/** * Check if compression handler (ob_gzhandler) should be enabled. Note: this should not be used * as an indicator of whether output received by a client will be compressed, only whether an * output handler is used to compress output. * @return bool * @access public */ function compress_handler_is_enabled() { global $g_compress_html; // indicates compression should be disabled for a page. Note: php.ini may still enable zlib.output_compression. // it may be possible to turn this off through the use of ini_set within that specific page. if( defined( 'COMPRESSION_DISABLED' ) ) { return false; } // Dont use config_get here so only dependency is on consant.inc.php in this module // We only actively compress html if global configuration compress_html is set. if( ON == $g_compress_html ) { // both compression handlers require zlib module to be loaded if( !extension_loaded( 'zlib' ) ) { return false; } if ( ini_get( 'zlib.output_compression' ) ) { /* zlib output compression is already enabled - we can't load the gzip output handler */ return false; } // Since php 5.2.10, it's possible to set zlib.output_compression via ini_set. // This method is preferred over ob_gzhandler if( php_version_at_least( '5.2.10' ) && ini_get( 'output_handler' ) == '' && function_exists( 'ini_set' ) ) { ini_set( 'zlib.output_compression', true ); // do it transparently return false; } // if php.ini does not already use ob_gzhandler by default, return true. return ( 'ob_gzhandler' != ini_get( 'output_handler' ) ); } }
function access_denied() { if (!php_version_at_least('4.1.0')) { global $_SERVER; } if (!auth_is_user_authenticated()) { if (basename($_SERVER['SCRIPT_NAME']) != 'login_page.php') { if (!isset($_SERVER['REQUEST_URI'])) { if (!isset($_SERVER['QUERY_STRING'])) { $_SERVER['QUERY_STRING'] = ''; } $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url($_SERVER['REQUEST_URI']); print_header_redirect('login_page.php?return=' . $t_return_page); } } else { echo '<center>'; echo '<p>' . error_string(ERROR_ACCESS_DENIED) . '</p>'; print_bracket_link('main_page.php', lang_get('proceed')); echo '</center>'; } exit; }
function auth_ensure_user_authenticated($p_return_page = '') { if (!php_version_at_least('4.1.0')) { global $_SERVER; } # if logged in if (auth_is_user_authenticated()) { # check for access enabled # This also makes sure the cookie is valid if (OFF == current_user_get_field('enabled')) { print_header_redirect('logout_page.php'); } } else { # not logged in if (is_blank($p_return_page)) { if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; } $p_return_page = $_SERVER['REQUEST_URI']; } $p_return_page = string_url($p_return_page); print_header_redirect('login_page.php?return=' . $p_return_page); } }
if (ON == $g_use_iis) { header("Refresh: 0;{$t_url}"); } else { header("Location: {$t_url}"); } exit; # additional output can cause problems so let's just stop output here } # Load UTF8-capable string functions define('UTF8', $g_library_path . 'utf8'); require_lib('utf8/utf8.php'); require_lib('utf8/str_pad.php'); # Include PHP compatibility file require_api('php_api.php'); # Enforce our minimum PHP requirements if (!php_version_at_least(PHP_MIN_VERSION)) { @ob_end_clean(); echo '<strong>FATAL ERROR: Your version of PHP is too old. MantisBT requires PHP version ' . PHP_MIN_VERSION . ' or newer</strong><br />Your version of PHP is version ' . phpversion(); die; } # Ensure that output is blank so far (output at this stage generally denotes # that an error has occurred) if (($t_output = ob_get_contents()) != '') { echo 'Possible Whitespace/Error in Configuration File - Aborting. Output so far follows:<br />'; echo var_dump($t_output); die; } # Start HTML compression handler (if enabled) require_api('compress_api.php'); compress_start_handler(); # If no configuration file exists, redirect the user to the admin page so
function gpc_get_cookie($p_var_name, $p_default = null) { # simulate auto-globals from PHP v4.1.0 (see also code in php_api.php) if (!php_version_at_least('4.1.0')) { global $_COOKIE; } if (isset($_COOKIE[$p_var_name])) { $t_result = gpc_strip_slashes($_COOKIE[$p_var_name]); } else { if (func_num_args() > 1) { #check for a default passed in (allowing null) $t_result = $p_default; } else { #trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR); echo "Variable '{$p_var_name}' not found"; $t_result = null; } } return $t_result; }
