function smarty_modifier_spam_protect($text, $value)
{
# defined in mt.php itself
if (isset($value) && $value) {
return spam_protect($text);
} else {
return $text;
}
}
function smarty_function_mtcommentauthorlink($args, &$ctx)
{
$mt = MT::get_instance();
$comment = $ctx->stash('comment');
$name = $comment->comment_author;
if (!$name && isset($args['default_name'])) {
$name = $args['default_name'];
}
$name or $name = $mt->translate("Anonymous");
require_once "MTUtil.php";
$name = encode_html($name);
$email = $comment->comment_email;
$url = $comment->comment_url;
if (isset($args['show_email'])) {
$show_email = $args['show_email'];
} else {
$show_email = 0;
}
if (isset($args['show_url'])) {
$show_url = $args['show_url'];
} else {
$show_url = 1;
}
$target = isset($args['new_window']) && $args['new_window'] ? ' target="_blank"' : '';
_comment_follow($args, $ctx);
$cmntr = $ctx->stash('commenter');
if (!isset($cmntr) && isset($comment->comment_commenter_id)) {
$cmntr = $comment->commenter();
}
if ($cmntr) {
$name = isset($cmntr->author_nickname) ? encode_html($cmntr->author_nickname) : $name;
if ($cmntr->author_url) {
return sprintf('<a title="%s" href="%s"%s>%s</a>', encode_html($cmntr->author_url), encode_html($cmntr->author_url), $target, $name);
}
return $name;
} elseif ($show_url && $url) {
require_once "function.mtcgipath.php";
$cgi_path = smarty_function_mtcgipath($args, $ctx);
$comment_script = $ctx->mt->config('CommentScript');
$name = strip_tags($name);
$url = encode_html(strip_tags($url));
if ($comment->comment_id && (!isset($args['no_redirect']) || isset($args['no_redirect']) && !$args['no_redirect']) && (!isset($args['nofollowfy']) || isset($args['nofollowfy']) && !$args['nofollowfy'])) {
return sprintf('<a title="%s" href="%s%s?__mode=red;id=%d"%s>%s</a>', $url, $cgi_path, $comment_script, $comment->comment_id, $target, $name);
} else {
return sprintf('<a title="%s" href="%s"%s>%s</a>', $url, $url, $target, $name);
}
} elseif ($show_email && $email && is_valid_email($email)) {
$email = encode_html(strip_tags($email));
$str = 'mailto:' . $email;
if ($args['spam_protect']) {
$str = spam_protect($str);
}
return sprintf('<a href="%s">%s</a>', $str, $name);
}
return $name;
}
function smarty_function_mtcommentemail($args, &$ctx)
{
$comment = $ctx->stash('comment');
$email = $comment->comment_email;
$email = strip_tags($email);
if (!preg_match('/@/', $email)) {
return '';
}
return isset($args['spam_protect']) && $args['spam_protect'] ? spam_protect($email) : $email;
}
function smarty_function_mtentryauthoremail($args, &$ctx)
{
// status: incomplete
// parameters: spam_protect
$entry = $ctx->stash('entry');
if (isset($args['spam_protect']) && $args['spam_protect']) {
return spam_protect($entry->author()->email);
} else {
return $entry->author()->email;
}
}
function smarty_function_mtentryauthorlink($args, &$ctx)
{
$entry = $ctx->stash('entry');
if (!$entry) {
return '';
}
$type = $args['type'];
$displayname = encode_html($entry->author()->nickname);
if (isset($args['show_email'])) {
$show_email = $args['show_email'];
} else {
$show_email = 0;
}
if (isset($args['show_url'])) {
$show_url = $args['show_url'];
} else {
$show_url = 1;
}
require_once "MTUtil.php";
