DATE:
$t_day = gpc_get_int($p_var_name . "_day", 0);
$t_month = gpc_get_int($p_var_name . "_month", 0);
$t_year = gpc_get_int($p_var_name . "_year", 0);
if ($t_year == 0 || $t_month == 0 || $t_day == 0) {
if ($p_default == null) {
return '';
} else {
return $p_default;
}
} else {
return strtotime($t_year . "-" . $t_month . "-" . $t_day);
}
break;
default:
return gpc_get_string($p_var_name, $p_default);
}
}
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'news_api.php';
require_once 'string_api.php';
news_ensure_enabled();
$f_news_id = gpc_get_int('news_id');
$f_action = gpc_get_string('action', '');
# If deleting item redirect to delete script
if ('delete' == $f_action) {
form_security_validate('news_delete');
$row = news_get_row($f_news_id);
# This check is to allow deleting of news items that were left orphan due to bug #3723
if (project_exists($row['project_id'])) {
access_ensure_project_level(config_get('manage_news_threshold'), $row['project_id']);
}
helper_ensure_confirmed(lang_get('delete_news_sure_msg'), lang_get('delete_news_item_button'));
news_delete($f_news_id);
form_security_purge('news_delete');
print_header_redirect('news_menu_page.php', true);
}
# Retrieve news item data and prefix with v_
$row = news_get_row($f_news_id);
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: adm_config_set.php,v 1.4.2.1 2007-10-13 22:32:27 giallu Exp $
# --------------------------------------------------------
# This page stores the reported bug
require_once 'core.php';
$t_core_path = config_get('core_path');
# helper_ensure_post();
$f_user_id = gpc_get_int('user_id');
$f_project_id = gpc_get_int('project_id');
$f_config_option = gpc_get_string('config_option');
$f_type = gpc_get_string('type');
$f_value = gpc_get_string('value');
if (is_blank($f_config_option)) {
error_parameters('config_option');
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if ($f_project_id == ALL_PROJECTS) {
access_ensure_global_level(config_get('set_configuration_threshold'));
} else {
access_ensure_project_level(config_get('set_configuration_threshold'), $f_project_id);
}
# make sure that configuration option specified is a valid one.
$t_not_found_value = '***CONFIG OPTION NOT FOUND***';
if (config_get_global($f_config_option, $t_not_found_value) === $t_not_found_value) {
error_parameters($f_config_option);
trigger_error(ERROR_CONFIG_OPT_NOT_FOUND, ERROR);
}
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: manage_proj_ver_add.php,v 1.31.2.1 2007-10-13 22:33:45 giallu Exp $
# --------------------------------------------------------
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'version_api.php';
form_security_validate('manage_proj_ver_add');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_version = gpc_get_string('version');
$f_add_and_edit = gpc_get_bool('add_and_edit_version');
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
if (is_blank($f_version)) {
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# We reverse the array so that if the user enters multiple versions
# they will likely appear with the last item entered at the top of the list
# (i.e. in reverse chronological order). Unless we find a way to make the
# date_order fields different for each one, however, this is fragile, since
# the DB may actually pull the rows out in any order
$t_versions = array_reverse(explode('|', $f_version));
$t_version_count = count($t_versions);
foreach ($t_versions as $t_version) {
if (is_blank($t_version)) {
continue;
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Slack Integration; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
* or see http://www.gnu.org/licenses/.
*/
form_security_validate('plugin_Slack_config_edit');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_plugin_threshold'));
$f_url_webhook = gpc_get_string('url_webhook');
$f_bot_name = gpc_get_string('bot_name');
$f_bot_icon = gpc_get_string('bot_icon');
$f_skip_bulk = gpc_get_bool('skip_bulk');
$f_default_channel = gpc_get_string('default_channel');
if (plugin_config_get('url_webhook') != $f_url_webhook) {
plugin_config_set('url_webhook', $f_url_webhook);
}
if (plugin_config_get('bot_name') != $f_bot_name) {
plugin_config_set('bot_name', $f_bot_name);
}
if (plugin_config_get('bot_icon') != $f_bot_icon) {
plugin_config_set('bot_icon', $f_bot_icon);
}
if (plugin_config_get('skip_bulk') != $f_skip_bulk) {
plugin_config_set('skip_bulk', $f_skip_bulk);
}
if (plugin_config_get('default_channel') != $f_default_channel) {
plugin_config_set('default_channel', $f_default_channel);
}
}
/**
* Delete a session variable.