function db_prepare_string($p_string) { global $g_db; $t_db_type = config_get('db_type'); switch ($t_db_type) { case 'mssql': case 'odbc_mssql': if (ini_get('magic_quotes_sybase')) { return addslashes($p_string); } else { ini_set('magic_quotes_sybase', true); $t_string = addslashes($p_string); ini_set('magic_quotes_sybase', false); return $t_string; } case 'mysql': # mysql_escape_string was deprecated in v4.3.0 if (php_version_at_least('4.3.0')) { return mysql_real_escape_string($p_string); } else { return mysql_escape_string($p_string); } # For some reason mysqli_escape_string( $p_string ) always returns an empty # string. This is happening with PHP v5.0.2. # For some reason mysqli_escape_string( $p_string ) always returns an empty # string. This is happening with PHP v5.0.2. case 'mysqli': $t_escaped = $g_db->qstr($p_string, false); return substr($t_escaped, 1, strlen($t_escaped) - 2); case 'postgres': case 'postgres64': case 'postgres7': case 'pgsql': return pg_escape_string($p_string); default: error_parameters('db_type', $t_db_type); trigger_error(ERROR_CONFIG_OPT_INVALID, ERROR); } }
function output($p_format = 'dot', $p_headers = false) { # Check if it is a recognized format. if (!isset($this->formats[$p_format])) { trigger_error(ERROR_GENERIC, ERROR); } $t_binary = $this->formats[$p_format]['binary']; $t_type = $this->formats[$p_format]['type']; $t_mime = $this->formats[$p_format]['mime']; # Send Content-Type header, if requested. if ($p_headers) { header('Content-Type: ' . $t_mime); } # Retrieve the source dot document into a buffer ob_start(); $this->generate(); $t_dot_source = ob_get_contents(); ob_end_clean(); # There are three different ways to generate the output depending # on the operating system and PHP version. if ('WIN' == substr(PHP_OS, 0, 3)) { # If we are under Windows, we use the COM interface provided # by WinGraphviz. Thanks Paul! # Issue #4625: Work around WinGraphviz bug that fails with # graphs with zero or one node. It is probably too much to # generate a graphic output just to explain it to the user, # so we just return a null content. if (count($this->nodes) <= 1) { return; } $t_graphviz = new COM($this->graphviz_com_module); # Check if we managed to instantiate the COM object. if (is_null($t_graphviz)) { # We can't display any message or trigger an error on # failure, since we may have already sent a Content-type # header potentially incompatible with the any html output. return; } if ($t_binary) { # Image formats $t_dot_output = $t_graphviz->ToBinaryGraph($t_dot_source, $t_type); if ($p_headers) { # Headers were requested, use another output buffer # to retrieve the size for Content-Length. ob_start(); echo base64_decode($t_dot_output->ToBase64String()); header('Content-Length: ' . ob_get_length()); ob_end_flush(); } else { # No need for headers, send output directly. echo base64_decode($ret->ToBase64String()); } } else { # Text formats $t_dot_output = $t_graphviz->ToTextGraph($t_dot_source, $t_type); if ($p_headers) { header('Content-Length: ' . strlen($t_dot_output)); } echo $t_dot_output; } unset($t_graphviz); } else { if (php_version_at_least('4.3.0')) { # If we are not under Windows, use proc_open whenever possible, # (PHP >= 4.3.0) since it avoids the need of temporary files. # Start dot process $t_command = $this->graphviz_tool . ' -T' . $p_format; $t_descriptors = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('file', 'php://stderr', 'w')); $t_proccess = proc_open($t_command, $t_descriptors, $t_pipes); if (is_resource($t_proccess)) { # Filter generated output through dot fwrite($t_pipes[0], $t_dot_source); fclose($t_pipes[0]); if ($p_headers) { # Headers were requested, use another output buffer to # retrieve the size for Content-Length. ob_start(); while (!feof($t_pipes[1])) { echo fgets($t_pipes[1], 1024); } header('Content-Length: ' . ob_get_length()); ob_end_flush(); } else { # No need for headers, send output directly. while (!feof($t_pipes[1])) { print fgets($t_pipes[1], 1024); } } fclose($t_pipes[1]); proc_close($t_proccess); } } else { # If proc_open is not available (PHP < 4.3.0), use passthru. # @@@ Remove this whole block once Mantis PHP requirements # @@@ becomes higher. # We need a temporary file. if (isset($_ENV['TMPDIR'])) { $t_tmpdir = $_ENV['TMPDIR']; } else { $t_tmpdir = '/tmp'; } $t_filename = tempnam($t_tmpdir, 'mantis-dot-'); register_shutdown_function('unlink', $t_filename); if ($t_file = @fopen($t_filename, 'w')) { fputs($t_file, $t_dot_source); fclose($t_file); } # Now we process it through dot or neato $t_command = $this->graphviz_tool . ' -T' . $p_format . ' ' . $t_filename; if ($p_headers) { # Headers were requested, use another output buffer to # retrieve the size for Content-Length. ob_start(); passthru($t_command); header('Content-Length: ' . ob_get_length()); ob_end_flush(); } else { # No need for headers, send output directly. passthru($t_command); } } } }
function run($p_execute, $p_limit, $p_advanced) { if (!php_version_at_least('4.1.0')) { global $_SERVER; } if ($p_execute) { # Mark this as a long process and ignore user aborts helper_begin_long_process(true); # Disable compression so we can stream compress_disable(); # Flush the output buffer @ob_end_flush(); echo '<b>Please be patient, this may take a while...</b>'; } # Form echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">'; # Execute All Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />"; # Print All Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" /><br /><br />"; if ($p_advanced) { # Execute Selected Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_selected\" value=\"Execute Selected\" />"; # Print Selected Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_selected\" value=\"Print Selected\" />"; } # Table echo '<table width="80%" bgcolor="#222222" border="0" cellpadding="10" cellspacing="1">'; echo "<tr><td bgcolor=\"#e8e8e8\" colspan=\"3\"><span class=\"title\">{$this->upgrade_name}</span></td></tr>"; # Headings echo '<tr bgcolor="#ffffff"><th width="70%">Description</th><th nowrap="nowrap">Upgrade ID</th><th width="30%">Status</th></tr>'; $t_error = false; foreach ($this->item_array as $item) { $t_state = ''; if ($item->is_applied()) { if (!$p_advanced) { continue; #next one } $t_state = 'disabled="disabled"'; $t_color = '#00ff88'; $t_message = 'Previously Applied'; } else { if (null !== $p_limit && is_array($p_limit) && !in_array($item->id, $p_limit)) { $t_color = '#ffff88'; $t_message = 'Skipped'; } else { if ($p_execute) { if ($t_error) { $t_state = 'checked="checked"'; $t_color = '#ff0088'; $t_message = 'Skipped due to previous error'; continue; # next one } if ($item->execute()) { $t_state = 'disabled="disabled"'; $t_color = '#00ff88'; $t_message = 'Applied'; } else { $t_state = 'checked="checked"'; $t_color = '#ff0088'; $t_message = 'ERROR: ' . $item->error; $t_error = true; } } else { # not applied but not executing $t_color = '#ff0088'; $t_message = 'Not Applied'; $t_state = 'checked="checked"'; } } } echo '<tr bgcolor="#ffffff"><td>'; echo $item->description; # description echo '</td>'; echo '<td nowrap="nowrap">'; if ($p_advanced) { echo "<input type=\"checkbox\" name=\"{$this->upgrade_file}_execute_list[]\" value=\"{$item->id}\" {$t_state} /> "; } echo "{$item->id}</td>"; echo "<td bgcolor=\"{$t_color}\">{$t_message}</td>"; echo '</tr>'; } echo '</table>'; # Execute All Button echo "<br /><input type=\"submit\" name=\"{$this->upgrade_file}_execute_all\" value=\"Execute All\" />"; # Print All Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_all\" value=\"Print All\" />"; if ($p_advanced) { # Execute Selected Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_execute_selected\" value=\"Execute Selected\" />"; # Print Selected Button echo "<input type=\"submit\" name=\"{$this->upgrade_file}_print_selected\" value=\"Print Selected\" />"; } }
function file_put_contents($filename, $data) { if (($h = fopen($filename, 'w')) === false) { return false; } if (($bytes = @fwrite($h, $data)) === false) { return false; } fclose($h); return $bytes; } } # -------------------- # vsprintf is normally in PEAR if (!function_exists('vsprintf')) { function vsprintf($format, $args) { array_unshift($args, $format); return call_user_func_array('sprintf', $args); } } # -------------------- # support for file upload error definitions # errors are defined in PHP 4.2.0, but the definition constants are not available # until 4.3.0 if (!php_version_at_least('4.2.999')) { define('UPLOAD_ERR_INI_SIZE', 1); define('UPLOAD_ERR_FORM_SIZE', 2); define('UPLOAD_ERR_PARTIAL', 3); define('UPLOAD_ERR_NO_FILE', 4); }