# Open the link in a new window if requested (with new_window="1").
$target = $args['new_window'] ? ' target="_blank"' : '';
if (!$type) {
if ($show_url && $entry->author()->url && $displayname != '') {
$type = 'url';
} elseif ($show_email && $entry->author()->email && $displayname != '') {
$type = 'email';
}
}
if ($type == 'url') {
if ($entry->author()->url && $displayname != '') {
return sprintf('<a href="%s"%s>%s</a>', encode_html($entry->author()->url), $target, $displayname);
}
} elseif ($type == 'email') {
if ($entry->author()->email && $displayname != '') {
$str = "mailto:" . encode_html($entry->author()->email);
if ($args['spam_protect']) {
$str = spam_protect($str);
}
return sprintf('<a href="%s">%s</a>', $str, $displayname);
}
} elseif ($type == 'archive') {
require_once "function.mtarchivelink.php";
$link = smarty_function_mtarchivelink(array('type' => 'Author'), $ctx);
if ($link) {
return sprintf('<a href="%s"%s>%s</a>', $link, $target, $displayname);
}
}
return $displayname;
}
function format_author($a, $charset)
{
$a = recode_header($a, $charset);
if (preg_match("/^\\s*(.+)\\s+\\(\"?(.+?)\"?\\)\\s*\$/", $a, $ar)) {
return "<a href=\"mailto:" . htmlspecialchars(urlencode(spam_protect($ar[1])), ENT_QUOTES, "UTF-8") . "\" class=\"email fn n\">" . str_replace(" ", " ", htmlspecialchars($ar[2], ENT_QUOTES, "UTF-8")) . "</a>";
}
if (preg_match("/^\\s*\"?(.+?)\"?\\s*<(.+)>\\s*\$/", $a, $ar)) {
return "<a href=\"mailto:" . htmlspecialchars(urlencode(spam_protect($ar[2])), ENT_QUOTES, "UTF-8") . "\" class=\"email fn n\">" . str_replace(" ", " ", htmlspecialchars($ar[1], ENT_QUOTES, "UTF-8")) . "</a>";
}
if (strpos("@", $a) !== false) {
$a = spam_protect($a);
return "<a href=\"mailto:" . htmlspecialchars(urlencode($a), ENT_QUOTES, "UTF-8") . "\" class=\"email fn n\">" . htmlspecialchars($a, ENT_QUOTES, "UTF-8") . "</a>";
}
return str_replace(" ", " ", htmlspecialchars($a, ENT_QUOTES, "UTF-8"));
}
/**
* Produces a string containing the bug's prior comments
*
* @param int $bug_id the bug's id number
* @param int $all should all existing comments be returned?
*
* @return string the comments
*/
function get_old_comments($bug_id, $all = 0)
{
global $dbh, $site_method, $site_url, $basedir;
$divider = str_repeat('-', 72);
$max_message_length = 10 * 1024;
$max_comments = 5;
$output = '';
$count = 0;
$res = $dbh->prepare("\n\t\tSELECT ts, email, comment\n\t\tFROM bugdb_comments\n\t\tWHERE bug = ? AND comment_type != 'log'\n\t\tORDER BY ts DESC\n\t")->execute(array($bug_id));
// skip the most recent unless the caller wanted all comments
if (!$all) {
$row = $res->fetchRow(MDB2_FETCHMODE_ORDERED);
if (!$row) {
return '';
}
}
while (($row = $res->fetchRow(MDB2_FETCHMODE_ORDERED)) && strlen($output) < $max_message_length && $count++ < $max_comments) {
$email = spam_protect($row[1], 'text');
$output .= "[{$row[0]}] {$email}\n\n{$row[2]}\n\n{$divider}\n";
}
if (strlen($output) < $max_message_length && $count < $max_comments) {