* @param string Session variable name
*/
function session_delete( $p_name ) {
global $g_session;
$g_session->delete( $p_name );
}
/**
* Destroy the session entirely.
*/
function session_clean() {
global $g_session;
$g_session->destroy();
}
# Initialize the session
if ( PHP_CGI == php_mode() ) {
$t_session_id = gpc_get_string( 'session_id', '' );
if ( empty( $t_session_id ) ) {
session_init();
} else {
session_init( $t_session_id );
}
}
require_api('email_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
form_security_validate('account_update');
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
$f_email = gpc_get_string('email', '');
$f_realname = gpc_get_string('realname', '');
$f_password = gpc_get_string('password', '');
$f_password_confirm = gpc_get_string('password_confirm', '');
// get the user id once, so that if we decide in the future to enable this for
// admins / managers to change details of other users.
$t_user_id = auth_get_current_user_id();
$t_redirect = 'account_page.php';
$t_email_updated = false;
$t_password_updated = false;
$t_realname_updated = false;
/** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
if (OFF == config_get('use_ldap_email')) {
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
email_ensure_not_disposable($f_email);
if ($f_email != user_get_email($t_user_id)) {
user_set_email($t_user_id, $f_email);
$t_email_updated = true;
<?php
# phpWebNotes - a php based note addition system
# Copyright (C) 2000-2002 Webnotes Team - webnotes-devel@sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: login_page.php,v 1.22 2002/09/22 04:17:38 vboctor Exp $
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
### Check to see if already logged in
if (isset($g_string_cookie_val) && !empty($g_string_cookie_val)) {
login_cookie_check($g_admin_page);
}
$f_msg = gpc_get_string('f_msg', '');
print_html_top();
print_head_top();
print_title($g_window_title);
print_css($g_css_inc_file);
print_meta_inc($g_meta_inc_file);
print_head_bottom();
print_body_top();
print_header($g_page_title);
print_top_page($g_top_page_inc);
if ($f_msg === 'error') {
echo <<<EOT
\t\t<div class="error" align="center">
\t\t\t<strong>ERROR:</strong> Unauthorised access for supplied user name and password.
\t\t</div>
EOT;
}
* @copyright Copyright (C) 2002 - 2013 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'news_api.php';
require_once 'print_api.php';
news_ensure_enabled();
form_security_validate('news_add');
access_ensure_project_level(config_get('manage_news_threshold'));
$f_view_state = gpc_get_int('view_state');
$f_headline = gpc_get_string('headline');
$f_announcement = gpc_get_bool('announcement');
$f_body = gpc_get_string('body');
$t_news_id = news_create(helper_get_current_project(), auth_get_current_user_id(), $f_view_state, $f_announcement, $f_headline, $f_body);
form_security_purge('news_add');
$t_news_row = news_get_row($t_news_id);
html_page_top();
?>
<br />
<div align="center">
<?php
echo lang_get('operation_successful') . '<br />';
print_bracket_link('news_menu_page.php', lang_get('proceed'));
echo '<br /><br />';
print_news_entry_from_row($t_news_row);
?>
</div>
require_api( 'authentication_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'gpc_api.php' );
require_api( 'print_api.php' );
require_api( 'user_api.php' );
# check if at least one way to get here is enabled
if ( OFF == config_get( 'allow_signup' ) &&
OFF == config_get( 'lost_password_feature' ) &&
OFF == config_get( 'send_reset_password' ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
}
$f_user_id = gpc_get_string('id');
$f_confirm_hash = gpc_get_string('confirm_hash');
# force logout on the current user if already authenticated
if( auth_is_user_authenticated() ) {
auth_logout();
# reload the page after logout
print_header_redirect( "verify.php?id=$f_user_id&confirm_hash=$f_confirm_hash" );
}
$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );
if ( $f_confirm_hash != $t_calculated_confirm_hash ) {
trigger_error( ERROR_LOST_PASSWORD_CONFIRM_HASH_INVALID, ERROR );
}
/**
* Make sure that our filters are entirely correct and complete (it is possible that they are not).
* We need to do this to cover cases where we don't have complete control over the filters given.
* @param array $p_filter_arr A Filter definition.