function html_login_info() { $t_username = current_user_get_field('username'); $t_access_level = get_enum_element('access_levels', current_user_get_access_level()); $t_now = date(config_get('complete_date_format')); $t_realname = current_user_get_field('realname'); print '<table class="hide">'; print '<tr>'; print '<td class="login-info-left">'; if (current_user_is_anonymous()) { if (!php_version_at_least('4.1.0')) { global $_SERVER; } $t_return_page = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $t_return_page .= '?' . $_SERVER['QUERY_STRING']; } $t_return_page = string_url($t_return_page); print lang_get('anonymous') . ' | <a href="login_page.php?return=' . $t_return_page . '">' . lang_get('login_link') . '</a>'; if (config_get('allow_signup') == ON) { print ' | <a href="signup_page.php">' . lang_get('signup_link') . '</a>'; } } else { echo lang_get('logged_in_as'), ": <span class=\"italic\">", string_display($t_username), "</span> <span class=\"small\">"; echo is_blank($t_realname) ? "({$t_access_level})" : "(", string_display($t_realname), " - {$t_access_level})"; echo "</span>"; } print '</td>'; print '<td class="login-info-middle">'; print "<span class=\"italic\">{$t_now}</span>"; print '</td>'; print '<td class="login-info-right">'; print '<form method="post" name="form_set_project" action="set_project.php">'; echo lang_get('email_project'), ': '; if (ON == config_get('use_javascript')) { print '<select name="project_id" class="small" onchange="document.forms.form_set_project.submit();">'; } else { print '<select name="project_id" class="small">'; } print_project_option_list(join(';', helper_get_current_project_trace()), true, null, true); print '</select> '; print '<input type="submit" class="button-small" value="' . lang_get('switch') . '" />'; print '</form>'; print '</td>'; print '</tr>'; print '</table>'; }
function file_add($p_bug_id, $p_tmp_file, $p_file_name, $p_file_type = '', $p_table = 'bug', $p_file_error = 0, $p_title = '', $p_desc = '') { if (php_version_at_least('4.2.0')) { switch ((int) $p_file_error) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: trigger_error(ERROR_FILE_TOO_BIG, ERROR); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); break; default: break; } } if ('' == $p_tmp_file || '' == $p_file_name) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } if (!is_readable($p_tmp_file)) { trigger_error(ERROR_UPLOAD_FAILURE, ERROR); } if (!file_type_check($p_file_name)) { trigger_error(ERROR_FILE_NOT_ALLOWED, ERROR); } if (!file_is_name_unique($p_file_name, $p_bug_id)) { trigger_error(ERROR_DUPLICATE_FILE, ERROR); } if ('bug' == $p_table) { $t_project_id = bug_get_field($p_bug_id, 'project_id'); $t_bug_id = bug_format_id($p_bug_id); } else { $t_project_id = helper_get_current_project(); $t_bug_id = 0; } # prepare variables for insertion $c_bug_id = db_prepare_int($p_bug_id); $c_project_id = db_prepare_int($t_project_id); $c_file_type = db_prepare_string($p_file_type); $c_title = db_prepare_string($p_title); $c_desc = db_prepare_string($p_desc); if ($t_project_id == ALL_PROJECTS) { $t_file_path = config_get('absolute_path_default_upload_folder'); } else { $t_file_path = project_get_field($t_project_id, 'file_path'); if ($t_file_path == '') { $t_file_path = config_get('absolute_path_default_upload_folder'); } } $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($p_file_name); $t_file_hash = 'bug' == $p_table ? $t_bug_id : config_get('document_files_prefix') . '-' . $t_project_id; $t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path); $c_disk_file_name = db_prepare_string($t_disk_file_name); $t_file_size = filesize($p_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = config_get('file_upload_method'); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) { trigger_error(FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, 0400); $c_content = ''; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = config_get('mantis_' . $p_table . '_file_table'); $c_id = 'bug' == $p_table ? $c_bug_id : $c_project_id; $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', " . db_now() . ", '{$c_content}')"; db_query($query); if ('bug' == $p_table) { # updated the last_updated date $result = bug_update_date($p_bug_id); # log new bug history_log_event_special($p_bug_id, FILE_ADDED, $p_file_name); } }