$res = $dbh->prepare("SELECT ts1, email, ldesc FROM bugdb WHERE id = ?")->execute(array($bug_id));
if (!$res) {
return $output;
}
$row = $res->fetchRow(MDB2_FETCHMODE_ORDERED);
if (!$row) {
return $output;
}
$email = spam_protect($row[1], 'text');
return "\n\nPrevious Comments:\n{$divider}\n{$output}[{$row[0]}] {$email}\n\n{$row[2]}\n\n{$divider}\n\n";
} else {
return "\n\nPrevious Comments:\n{$divider}\n{$output}\n\nThe remainder of the comments for this report are too long. To view\nthe rest of the comments, please view the bug report online at\n\n {$site_method}://{$site_url}{$basedir}/bug.php?id={$bug_id}\n";
}
return '';
}
?>
revision <a href="patch-display.php?bug_id=<?php
echo $bug_id;
?>
&patch=<?php
echo urlencode($pname);
?>
&revision=<?php
echo $rev[0];
?>
&display=1"><?php
echo format_date($rev[0]);
?>
</a>
by <?php
echo spam_protect($rev[1]);
?>
</a><br />
<?php
}
//foreach ($revs as $rev);
?>
</td>
</tr>
<?php
}
?>
</table>
</div>
<?php
}
} else {
$mailfrom = $_POST['in']['handle'];
}
$report = <<<REPORT
From: {$mailfrom}
Operating system: {$_POST['in']['php_os']}
PHP version: {$_POST['in']['php_version']}
Package: {$package_name}
Bug Type: {$_POST['in']['bug_type']}
Bug description:
REPORT;
$ascii_report = "{$report}{$_POST['in']['sdesc']}\n\n" . wordwrap($fdesc, 72);
$ascii_report .= "\n-- \nEdit bug report at ";
$ascii_report .= "{$site_method}://{$site_url}{$basedir}/bug.php?id={$cid}&edit=";
list($mailto, $mailfrom, $bcc, $params) = get_package_mail($package_name, false, $_POST['in']['bug_type']);
$protected_email = '"' . spam_protect($_POST['in']['email'], 'text') . '"' . "<{$mailfrom}>";
$extra_headers = "From: {$protected_email}\n";
$extra_headers .= "X-PHP-BugTracker: {$siteBig}bug\n";
$extra_headers .= "X-PHP-Bug: {$cid}\n";
$extra_headers .= "X-PHP-Type: {$_POST['in']['bug_type']}\n";
$extra_headers .= "X-PHP-Version: {$_POST['in']['php_version']}\n";
$extra_headers .= "X-PHP-Category: {$package_name}\n";
$extra_headers .= "X-PHP-OS: {$_POST['in']['php_os']}\n";
$extra_headers .= "X-PHP-Status: Open\n";
$extra_headers .= "Message-ID: <bug-{$cid}@{$site_url}>";
if (isset($bug_types[$_POST['in']['bug_type']])) {
$type = $bug_types[$_POST['in']['bug_type']];
} else {
$type = 'unknown';
}
$project = !empty($_GET['project']) ? $_GET['project'] : false;
function output_note($com_id, $ts, $email, $comment, $comment_type, $comment_name, $is_hidden = false)
{
global $edit, $bug_id, $dbh, $is_trusted_developer, $logged_in;
$display = !$is_hidden ? '' : 'style="display:none;"';
echo "<div class='comment type_{$comment_type}' {$display}>";
echo '<a name="', urlencode($ts), '"> </a>';
echo "<strong>[", format_date($ts), "] ";
echo link_to_people($email, spam_protect(htmlspecialchars($email))), "</strong>\n";
switch ($comment_type) {
case 'log':
echo "<div class='log_note'>{$comment}</div>";
break;
default:
// Delete comment action only for trusted developers
