/** * Prints the preview of a text file attachment. * @param array $p_attachment An attachment arrray from within the array returned by the file_get_visible_attachments() function */ function print_bug_attachment_preview_text($p_attachment) { if (!$p_attachment['exists']) { return; } echo "\n<pre class=\"bug-attachment-preview-text\">"; switch (config_get('file_upload_method')) { case DISK: if (file_exists($p_attachment['diskfile'])) { $t_content = file_get_contents($p_attachment['diskfile']); } break; case FTP: if (file_exists($p_attachment['diskfile'])) { $t_content = file_get_contents($p_attachment['diskfile']); } else { $t_ftp = file_ftp_connect(); file_ftp_get($t_ftp, $p_attachment['diskfile'], $p_attachment['diskfile']); file_ftp_disconnect($t_ftp); if (file_exists($p_attachment['diskfile'])) { $t_content = file_get_contents($p_attachment['diskfile']); } } break; default: $t_bug_file_table = db_get_table('bug_file'); $c_attachment_id = db_prepare_int($p_attachment['id']); $t_query = "SELECT * FROM {$t_bug_file_table} WHERE id=" . db_param(); $t_result = db_query_bound($t_query, array($c_attachment_id)); $t_row = db_fetch_array($t_result); $t_content = $t_row['content']; } echo htmlspecialchars($t_content); echo '</pre>'; }
/** * Returns the attachment contents * * @param int $p_file_id * @param string $p_type The file type, bug or doc * @param int $p_user_id * @return string|soap_fault the string contents, or a soap_fault */ function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = db_get_table('bug_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; case 'doc': $t_project_file_table = db_get_table('project_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id='{$p_file_id}'"; break; default: return new soap_fault('Server', '', 'Invalid file type ' . $p_type . ' .'); } $result = db_query($query); if ($result->EOF) { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } $row = db_fetch_array($result); if ($p_type == 'doc') { $t_project_id = $row['project_id']; } else { if ($p_type == 'bug') { $t_bug_id = $row['bug_id']; $t_project_id = bug_get_field($t_bug_id, 'project_id'); } } $t_diskfile = file_normalize_attachment_path($row['diskfile'], $t_project_id); $t_content = $row['content']; # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($t_bug_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return mci_soap_fault_access_denied($p_user_id); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $t_project_id, $p_user_id)) { return mci_soap_fault_access_denied($p_user_id); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { return new soap_fault('Client', '', 'Unable to find an attachment with type ' . $p_type . ' and id ' . $p_file_id . ' .'); } case FTP: if (file_exists($t_diskfile)) { return mci_file_read_local($t_diskfile); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_diskfile, $t_diskfile); file_ftp_disconnect($ftp); return mci_file_read_local($t_diskfile); } default: return $t_content; } }
function print_bug_attachments_list($p_bug_id) { $t_attachments = file_get_visible_attachments($p_bug_id); $t_attachments_count = count($t_attachments); $i = 0; $image_previewed = false; foreach ($t_attachments as $t_attachment) { $t_file_display_name = string_display_line($t_attachment['display_name']); $t_filesize = number_format($t_attachment['size']); $t_date_added = date(config_get('normal_date_format'), $t_attachment['date_added']); if ($image_previewed) { $image_previewed = false; echo '<br />'; } if ($t_attachment['can_download']) { $t_href_start = '<a href="' . string_attribute($t_attachment['download_url']) . '">'; $t_href_end = '</a>'; $t_href_clicket = " [<a href=\"file_download.php?file_id={$t_attachment['id']}&type=bug\" target=\"_blank\">^</a>]"; } else { $t_href_start = ''; $t_href_end = ''; $t_href_clicket = ''; } if (!$t_attachment['exists']) { print_file_icon($t_file_display_name); echo ' <span class="strike">' . $t_file_display_name . '</span>' . lang_get('word_separator') . '(' . lang_get('attachment_missing') . ')'; } else { echo $t_href_start; print_file_icon($t_file_display_name); echo $t_href_end . ' ' . $t_href_start . $t_file_display_name . $t_href_end . $t_href_clicket . ' (' . $t_filesize . ' ' . lang_get('bytes') . ') ' . '<span class="italic">' . $t_date_added . '</span>'; } if ($t_attachment['can_delete']) { echo ' ['; print_link('bug_file_delete.php?file_id=' . $t_attachment['id'] . form_security_param('bug_file_delete'), lang_get('delete_link'), false, 'small'); echo ']'; } if ($t_attachment['exists']) { if (FTP == config_get('file_upload_method') && $t_attachment['exists']) { echo ' (' . lang_get('cached') . ')'; } if ($t_attachment['preview'] && $t_attachment['type'] == 'text') { $c_id = db_prepare_int($t_attachment['id']); $t_bug_file_table = db_get_table('mantis_bug_file_table'); echo "<script type=\"text/javascript\" language=\"JavaScript\">\n<!