$f_description = gpc_get_string('description'); $f_file = gpc_get_file('file'); $t_project_id = file_get_field($f_file_id, 'project_id', 'project'); access_ensure_project_level(config_get('upload_project_file_threshold'), $t_project_id); if (is_blank($f_title)) { trigger_error(ERROR_EMPTY_FIELD, ERROR); } $c_file_id = db_prepare_int($f_file_id); $c_title = db_prepare_string($f_title); $c_description = db_prepare_string($f_description); $t_project_file_table = config_get('mantis_project_file_table'); #@@@ (thraxisp) this code should probably be integrated into file_api to share # methods used to store files extract($f_file, EXTR_PREFIX_ALL, 'v'); if (is_uploaded_file($v_tmp_name)) { if (php_version_at_least('4.2.0')) { switch ((int) $v_error) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: trigger_error(ERROR_FILE_TOO_BIG, ERROR); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); break; default: break; } } if ('' == $v_tmp_name || '' == $v_name) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR);
function string_html_specialchars($p_string) { if (php_version_at_least('4.1.0')) { return htmlspecialchars($p_string, ENT_COMPAT, lang_get('charset')); } else { return htmlspecialchars($p_string); } }
function error_print_stack_trace() { if (extension_loaded('xdebug')) { #check for xdebug presence $t_stack = xdebug_get_function_stack(); # reverse the array in a separate line of code so the # array_reverse() call doesn't appear in the stack $t_stack = array_reverse($t_stack); array_shift($t_stack); #remove the call to this function from the stack trace print '<center><table class="width75">'; foreach ($t_stack as $t_frame) { print '<tr ' . helper_alternate_class() . '>'; print '<td>' . string_html_entities($t_frame['file']) . '</td><td>' . $t_frame['line'] . '</td><td>' . (isset($t_frame['function']) ? $t_frame['function'] : '???') . '</td>'; $t_args = array(); if (isset($t_frame['params'])) { foreach ($t_frame['params'] as $t_value) { $t_args[] = error_build_parameter_string($t_value); } } print '<td>( ' . string_html_entities(implode($t_args, ', ')) . ' )</td></tr>'; } print '</table></center>'; } else { if (php_version_at_least('4.3')) { $t_stack = debug_backtrace(); array_shift($t_stack); #remove the call to this function from the stack trace array_shift($t_stack); #remove the call to the error handler from the stack trace print '<center><table class="width75">'; print '<tr><th>Filename</th><th>Line</th><th>Function</th><th>Args</th></tr>'; foreach ($t_stack as $t_frame) { print '<tr ' . helper_alternate_class() . '>'; print '<td>' . string_html_entities($t_frame['file']) . '</td><td>' . $t_frame['line'] . '</td><td>' . $t_frame['function'] . '</td>'; $t_args = array(); if (isset($t_frame['args'])) { foreach ($t_frame['args'] as $t_value) { $t_args[] = error_build_parameter_string($t_value); } } print '<td>( ' . string_html_entities(implode($t_args, ', ')) . ' )</td></tr>'; } print '</table></center>'; } } }
} } # if we get here, the versions must match exactly so: return true; } # -------------------- # Enforce our minimum requirements if (!php_version_at_least(PHP_MIN_VERSION)) { ob_end_clean(); echo '<strong>Your version of PHP is too old. Webnotes requires PHP version ' . PHP_MIN_VERSION . ' or newer</strong><br />'; phpinfo(); die; } ini_set('magic_quotes_runtime', 0); # Experimental support for $_* auto-global variables in PHP < 4.1.0 if (!php_version_at_least('4.1.0')) { global $_REQUEST, $_GET, $_POST, $_COOKIE, $_SERVER; $_GET = $HTTP_GET_VARS; $_POST = $HTTP_POST_VARS; $_COOKIE = $HTTP_COOKIE_VARS; $_SERVER = $HTTP_SERVER_VARS; $_REQUEST = $HTTP_COOKIE_VARS; foreach ($HTTP_POST_VARS as $key => $value) { $_REQUEST[$key] = $value; } foreach ($HTTP_GET_VARS as $key => $value) { $_REQUEST[$key] = $value; } } # @@@ Experimental # deal with register_globals being Off