* @return array
* @todo function needs to be abstracted
*/
function filter_ensure_valid_filter(array $p_filter_arr)
{
# extend current filter to add information passed via POST
if (!isset($p_filter_arr['_version'])) {
$p_filter_arr['_version'] = FILTER_VERSION;
}
$t_cookie_vers = (int) substr($p_filter_arr['_version'], 1);
if (substr(FILTER_VERSION, 1) > $t_cookie_vers) {
# if the version is old, update it
$p_filter_arr['_version'] = FILTER_VERSION;
}
if (!isset($p_filter_arr['_view_type'])) {
$p_filter_arr['_view_type'] = gpc_get_string('view_type', 'simple');
}
if (!isset($p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE])) {
$p_filter_arr[FILTER_PROPERTY_ISSUES_PER_PAGE] = gpc_get_int(FILTER_PROPERTY_ISSUES_PER_PAGE, config_get('default_limit_view'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED])) {
$p_filter_arr[FILTER_PROPERTY_HIGHLIGHT_CHANGED] = config_get('default_show_changed');
}
if (!isset($p_filter_arr[FILTER_PROPERTY_STICKY])) {
$p_filter_arr[FILTER_PROPERTY_STICKY] = gpc_string_to_bool(config_get('show_sticky_issues'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_SORT_FIELD_NAME])) {
$p_filter_arr[FILTER_PROPERTY_SORT_FIELD_NAME] = 'last_updated';
}
if (!isset($p_filter_arr[FILTER_PROPERTY_SORT_DIRECTION])) {
$p_filter_arr[FILTER_PROPERTY_SORT_DIRECTION] = 'DESC';
}
if (!isset($p_filter_arr[FILTER_PROPERTY_PLATFORM])) {
$p_filter_arr[FILTER_PROPERTY_PLATFORM] = array(0 => (string) META_FILTER_ANY);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_OS])) {
$p_filter_arr[FILTER_PROPERTY_OS] = array(0 => (string) META_FILTER_ANY);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_OS_BUILD])) {
$p_filter_arr[FILTER_PROPERTY_OS_BUILD] = array(0 => (string) META_FILTER_ANY);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_PROJECT_ID])) {
$p_filter_arr[FILTER_PROPERTY_PROJECT_ID] = array(0 => META_FILTER_CURRENT);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_START_MONTH])) {
$p_filter_arr[FILTER_PROPERTY_START_MONTH] = gpc_get_string(FILTER_PROPERTY_START_MONTH, date('m'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_START_DAY])) {
$p_filter_arr[FILTER_PROPERTY_START_DAY] = gpc_get_string(FILTER_PROPERTY_START_DAY, 1);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_START_YEAR])) {
$p_filter_arr[FILTER_PROPERTY_START_YEAR] = gpc_get_string(FILTER_PROPERTY_START_YEAR, date('Y'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_END_MONTH])) {
$p_filter_arr[FILTER_PROPERTY_END_MONTH] = gpc_get_string(FILTER_PROPERTY_END_MONTH, date('m'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_END_DAY])) {
$p_filter_arr[FILTER_PROPERTY_END_DAY] = gpc_get_string(FILTER_PROPERTY_END_DAY, date('d'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_END_YEAR])) {
$p_filter_arr[FILTER_PROPERTY_END_YEAR] = gpc_get_string(FILTER_PROPERTY_END_YEAR, date('Y'));
}
if (!isset($p_filter_arr[FILTER_PROPERTY_SEARCH])) {
$p_filter_arr[FILTER_PROPERTY_SEARCH] = '';
}
if (!isset($p_filter_arr[FILTER_PROPERTY_FILTER_BY_DATE])) {
$p_filter_arr[FILTER_PROPERTY_FILTER_BY_DATE] = gpc_get_bool(FILTER_PROPERTY_FILTER_BY_DATE, false);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_VIEW_STATE])) {
$p_filter_arr[FILTER_PROPERTY_VIEW_STATE] = gpc_get(FILTER_PROPERTY_VIEW_STATE, META_FILTER_ANY);
} else {
if (filter_field_is_any($p_filter_arr[FILTER_PROPERTY_VIEW_STATE])) {