--\nfunction swap_content( span ) {\ndisplayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none';\ndocument.getElementById( span ).style.display = displayType;\n}\n\n -->\n </script>"; echo " <span id=\"hideSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('show_content') . "</a>]</span>"; echo " <span style='display:none' id=\"showSection_{$c_id}\">[<a class=\"small\" href='#' id='attmlink_" . $c_id . "' onclick='swap_content(\"hideSection_" . $c_id . "\");swap_content(\"showSection_" . $c_id . "\");return false;'>" . lang_get('hide_content') . "</a>]"; echo "<pre>"; /** @todo Refactor into a method that gets contents for download / preview. */ switch (config_get('file_upload_method')) { case DISK: if ($t_attachment['exists']) { $v_content = file_get_contents($t_attachment['diskfile']); } break; case FTP: if (file_exists($t_attachment['exists'])) { file_get_contents($t_attachment['diskfile']); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_attachment['diskfile'], $t_attachment['diskfile']); file_ftp_disconnect($ftp); $v_content = file_get_contents($t_attachment['diskfile']); } break; default: $query = "SELECT *\n\t \t\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\t \t\t\tWHERE id=" . db_param(); $result = db_query_bound($query, array($c_id)); $row = db_fetch_array($result); $v_content = $row['content']; } echo htmlspecialchars($v_content); echo "</pre></span>\n"; } if ($t_attachment['can_download'] && $t_attachment['preview'] && $t_attachment['type'] == 'image') { $t_preview_style = 'border: 0;'; $t_max_width = config_get('preview_max_width'); if ($t_max_width > 0) { $t_preview_style .= ' max-width:' . $t_max_width . 'px;'; } $t_max_height = config_get('preview_max_height'); if ($t_max_height > 0) { $t_preview_style .= ' max-height:' . $t_max_height . 'px;'; } $t_preview_style = 'style="' . $t_preview_style . '"'; $t_title = file_get_field($t_attachment['id'], 'title'); $t_image_url = $t_attachment['download_url'] . '&show_inline=1' . form_security_param('file_show_inline'); echo "\n<br />{$t_href_start}<img alt=\"{$t_title}\" {$t_preview_style} src=\"{$t_image_url}\" />{$t_href_end}"; $image_previewed = true; } } if ($i != $t_attachments_count - 1) { echo "<br />\n"; $i++; } } }
# prepare variables for insertion $c_file_name = db_prepare_string($v_name); $c_file_type = db_prepare_string($v_type); $t_file_size = filesize($v_tmp_name); $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_delete($conn_id, $t_disk_file_name); file_ftp_put($conn_id, $t_disk_file_name, $v_tmp_name); file_ftp_disconnect($conn_id); } if (file_exists($t_disk_file_name)) { file_delete_local($t_disk_file_name); } if (!move_uploaded_file($v_tmp_name, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = ''; break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($v_tmp_name, 'rb'), $v_size));
# command when IE is used over HTTPS. global $g_allow_file_cache; if (isset($_SERVER["HTTPS"]) && "on" == $_SERVER["HTTPS"] && preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) { # Suppress "Pragma: no-cache" header. } else { if (!isset($g_allow_file_cache)) { header('Pragma: no-cache'); } } header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', time())); # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($v_diskfile)) { readfile($v_diskfile); } break; case FTP: if (file_exists($v_diskfile)) { readfile($v_diskfile); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $v_diskfile, $v_diskfile); file_ftp_disconnect($ftp); readfile($v_diskfile); } break; default: echo $v_content; } exit;
/** * Add a file to the system using the configured storage method * * @param integer $p_bug_id the bug id * @param array $p_file the uploaded file info, as retrieved from gpc_get_file() */ function file_add($p_bug_id, $p_file, $p_table = 'bug', $p_title = '', $p_desc = '', $p_user_id = null) { file_ensure_uploaded($p_file); $t_file_name = $p_file['name']; $t_tmp_file = $p_file['tmp_name']; if (!file_type_check($t_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($t_file_name, $p_bug_id)) { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_bug_id = 0; } if ($p_user_id === null) { $c_user_id = auth_get_current_user_id(); } else { $c_user_id = (int) $p_user_id; } # prepare variables for insertion $c_bug_id = db_prepare_int($p_bug_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file['type']); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if (is_blank($t_file_path)) { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($t_file_name); $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id; $t_unique_name = file_generate_unique_name($t_file_hash . '-' . $t_file_name, $t_file_path); $t_disk_file_name = $t_file_path . $t_unique_name; $c_unique_name = db_prepare_string($t_unique_name); $t_file_size = filesize($t_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $t_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($t_tmp_file, $t_disk_file_name)) { trigger_error(ERROR_FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, config_get('attachments_file_permissions')); $c_content = "''"; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_binary_string(fread(fopen($t_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = db_get_table('mantis_' . $p_table . '_file_table'); $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_unique_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})"; db_query($query); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, FILE_ADDED, $t_file_name); } }
/** * Get file content * * @param int $p_file_id file id * @param string $p_type file type (either 'bug' or 'doc') * @return array|bool array containing file type and content or false on failure to retrieve file */ function file_get_content($p_file_id, $p_type = 'bug') { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = db_get_table('bug_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_bug_file_table}\n\t\t\t\tWHERE id=" . db_param(); break; case 'doc': $t_project_file_table = db_get_table('project_file'); $query = "SELECT *\n\t\t\t\tFROM {$t_project_file_table}\n\t\t\t\tWHERE id=" . db_param(); break; default: return false; } $result = db_query_bound($query, array($p_file_id)); $row = db_fetch_array($result); if ($f_type == 'bug') { $t_project_id = bug_get_field($row['bug_id'], 'project_id'); } else { $t_project_id = $row['bug_id']; } # If finfo is available (always true for PHP >= 5.3.0) we can use it to determine the MIME type of files $finfo_available = false; if (class_exists('finfo')) { $t_info_file = config_get('fileinfo_magic_db_file'); if (is_blank($t_info_file)) { $finfo = new finfo(FILEINFO_MIME); } else { $finfo = new finfo(FILEINFO_MIME, $t_info_file); } if ($finfo) { $finfo_available = true; } } $t_content_type = $row['file_type']; switch (config_get('file_upload_method')) { case DISK: $t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id); if (file_exists($t_local_disk_file)) { if ($finfo_available) { $t_file_info_type = $finfo->file($t_local_disk_file); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file)); } break; case FTP: $t_local_disk_file = file_normalize_attachment_path($row['diskfile'], $t_project_id); if (!file_exists($t_local_disk_file)) { $ftp = file_ftp_connect(); file_ftp_get($ftp, $t_local_disk_file, $row['diskfile']); file_ftp_disconnect($ftp); } if ($finfo_available) { $t_file_info_type = $finfo->file($t_local_disk_file); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => file_get_contents($t_local_disk_file)); break; default: if ($finfo_available) { $t_file_info_type = $finfo->buffer($row['content']); if ($t_file_info_type !== false) { $t_content_type = $t_file_info_type; } } return array('type' => $t_content_type, 'content' => $row['content']); break; } }
function mci_file_get($p_file_id, $p_type, $p_user_id) { # we handle the case where the file is attached to a bug # or attached to a project as a project doc. $query = ''; switch ($p_type) { case 'bug': $t_bug_file_table = config_get('mantis_bug_file_table'); $query = "SELECT *\r\n\t\t\t\t\tFROM {$t_bug_file_table}\r\n\t\t\t\t\tWHERE id='{$p_file_id}'"; break; case 'doc': $t_project_file_table = config_get('mantis_project_file_table'); $query = "SELECT *\r\n\t\t\t\t\tFROM {$t_project_file_table}\r\n\t\t\t\t\tWHERE id='{$p_file_id}'"; break; default: return new soap_fault('Client', '', 'Access Denied'); } $result = db_query($query); $row = db_fetch_array($result); extract($row, EXTR_PREFIX_ALL, 'v'); # Check access rights switch ($p_type) { case 'bug': if (!mci_file_can_download_bug_attachments($v_bug_id, $p_user_id)) { return new soap_fault('Client', '', 'Access Denied'); } break; case 'doc': # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation')) { return new soap_fault('Client', '', 'Access Denied'); } if (!access_has_project_level(config_get('view_proj_doc_threshold'), $v_project_id, $p_user_id)) { return new soap_fault('Client', '', 'Access Denied'); } break; } # dump file content to the connection. switch (config_get('file_upload_method')) { case DISK: if (file_exists($v_diskfile)) { return base64_encode(mci_file_read_local($v_diskfile)); } else { return null; } case FTP: if (file_exists($v_diskfile)) { return base64_encode(mci_file_read_local($v_diskfile)); } else { $ftp = file_ftp_connect(); file_ftp_get($ftp, $v_diskfile, $v_diskfile); file_ftp_disconnect($ftp); return base64_encode(mci_file_read_local($v_diskfile)); } default: return base64_encode($v_content); } }