echo $edit == 1 && $com_id !== 0 && $is_trusted_developer ? "<a href='bug.php?id={$bug_id}&edit=1&delete_comment={$com_id}'>[delete]</a>\n" : '';
$comment = make_ticket_links(addlinks($comment));
echo "<pre class='note'>{$comment}\n</pre>\n";
}
echo '</div>';
}
$desc .= date(DATE_ATOM, $row['submitted']) . "\n";
$desc .= "PHP: {$row['php_version']}, OS: {$row['php_os']}\n\n";
$desc .= $row['ldesc'];
$desc = '<pre>' . clean($desc) . '</pre>';
echo "\t <rdf:li rdf:resource=\"{$site_method}://{$site_url}{$basedir}/{$row['id']}\" />\n";
$items .= " <item rdf:about=\"{$site_method}://{$site_url}{$basedir}/{$row['id']}\">\n";
$items .= ' <title>' . clean("{$row['bug_type']} {$row['id']} [{$row['status']}] {$row['sdesc']}") . "</title>\n";
$items .= "\t<link>{$site_method}://{$site_url}{$basedir}/{$row['id']}</link>\n";
$items .= ' <content:encoded><![CDATA[' . $desc . "]]></content:encoded>\n";
$items .= ' <description><![CDATA[' . $desc . "]]></description>\n";
if (!$row['unchanged']) {
$items .= ' <dc:date>' . date(DATE_ATOM, $row['submitted']) . "</dc:date>\n";
} else {
$items .= ' <dc:date>' . date(DATE_ATOM, $row['modified']) . "</dc:date>\n";
}
$items .= ' <dc:creator>' . clean(spam_protect($row['email'])) . "</dc:creator>\n";
$items .= ' <dc:subject>' . clean($row['package_name']) . ' ' . clean($row['bug_type']) . "</dc:subject>\n";
$items .= " </item>\n";
}
} else {
$warnings[] = "No bugs matched your criteria";
}
echo <<<DATA
\t </rdf:Seq>
\t</items>
</channel>
<image rdf:about="{$site_method}://{$site_url}{$basedir}/images/{$site}-logo.gif">
\t<title>{$siteBig} Bugs</title>
\t<url>{$site_method}://{$site_url}{$basedir}/images/{$site}-logo.gif</url>
\t<link>{$site_method}://{$site_url}{$basedir}</link>
// Run the query
$row = $dbh->prepare($query)->execute()->fetchRow(MDB2_FETCHMODE_ASSOC);
if (is_null($row)) {
$errors[] = "Invalid bug id provided: #{$bug_id}";
} else {
if (empty($row['passwd'])) {
$errors[] = "No password found for #{$bug_id} bug report, sorry.";
} else {
$new_passwd = bugs_gen_passwd();
$dbh->prepare('UPDATE bugdb
SET passwd = ?
WHERE id = ?
')->execute(array(bugs_get_hash($new_passwd), $bug_id));
$resp = bugs_mail($row['email'], "Password for {$siteBig} bug report #{$bug_id}", "The password for {$siteBig} bug report #{$bug_id} has been set to: {$new_passwd}", 'From: noreply@php.net');
if ($resp) {
$success = "The password for bug report #{$bug_id} has been sent to " . spam_protect($row['email'], 'text');
} else {
$errors[] = 'Sorry. Mail can not be sent at this time, please try again later.';
}
}
}
}
}
response_header('Bug Report Password Finder');
echo "<h1>Bug Report Password Finder</h1>\n";
display_bug_error($errors);
if ($success) {
display_bug_success($success);
}
$captcha = $numeralCaptcha->getOperation();
$_SESSION['answer'] = $numeralCaptcha->getAnswer();
$rating_info = get_rating($row['score'], $row['votes']);
if (!is_admin() && $row['submitter'] != is_user()) {
update_views($global_id);
}
//$modheader .= '<link rel="stylesheet" type="text/css" href="modules/'.$module_name.'/include/style.css" />';