function gpc_get_file($p_var_name, $p_default = null) { # simulate auto-globals from PHP v4.1.0 (see also code in php_api.php) if (!php_version_at_least('4.1.0')) { global $_FILES; } if (isset($_FILES[$p_var_name])) { # FILES are not escaped even if magic_quotes is ON, this applies to Windows paths. $t_result = $_FILES[$p_var_name]; } else { if (func_num_args() > 1) { #check for a default passed in (allowing null) $t_result = $p_default; } else { error_parameters($p_var_name); trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR); } } return $t_result; }
function plugins_releasemgt_file_add($p_tmp_file, $p_file_name, $p_file_type, $p_project_id, $p_version_id, $p_description, $p_file_error) { if (php_version_at_least('4.2.0')) { switch ((int) $p_file_error) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: trigger_error(ERROR_FILE_TOO_BIG, ERROR); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); break; default: break; } } if ('' == $p_tmp_file || '' == $p_file_name) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } if (!is_readable($p_tmp_file)) { trigger_error(ERROR_UPLOAD_FAILURE, ERROR); } if (!plugins_releasemgt_file_is_name_unique($p_file_name, $p_project_id, $p_version_id)) { trigger_error(ERROR_DUPLICATE_FILE, ERROR); } $c_version_id = db_prepare_int($p_version_id); $c_project_id = db_prepare_int($p_project_id); $c_file_type = db_prepare_string($p_file_type); $c_title = db_prepare_string($p_file_name); $c_desc = db_prepare_string($p_description); $t_file_path = dirname(plugin_config_get('disk_dir', PLUGINS_RELEASEMGT_DISK_DIR_DEFAULT) . DIRECTORY_SEPARATOR . '.') . DIRECTORY_SEPARATOR; $c_file_path = db_prepare_string($t_file_path); $c_new_file_name = db_prepare_string($p_file_name); $t_file_hash = $p_version_id . '-' . $t_project_id; $t_disk_file_name = $t_file_path . plugins_releasemgt_file_generate_unique_name($t_file_hash . '-' . $p_file_name, $t_file_path); $c_disk_file_name = db_prepare_string($t_disk_file_name); $t_file_size = filesize($p_tmp_file); if (0 == $t_file_size) { trigger_error(ERROR_FILE_NO_UPLOAD_FAILURE, ERROR); } $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); if ($t_file_size > $t_max_file_size) { trigger_error(ERROR_FILE_TOO_BIG, ERROR); } $c_file_size = db_prepare_int($t_file_size); $t_method = plugin_config_get('upload_method', PLUGINS_RELEASEMGT_UPLOAD_METHOD_DEFAULT); switch ($t_method) { case FTP: case DISK: file_ensure_valid_upload_path($t_file_path); if (!file_exists($t_disk_file_name)) { if (FTP == $t_method) { $conn_id = plugins_releasemgt_file_ftp_connect(); file_ftp_put($conn_id, $t_disk_file_name, $p_tmp_file); file_ftp_disconnect($conn_id); } if (!move_uploaded_file($p_tmp_file, $t_disk_file_name)) { trigger_error(FILE_MOVE_FAILED, ERROR); } chmod($t_disk_file_name, 0644); $c_content = ''; } else { trigger_error(ERROR_FILE_DUPLICATE, ERROR); } break; case DATABASE: $c_content = db_prepare_string(fread(fopen($p_tmp_file, 'rb'), $t_file_size)); break; default: trigger_error(ERROR_GENERIC, ERROR); } $t_file_table = plugin_table('file'); $query = "INSERT INTO {$t_file_table}\n\t\t\t\t\t\t(project_id, version_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)\n\t\t\t\t\t VALUES\n\t\t\t\t\t\t({$c_project_id}, {$c_version_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . date("Y-m-d H:i:s") . "', '{$c_content}')"; db_query($query); $t_file_id = db_insert_id(); return $t_file_id; }
function helper_ensure_confirmed($p_message, $p_button_label) { if (true == gpc_get_bool('_confirmed')) { return true; } if (!php_version_at_least('4.1.0')) { global $_POST, $_GET; } html_page_top1(); html_page_top2(); # @@@ we need to improve this formatting. I'd like the text to only # be about 50% the width of the screen so that it doesn't become to hard # to read. print "<br />\n<div align=\"center\">\n"; print_hr(); print "\n{$p_message}\n"; print '<form method="post" action="' . $_SERVER['PHP_SELF'] . "\">\n"; print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); print "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n"; print '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />'; print "\n</form>\n"; print_hr(); print "</div>\n"; html_page_bottom1(); exit; }