/** * Upload files for a comment or a task * @param integer $task_id * @param integer $comment_id if it is 0, the files will be attached to the task itself * @param string $source name of the file input * @access public * @return bool * @version 1.0 */ public static function upload_files($task_id, $comment_id = 0, $source = 'userfile') { global $db, $notify, $conf, $user; $task = Flyspray::GetTaskDetails($task_id); if (!$user->perms('create_attachments', $task['project_id'])) { return false; } $res = false; if (!isset($_FILES[$source]['error'])) { return false; } foreach ($_FILES[$source]['error'] as $key => $error) { if ($error != UPLOAD_ERR_OK) { continue; } $fname = substr($task_id . '_' . md5(uniqid(mt_rand(), true)), 0, 30); $path = BASEDIR . '/attachments/' . $fname; $tmp_name = $_FILES[$source]['tmp_name'][$key]; // Then move the uploaded file and remove exe permissions if (!@move_uploaded_file($tmp_name, $path)) { //upload failed. continue continue; } @chmod($path, 0644); $res = true; // Use a different MIME type $fileparts = explode('.', $_FILES[$source]['name'][$key]); $extension = end($fileparts); if (isset($conf['attachments'][$extension])) { $_FILES[$source]['type'][$key] = $conf['attachments'][$extension]; //actually, try really hard to get the real filetype, not what the browser reports. } elseif ($type = Flyspray::check_mime_type($path)) { $_FILES[$source]['type'][$key] = $type; } // we can try even more, however, far too much code is needed. $db->Query("INSERT INTO {attachments}\n ( task_id, comment_id, file_name,\n file_type, file_size, orig_name,\n added_by, date_added)\n VALUES (?, ?, ?, ?, ?, ?, ?, ?)", array($task_id, $comment_id, $fname, $_FILES[$source]['type'][$key], $_FILES[$source]['size'][$key], $_FILES[$source]['name'][$key], $user->id, time())); // Fetch the attachment id for the history log /* $result = $db->Query('SELECT attachment_id FROM {attachments} WHERE task_id = ? ORDER BY attachment_id DESC', array($task_id), 1); Flyspray::logEvent($task_id, 7, $db->fetchOne($result), $_FILES[$source]['name'][$key]); */ $attid = $db->Insert_ID(); Flyspray::logEvent($task_id, 7, $attid, $_FILES[$source]['name'][$key]); } return $res; }
/** * Upload files for a comment or a task * @param integer $task_id * @param integer $comment_id if it is 0, the files will be attached to the task itself * @param string $source name of the file input * @access public * @return bool * @version 1.0 */ function upload_files($task_id, $comment_id = 0, $source = 'userfile') { global $db, $conf, $user; $task = Flyspray::GetTaskDetails($task_id); if (!$user->perms('create_attachments', $task['project_id'])) { return false; } $res = false; if (!isset($_FILES[$source]['error'])) { return false; } $attachstmt = $db->x->autoPrepare('{attachments}', array('task_id', 'comment_id', 'file_name', 'file_type', 'file_size', 'orig_name', 'added_by', 'date_added')); foreach ($_FILES[$source]['error'] as $key => $error) { if ($error != UPLOAD_ERR_OK) { continue; } $fname = md5(uniqid(mt_rand(), true)); $path = FS_ATTACHMENTS_DIR . DIRECTORY_SEPARATOR . $fname; $tmp_name = $_FILES[$source]['tmp_name'][$key]; // Then move the uploaded file and remove exe permissions if (!move_uploaded_file($tmp_name, $path)) { return false; } @chmod($path, 0644); $res = true; // Use a different MIME type $fileparts = explode('.', $_FILES[$source]['name'][$key]); $extension = end($fileparts); if (isset($conf['attachments'][$extension])) { $_FILES[$source]['type'][$key] = $conf['attachments'][$extension]; //actually, try really hard to get the real filetype, not what the browser reports. } elseif ($type = Flyspray::check_mime_type($path)) { $_FILES[$source]['type'][$key] = $type; } // we can try even more, however, far too much code is needed. $attachstmt->execute(array($task_id, $comment_id, $fname, $_FILES[$source]['type'][$key], $_FILES[$source]['size'][$key], $_FILES[$source]['name'][$key], $user->id, time())); // Fetch the attachment id for the history log $aid = $db->lastInsertID(); Flyspray::logEvent($task_id, 7, $aid, $_FILES[$source]['name'][$key]); } $attachstmt->free(); // [RED] Update attachment count $atts = $db->x->GetOne('SELECT count(*) FROM {attachments} WHERE task_id = ?', null, $task['task_id']); $db->x->execParam('UPDATE {redundant} SET attachment_count = ? WHERE task_id = ?', array($atts, $task['task_id'])); return $res; }