$p_filter_arr[FILTER_PROPERTY_VIEW_STATE] = META_FILTER_ANY;
}
}
if (!isset($p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_TYPE])) {
$p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_TYPE] = gpc_get_int(FILTER_PROPERTY_RELATIONSHIP_TYPE, -1);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_BUG])) {
$p_filter_arr[FILTER_PROPERTY_RELATIONSHIP_BUG] = gpc_get_int(FILTER_PROPERTY_RELATIONSHIP_BUG, 0);
}
if (!isset($p_filter_arr[FILTER_PROPERTY_TARGET_VERSION])) {
$p_filter_arr[FILTER_PROPERTY_TARGET_VERSION] = (string) META_FILTER_ANY;
}
if (!isset($p_filter_arr[FILTER_PROPERTY_TAG_STRING])) {
$p_filter_arr[FILTER_PROPERTY_TAG_STRING] = gpc_get_string(FILTER_PROPERTY_TAG_STRING, '');
}
if (!isset($p_filter_arr[FILTER_PROPERTY_TAG_SELECT])) {
$p_filter_arr[FILTER_PROPERTY_TAG_SELECT] = gpc_get_string(FILTER_PROPERTY_TAG_SELECT, '');
}
if (!isset($p_filter_arr[FILTER_PROPERTY_MATCH_TYPE])) {
$p_filter_arr[FILTER_PROPERTY_MATCH_TYPE] = gpc_get_int(FILTER_PROPERTY_MATCH_TYPE, FILTER_MATCH_ALL);
}
# initialize plugin filters
$t_plugin_filters = filter_get_plugin_filters();
foreach ($t_plugin_filters as $t_field_name => $t_filter_object) {
if (!isset($p_filter_arr[$t_field_name])) {
switch ($t_filter_object->type) {
case FILTER_TYPE_STRING:
$p_filter_arr[$t_field_name] = gpc_get_string($t_field_name, $t_filter_object->default);
break;
case FILTER_TYPE_INT:
$p_filter_arr[$t_field_name] = gpc_get_int($t_field_name, (int) $t_filter_object->default);
break;
case FILTER_TYPE_BOOLEAN:
$p_filter_arr[$t_field_name] = gpc_get_bool($t_field_name, (bool) $t_filter_object->default);
break;
case FILTER_TYPE_MULTI_STRING:
$p_filter_arr[$t_field_name] = gpc_get_string_array($t_field_name, array(0 => (string) META_FILTER_ANY));
break;
case FILTER_TYPE_MULTI_INT:
$p_filter_arr[$t_field_name] = gpc_get_int_array($t_field_name, array(0 => META_FILTER_ANY));
break;
default:
$p_filter_arr[$t_field_name] = (string) META_FILTER_ANY;
}
}
if (!$t_filter_object->validate($p_filter_arr[$t_field_name])) {
$p_filter_arr[$t_field_name] = $t_filter_object->default;
}
}
$t_custom_fields = custom_field_get_ids();
# @@@ (thraxisp) This should really be the linked ids, but we don't know the project
$f_custom_fields_data = array();
if (is_array($t_custom_fields) && count($t_custom_fields) > 0) {
foreach ($t_custom_fields as $t_cfid) {
if (is_array(gpc_get('custom_field_' . $t_cfid, null))) {
$f_custom_fields_data[$t_cfid] = gpc_get_string_array('custom_field_' . $t_cfid, array(META_FILTER_ANY));
} else {
$f_custom_fields_data[$t_cfid] = gpc_get_string('custom_field_' . $t_cfid, (string) META_FILTER_ANY);
$f_custom_fields_data[$t_cfid] = array($f_custom_fields_data[$t_cfid]);
}
}
}
# validate sorting
$t_fields = helper_get_columns_to_view();
$t_n_fields = count($t_fields);
for ($i = 0; $i < $t_n_fields; $i++) {
if (isset($t_fields[$i]) && in_array($t_fields[$i], array('selection', 'edit', 'bugnotes_count', 'attachment_count'))) {
unset($t_fields[$i]);
}
}
# Make sure array is no longer than 2 elements
$t_sort_fields = explode(',', $p_filter_arr['sort']);
if (count($t_sort_fields) > 2) {
$t_sort_fields = array_slice($t_sort_fields, 0, 2);
}
# Make sure array is no longer than 2 elements
$t_dir_fields = explode(',', $p_filter_arr['dir']);
if (count($t_dir_fields) > 2) {
$t_dir_fields = array_slice($t_dir_fields, 0, 2);
}