$pagetitle .= $module_title . ' ' . _BC_DELIM . ' ' . $row['title'];
if ($row['img_url']) {
if (ereg('://', $row['img_url'])) {
$row['img_url'] .= '" width="' . $dl_config['dimension_thumb'];
} else {
$row['img_url'] = dl_thumbimage($row['img_url']);
}
}
$can_dl = can_download($row['active'], $row['access']);
//$submitter_count = $db->sql_count($dl_prefix.'_downloads', "submitter='".Fix_Quotes($row['submitter'])."'")-1;
$cpgtpl->assign_vars(array('L_SUBMITTEDBY' => _DLP_SUBMITTEDBY, 'L_AUTHORNAME' => _AUTHORNAME, 'L_AUTHOREMAIL' => _AUTHOREMAIL, 'L_PUBLISHED' => _DLP_PUBLISHED, 'L_UPDATED' => _DLP_UPDATED, 'L_DESCRIPTION' => _DESCRIPTION, 'L_CATEGORY' => _CATEGORY, 'L_RATING' => _RATING, 'L_VOTES' => _VOTES, 'L_DOWNLOADS' => _DOWNLOADS, 'L_ACTIVE' => _ACTIVE, 'L_EDIT' => _EDIT, 'L_DELETE' => _DELETE, 'L_ISDLOWNER' => sprintf(_DLP_ISDLOWNER, URL::index('&file=manage&edit=' . $global_id)), 'L_MIRSUB' => sprintf(_DLP_MIRSUB, URL::index('&file=manage&mirrors=' . $global_id)), 'L_EDNOTE' => _DLP_EDNOTE, 'L_MEMREVIEWS' => _DLP_MEMREVIEWS, 'L_PENDREVIEWS' => _DLP_PENDREVIEWS, 'L_BY' => _BY, 'L_ON' => _ON, 'L_PAGE' => _DLP_PAGE, 'L_VIEWALLSCREENS' => _DLP_VIEWALLSCREENS, 'L_POPULARITY' => _POPULARITY, 'L_PAGEVIEWS' => _DLP_PAGEVIEWS, 'L_ADMINTOOLS' => _ADMINISTRATION, 'L_EDPICK' => _DLP_EDPICK, 'DL_MENU' => dl_detail_menu($global_id, $row['title'], $row['pick'], $row['active'], 1), 'DL_CATEGORY' => DL_Cat::breadcrumb($row['cid']), 'DL_SUBMITTER' => is_numeric($row['submitter']) ? '<a href="' . URL::index('&file=search&sa=' . $row['submitter']) . '">' . $row['username'] . '</a>' : $row['submitter'], 'DL_AUTHORNAME' => $row['name'], 'DL_AUTHOREMAIL' => $row['email'] ? spam_protect($row['email']) : false, 'DL_PUBLISHED' => generate_date($row['date']), 'DL_PUBLISHTYPE' => mark_date($row['date'], 3, 1, 'right'), 'DL_UPDATED' => $row['updated'] > $row['date'] ? generate_date($row['updated']) : false, 'DL_UPDATE_TYPE' => $row['updated'] > $row['date'] ? mark_date($row['updated'], 3, 2, 'right') : false, 'DL_DESCRIPTION' => nl2br($row['desc_short']) . (!empty($row['desc_long']) ? decode_bbcode("\n\n" . $row['desc_long'], true) : ''), 'DL_NOTES' => decode_bbcode($row['notes']), 'DL_REVIEWS_ACTIVE' => $dl_config['r_active'], 'IMG_DL_RATING' => $rating_info['image'], 'DL_VOTES' => intval($row['votes']), 'DL_POPULARITY' => popularity($global_id), 'DL_HITS' => intval($row['hits']), 'DL_VIEWS' => intval($row['views']), 'DL_SUB_MIRRORS' => $dl_config['pub_mirror'], 'U_DL_SCREENSHOT' => URL::index('&screen=' . $row['screen']), 'IMG_DL_SCREENSHOT' => $row['img_url'], 'B_DL_ADMIN' => can_admin($module_name), 'DL_IS_OWNER' => $row['submitter'] == $userinfo['user_id'], 'U_DL_DELETE' => URL::admin('&del_dl=' . $global_id), 'U_DL_EDIT' => URL::index('&file=manage&edit=' . $global_id), 'U_DL_MIRSUB' => URL::index('&file=manage&mirrors=' . $global_id), 'U_DL_MIRROR' => URL::index('&mirror=' . $global_id), 'U_DL_MIRRORS' => URL::index('&get=' . $global_id), 'U_DL_ACTIVE' => URL::admin('&active=' . $global_id), 'U_DL_PICK' => URL::admin('&pick=' . $global_id), 'IMG_DL_MIRRORS' => dl_image($can_dl ? 