# Validate the max of two segments for $t_sort_fields and $t_dir_fields
for ($i = 0; $i < 2; $i++) {
if (isset($t_sort_fields[$i])) {
$t_drop = false;
$t_sort = $t_sort_fields[$i];
if (strpos($t_sort, 'custom_') === 0) {
if (false === custom_field_get_id_from_name(utf8_substr($t_sort, utf8_strlen('custom_')))) {
$t_drop = true;
}
} else {
if (!in_array($t_sort, $t_fields)) {
$t_drop = true;
}
}
if (!in_array($t_dir_fields[$i], array('ASC', 'DESC'))) {
$t_drop = true;
}
if ($t_drop) {
unset($t_sort_fields[$i]);
unset($t_dir_fields[$i]);
}
}
}
if (count($t_sort_fields) > 0) {
$p_filter_arr['sort'] = implode(',', $t_sort_fields);
$p_filter_arr['dir'] = implode(',', $t_dir_fields);
} else {
$p_filter_arr['sort'] = 'last_updated';
$p_filter_arr['dir'] = 'DESC';
}
# validate or filter junk from other fields
$t_multi_select_list = array(FILTER_PROPERTY_CATEGORY_ID => 'string', FILTER_PROPERTY_SEVERITY => 'int', FILTER_PROPERTY_STATUS => 'int', FILTER_PROPERTY_REPORTER_ID => 'int', FILTER_PROPERTY_HANDLER_ID => 'int', FILTER_PROPERTY_NOTE_USER_ID => 'int', FILTER_PROPERTY_RESOLUTION => 'int', FILTER_PROPERTY_PRIORITY => 'int', FILTER_PROPERTY_BUILD => 'string', FILTER_PROPERTY_VERSION => 'string', FILTER_PROPERTY_HIDE_STATUS => 'int', FILTER_PROPERTY_FIXED_IN_VERSION => 'string', FILTER_PROPERTY_TARGET_VERSION => 'string', FILTER_PROPERTY_MONITOR_USER_ID => 'int', FILTER_PROPERTY_PROFILE_ID => 'int');
foreach ($t_multi_select_list as $t_multi_field_name => $t_multi_field_type) {
if (!isset($p_filter_arr[$t_multi_field_name])) {
if (FILTER_PROPERTY_HIDE_STATUS == $t_multi_field_name) {
$p_filter_arr[$t_multi_field_name] = array(config_get('hide_status_default'));
} else {
if ('custom_fields' == $t_multi_field_name) {
$p_filter_arr[$t_multi_field_name] = array($f_custom_fields_data);
} else {
$p_filter_arr[$t_multi_field_name] = array(META_FILTER_ANY);
}
}
} else {
if (!is_array($p_filter_arr[$t_multi_field_name])) {
$p_filter_arr[$t_multi_field_name] = array($p_filter_arr[$t_multi_field_name]);
}
$t_checked_array = array();
foreach ($p_filter_arr[$t_multi_field_name] as $t_filter_value) {
$t_filter_value = stripslashes($t_filter_value);
if ($t_filter_value === 'any' || $t_filter_value === '[any]') {
$t_filter_value = META_FILTER_ANY;
}
if ($t_filter_value === 'none' || $t_filter_value === '[none]') {
$t_filter_value = META_FILTER_NONE;
}
if ('string' == $t_multi_field_type) {
$t_checked_array[] = $t_filter_value;
} else {
if ('int' == $t_multi_field_type) {
$t_checked_array[] = (int) $t_filter_value;
} else {
if ('array' == $t_multi_field_type) {
$t_checked_array[] = $t_filter_value;
}
}
}
}
$p_filter_arr[$t_multi_field_name] = $t_checked_array;
}
}
if (is_array($t_custom_fields) && count($t_custom_fields) > 0) {
foreach ($t_custom_fields as $t_cfid) {
if (!isset($p_filter_arr['custom_fields'][$t_cfid])) {
$p_filter_arr['custom_fields'][$t_cfid] = array(META_FILTER_ANY);
} else {
if (!is_array($p_filter_arr['custom_fields'][$t_cfid])) {
$p_filter_arr['custom_fields'][$t_cfid] = array($p_filter_arr['custom_fields'][$t_cfid]);
}
$t_checked_array = array();
foreach ($p_filter_arr['custom_fields'][$t_cfid] as $t_filter_value) {
$t_filter_value = stripslashes($t_filter_value);
if ($t_filter_value === 'any' || $t_filter_value === '[any]') {
$t_filter_value = META_FILTER_ANY;
}
$t_checked_array[] = $t_filter_value;
}
$p_filter_arr['custom_fields'][$t_cfid] = $t_checked_array;
}
}
}
# all of our filter values are now guaranteed to be there, and correct.
return $p_filter_arr;
}
require_api('config_api.php');
require_api('constant_inc.php');
require_api('current_user_api.php');
require_api('database_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
require_api('string_api.php');
require_api('user_api.php');
require_api('utility_api.php');
require_css('login.css');
$f_error = gpc_get_bool('error');
$f_cookie_error = gpc_get_bool('cookie_error');
$f_return = string_sanitize_url(gpc_get_string('return', ''));
$f_username = gpc_get_string('username', '');
$f_perm_login = gpc_get_bool('perm_login', false);
$f_secure_session = gpc_get_bool('secure_session', false);
$f_secure_session_cookie = gpc_get_cookie(config_get_global('cookie_prefix') . '_secure_session', null);
# Set username to blank if invalid to prevent possible XSS exploits
if (!user_is_name_valid($f_username)) {
$f_username = '';
}
$t_session_validation = ON == config_get_global('session_validation');
# If user is already authenticated and not anonymous
if (auth_is_user_authenticated() && !current_user_is_anonymous()) {
# If return URL is specified redirect to it; otherwise use default page
if (!is_blank($f_return)) {
print_header_redirect($f_return, false, false, true);
} else {
print_header_redirect(config_get('default_home_page'));
require_api('custom_field_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('print_api.php');
form_security_validate('manage_custom_field_update');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_custom_fields_threshold'));
$f_field_id = gpc_get_int('field_id');
$f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php'));
$t_values['name'] = gpc_get_string('name');
$t_values['type'] = gpc_get_int('type');
$t_values['possible_values'] = gpc_get_string('possible_values');
$t_values['default_value'] = gpc_get_string('default_value');
$t_values['valid_regexp'] = gpc_get_string('valid_regexp');
$t_values['access_level_r'] = gpc_get_int('access_level_r');
$t_values['access_level_rw'] = gpc_get_int('access_level_rw');
$t_values['length_min'] = gpc_get_int('length_min');
$t_values['length_max'] = gpc_get_int('length_max');
$t_values['display_report'] = gpc_get_bool('display_report');
$t_values['display_update'] = gpc_get_bool('display_update');
$t_values['display_resolved'] = gpc_get_bool('display_resolved');
$t_values['display_closed'] = gpc_get_bool('display_closed');
$t_values['require_report'] = gpc_get_bool('require_report');
$t_values['require_update'] = gpc_get_bool('require_update');
$t_values['require_resolved'] = gpc_get_bool('require_resolved');
$t_values['require_closed'] = gpc_get_bool('require_closed');
$t_values['filter_by'] = gpc_get_bool('filter_by');
custom_field_update($f_field_id, $t_values);
form_security_purge('manage_custom_field_update');
$f_priority = $t_bug->priority;
$f_summary = $t_bug->summary;
$f_description = $t_bug->description;
$f_additional_info = $t_bug->additional_information;
$f_view_state = $t_bug->view_state;
$t_project_id = $t_bug->project_id;
} else {
access_ensure_project_level(config_get('report_bug_threshold'));
$f_product_version = gpc_get_string('product_version', '');
$f_category = gpc_get_string('category', config_get('default_bug_category'));
$f_reproducibility = gpc_get_int('reproducibility', config_get('default_bug_reproducibility'));
$f_severity = gpc_get_int('severity', config_get('default_bug_severity'));
$f_priority = gpc_get_int('priority', config_get('default_bug_priority'));
$f_summary = gpc_get_string('summary', '');
$f_description = gpc_get_string('description', '');
$f_additional_info = gpc_get_string('additional_info', config_get('default_bug_additional_info'));
$f_view_state = gpc_get_int('view_state', config_get('default_bug_view_status'));
$t_project_id = helper_get_current_project();
$t_changed_project = false;
}
$f_report_stay = gpc_get_bool('report_stay', false);
html_page_top1(lang_get('report_bug_link'));
html_page_top2();
print_recently_visited();
?>
<br />
<div align="center">
<form name="report_bug_form" method="post" <?php
if (file_allow_bug_upload()) {
echo 'enctype="multipart/form-data"';
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'email_api.php';
form_security_validate('signup');
$f_username = strip_tags(gpc_get_string('username'));
$f_email = strip_tags(gpc_get_string('email'));
$f_captcha = gpc_get_string('captcha', '');
$f_username = trim($f_username);
$f_email = email_append_domain(trim($f_email));
$f_captcha = utf8_strtolower(trim($f_captcha));
# Retrieve captcha key now, as session might get cleared by logout
$t_form_key = session_get_int(CAPTCHA_KEY, null);
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
}
# Check to see if signup is allowed
if (OFF == config_get_global('allow_signup')) {
print_header_redirect('login_page.php');
exit;
}
if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) {
$f_view_type = 'simple';
}
$t_select_modifier = '';
if ('advanced' == $f_view_type) {
$t_select_modifier = ' multiple="multiple" size="10"';
}
/**
* Prepend headers to the dynamic filter forms that are sent as the response from this page.