'download.png' : 'register.png'), 'IMG_DL_ACTIVE' => dl_image($row['active'] == 1 ? 'checked.png' : 'unchecked.png'), 'IMG_DL_PICK' => dl_image($row['pick'] ? 'checked.png' : 'unchecked.png'), 'S_DL_ACTIVE' => $row['active'] == 1 ? _YES : _NO, 'S_DL_PICK' => $row['pick'] ? _YES : _NO, 'S_DL_MIRRORS' => $can_dl ? _DLP_DLNOW : _DLP_NADL));
$result = $db->sql_query("SELECT field, title, type FROM " . $dl_prefix . "_fields \n\tWHERE type!=3 AND visible > 0");
if ($db->sql_numrows($result)) {
while ($row2 = $db->sql_fetchrow($result)) {
if ($row2['type'] == 1) {
$row[$row2['field']] = $row[$row2['field']] ? _YES : _NO;
}
if ($row[$row2['field']]) {
$row2['title'] = defined($row2['title']) ? constant($row2['title']) : $row2['title'];
if ($row2['field'] == 'homepage' && $row[$row2['field']]) {
$row[$row2['field']] = '<a href="' . $row[$row2['field']] . '" target="_blank">' . shrink_url($row[$row2['field']]) . '</a>';
}
$cpgtpl->assign_block_vars('dl_field', array('TITLE' => $row2['title'], 'VALUE' => $row[$row2['field']]));
}
}
}
$cve_id = !empty($_GET['cve_id']) ? $_GET['cve_id'] : '';
$cve_id_not = !empty($_GET['cve_id_not']) ? 'not' : '';
$patch = !empty($_GET['patch']) ? $_GET['patch'] : '';
$pull = !empty($_GET['pull']) ? $_GET['pull'] : '';
$private = !empty($_GET['private']) ? $_GET['private'] : '';
$begin = (int) (!empty($_GET['begin']) && $_GET['begin'] > 0 ? $_GET['begin'] : 0);
$limit = defined('MAX_BUGS_RETURN') ? MAX_BUGS_RETURN : 30;
$project = !empty($_GET['project']) && $_GET['project'] != 'All' ? $_GET['project'] : '';
if (!empty($_GET['limit'])) {
$limit = $_GET['limit'] == 'All' ? 'All' : ($_GET['limit'] > 0 ? (int) $_GET['limit'] : $limit);
}
$direction = !empty($_GET['direction']) && $_GET['direction'] != 'DESC' ? 'ASC' : 'DESC';
$order_by = !empty($_GET['order_by']) && array_key_exists($_GET['order_by'], $order_options) ? $_GET['order_by'] : '';
$reorder_by = !empty($_GET['reorder_by']) && array_key_exists($_GET['reorder_by'], $order_options) ? $_GET['reorder_by'] : '';
$assign = !empty($_GET['assign']) ? $_GET['assign'] : '';
$author_email = !empty($_GET['author_email']) ? spam_protect($_GET['author_email'], 'reverse') : '';
$package_name = isset($_GET['package_name']) && is_array($_GET['package_name']) ? $_GET['package_name'] : array();
$package_nname = isset($_GET['package_nname']) && is_array($_GET['package_nname']) ? $_GET['package_nname'] : array();
if (isset($_GET['cmd']) && $_GET['cmd'] == 'display') {
$query = '
SELECT SQL_CALC_FOUND_ROWS
bugdb.*,
TO_DAYS(NOW())-TO_DAYS(bugdb.ts2) AS unchanged,
UNIX_TIMESTAMP(ts1) AS submitted,
UNIX_TIMESTAMP(ts2) AS modified
FROM bugdb
';
if (in_array($order_by, array('votes_count', 'avg_score'))) {
$query .= 'LEFT JOIN bugdb_votes v ON bugdb.id = v.bug';
}
$where_clause = ' WHERE 1 = 1 ';