*/
function return_dynamic_filters_prepend_headers()
{
if (!headers_sent()) {
header('Content-Type: text/html; charset=utf-8');
}
}
$f_filter_target = gpc_get_string('filter_target');
$t_function_name = 'print_filter_' . utf8_substr($f_filter_target, 0, -7);
if (function_exists($t_function_name)) {
return_dynamic_filters_prepend_headers();
call_user_func($t_function_name);
} else {
if ('custom_field' == utf8_substr($f_filter_target, 0, 12)) {
# custom function
$t_custom_id = utf8_substr($f_filter_target, 13, -7);
return_dynamic_filters_prepend_headers();
print_filter_custom_field($t_custom_id);
} else {
$t_plugin_filters = filter_get_plugin_filters();
$t_found = false;
foreach ($t_plugin_filters as $t_field_name => $t_filter_object) {
if ($t_field_name . '_filter' == $f_filter_target) {
$f_os_build = gpc_get_string('os_build', '');
$f_product_version = gpc_get_string('product_version', '');
$f_target_version = gpc_get_string('target_version', '');
$f_profile_id = gpc_get_int('profile_id', 0);
$f_handler_id = gpc_get_int('handler_id', 0);
$f_category_id = gpc_get_int('category_id', 0);
$f_reproducibility = gpc_get_int('reproducibility', (int) config_get('default_bug_reproducibility'));
$f_eta = gpc_get_int('eta', (int) config_get('default_bug_eta'));
$f_severity = gpc_get_int('severity', (int) config_get('default_bug_severity'));
$f_priority = gpc_get_int('priority', (int) config_get('default_bug_priority'));
$f_summary = gpc_get_string('summary', '');
$f_description = gpc_get_string('description', '');
$f_steps_to_reproduce = gpc_get_string('steps_to_reproduce', config_get('default_bug_steps_to_reproduce'));
$f_additional_info = gpc_get_string('additional_info', config_get('default_bug_additional_info'));
$f_view_state = gpc_get_int('view_state', (int) config_get('default_bug_view_status'));
$f_due_date = gpc_get_string('due_date', '');
if ($f_due_date == '') {
$f_due_date = date_get_null();
}
$t_changed_project = false;
}
$f_report_stay = gpc_get_bool('report_stay', false);
$f_copy_notes_from_parent = gpc_get_bool('copy_notes_from_parent', false);
$f_copy_attachments_from_parent = gpc_get_bool('copy_attachments_from_parent', false);
$t_fields = config_get('bug_report_page_fields');
$t_fields = columns_filter_disabled($t_fields);
$t_show_category = in_array('category_id', $t_fields);
$t_show_reproducibility = in_array('reproducibility', $t_fields);
$t_show_eta = in_array('eta', $t_fields);
$t_show_severity = in_array('severity', $t_fields);
$t_show_priority = in_array('priority', $t_fields);
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
# --------------------------------------------------------
# $Id: manage_custom_field_delete.php,v 1.17.2.1 2007-10-13 22:33:27 giallu Exp $
# --------------------------------------------------------
require_once 'core.php';
$t_core_path = config_get('core_path');
require_once $t_core_path . 'custom_field_api.php';
form_security_validate('manage_custom_field_delete');
auth_reauthenticate();
access_ensure_global_level(config_get('manage_custom_fields_threshold'));
$f_field_id = gpc_get_int('field_id');
$f_return = strip_tags(gpc_get_string('return', 'manage_custom_field_page.php'));
$t_definition = custom_field_get_definition($f_field_id);
if (0 < count(custom_field_get_project_ids($f_field_id))) {
helper_ensure_confirmed(lang_get('confirm_used_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button'));
} else {
helper_ensure_confirmed(lang_get('confirm_custom_field_deletion') . '<br/>' . lang_get('custom_field') . ': ' . string_attribute($t_definition['name']), lang_get('field_delete_button'));
}
custom_field_destroy($f_field_id);
form_security_purge('manage_custom_field_delete');
html_page_top1();
html_meta_redirect($f_return);
html_page_top2();
?>
<br />
<div align="center">
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'icon_api.php';
auth_reauthenticate();
$f_sort = gpc_get_string('sort', 'name');
$f_dir = gpc_get_string('dir', 'ASC');
if ('ASC' == $f_dir) {
$t_direction = ASCENDING;
} else {
$t_direction = DESCENDING;
}
html_page_top(lang_get('manage_projects_link'));
print_manage_menu('manage_proj_page.php');
# Project Menu Form BEGIN
?>
<br />
<table class="width100" cellspacing="1">
<tr>
<td class="form-title" colspan="5">
<?php
echo lang_get('projects_title');
<?php
# phpWebNotes - a php based note addition system
# Copyright (C) 2000-2002 Webnotes Team - webnotes-devel@sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: note_add.php,v 1.20 2003/09/13 06:59:30 vboctor Exp $
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
access_ensure_check_action(ACTION_NOTES_SUBMIT);
$f_page_id = gpc_get_int('f_page_id');
$f_note_id = gpc_get_int('f_note_id');
$f_email = stripslashes(gpc_get_string('f_email'));
$f_note = stripslashes(gpc_get_string('f_note'));
### insert note
if (0 == $f_note_id) {
$result = note_add($f_page_id, $f_email, $REMOTE_ADDR, $f_note);
if ($result !== false) {
email_note_added($result);
}
} else {
$result = note_update($f_note_id, $f_email, $f_note);
email_note_updated($f_note_id);
}
$t_page_info = page_get_info(page_where_id_equals($f_page_id));
if (false === $t_page_info) {
echo "page not found";
exit;
}
$t_url = $t_page_info['url'];
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses core.php
* @uses config_api.php
* @uses gpc_api.php
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_api('config_api.php');
require_api('gpc_api.php');
$f_type = gpc_get_string('type', 'text');
header('Content-Type: application/opensearchdescription+xml');
?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"
xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<?php
$t_path = config_get_global('path');
if (utf8_strtolower($f_type) == 'id') {
echo '<ShortName>MantisBT IssueId</ShortName>';
echo '<Description>MantisBT Issue Id</Description>';
echo '<InputEncoding>UTF-8</InputEncoding>';
} else {
echo '<ShortName>MantisBT Search</ShortName>';
echo '<Description>MantisBT Text Search</Description>';
echo '<InputEncoding>UTF-8</InputEncoding>';
}
* @uses config_api.php
* @uses event_api.php
* @uses form_api.php
* @uses gpc_api.php
* @uses print_api.php
* @uses project_api.php
*/
require_once 'core.php';
require_api('access_api.php');
require_api('authentication_api.php');
require_api('config_api.php');
require_api('event_api.php');
require_api('form_api.php');
require_api('gpc_api.php');
require_api('print_api.php');
require_api('project_api.php');
form_security_validate('manage_proj_update');
auth_reauthenticate();
$f_project_id = gpc_get_int('project_id');
$f_name = gpc_get_string('name');
$f_description = gpc_get_string('description');
$f_status = gpc_get_int('status');
$f_view_state = gpc_get_int('view_state');
$f_file_path = gpc_get_string('file_path', '');
$f_enabled = gpc_get_bool('enabled');
$f_inherit_global = gpc_get_bool('inherit_global', 0);
access_ensure_project_level(config_get('manage_project_threshold'), $f_project_id);
project_update($f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path, $f_enabled, $f_inherit_global);
event_signal('EVENT_MANAGE_PROJECT_UPDATE', array($f_project_id));
form_security_purge('manage_proj_update');
print_header_redirect('manage_proj_page.php');
