function svn_data_get_revision_detail($group_id, $commit_id, $rev_id = 0, $order = '')
{
$order_str = "";
if ($order) {
if ($order != 'filename') {
// SQLi Warning: no real possibility to escape $order here.
// We rely on a proper filtering of user input by calling methods.
$order_str = " ORDER BY " . $order;
} else {
$order_str = " ORDER BY dir, file";
}
}
//check user access rights
$pm = ProjectManager::instance();
$project = $pm->getProject($group_id);
$forbidden = svn_utils_get_forbidden_paths(user_getname(), $project->getSVNRootPath());
$where_forbidden = "";
if (!empty($forbidden)) {
while (list($no_access, ) = each($forbidden)) {
$where_forbidden .= " AND svn_dirs.dir not like '%" . db_es(substr($no_access, 1)) . "%' ";
}
}
// if the subversion revision id is given then it akes precedence on
// the internal commit_id (this is to make it easy for users to build
// URL to access a revision
if ($rev_id) {
// To be done -> get the commit ID from the svn-commit table
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.revision=" . db_ei($rev_id) . " " . "AND svn_commits.group_id=" . db_ei($group_id) . " " . $where_forbidden . $order_str;
} else {
$sql = "SELECT svn_commits.description, svn_commits.date, svn_commits.revision, svn_checkins.type,svn_checkins.commitid,svn_dirs.dir,svn_files.file " . "FROM svn_dirs, svn_files, svn_checkins, svn_commits " . "WHERE svn_checkins.fileid=svn_files.id " . "AND svn_checkins.dirid=svn_dirs.id " . "AND svn_checkins.commitid=svn_commits.id " . "AND svn_commits.id=" . db_ei($commit_id) . " " . $where_forbidden . $order_str;
}
$result = db_query($sql);
return $result;
}
/**
* return a resultset of Group
*
* @return resultset
*/
function getAllGroups()
{
global $Language;
if (user_isloggedin()) {
// For surperuser), we can see all the trackers (both public and non public)
if (user_is_super_user()) {
$access_condition = '';
} else {
$access_condition = " AND access != '" . db_es(Project::ACCESS_PRIVATE) . "' ";
}
} else {
if (isset($GLOBALS['Language'])) {
$this->setError($Language->getText('include_exit', 'perm_denied'));
}
return false;
}
$sql = "SELECT group_id,group_name,unix_group_name FROM groups\n\t\t\tWHERE group_id <> 100 AND status = 'A'\n\t\t\t{$access_condition}\n\t\t\tORDER BY group_name ASC";
//echo $sql;
$result = db_query($sql);
$rows = db_numrows($result);
if (!$result || $rows < 1) {
if (isset($GLOBALS['Language'])) {
$this->setError($Language->getText('include_common_groupfactory', 'none_found', db_error()));
}
return false;
}
return $result;
}
function verify_login_valid()
{
global $Language;
$request =& HTTPRequest::instance();
if (!$request->existAndNonEmpty('form_loginname')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('include_session', 'missing_pwd'));
return 0;
}
// first check just confirmation hash
$res = db_query('SELECT confirm_hash,status FROM user WHERE ' . 'user_name=\'' . db_es($request->get('form_loginname')) . '\'');
if (db_numrows($res) < 1) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_user'));
return 0;
}
$usr = db_fetch_array($res);
//if sys_user_approval=1 then check if the admin aldready validates the account
if ($GLOBALS['sys_user_approval'] == 0 || $usr['status'] == 'V' || $usr['status'] == 'W') {
if (strcmp($request->get('confirm_hash'), $usr['confirm_hash'])) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_hash'));
return 0;
}
} else {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_verify', 'err_status'));
return 0;
}
// then check valid login
return UserManager::instance()->login($request->get('form_loginname'), $request->get('form_pw'), true);
}
/**
* Fill the arrays $this->source_refs_datas and $this->target_refs_datas
* for the current CrossReferenceFactory
*/
function fetchDatas()
{
$sql = "SELECT * \n FROM cross_references \n WHERE (target_gid=" . db_ei($this->entity_gid) . " AND target_id='" . db_ei($this->entity_id) . "' AND target_type='" . db_es($this->entity_type) . "' )\n OR (source_gid=" . db_ei($this->entity_gid) . " AND source_id='" . db_ei($this->entity_id) . "' AND source_type='" . db_es($this->entity_type) . "' )";
$res = db_query($sql);
if ($res && db_numrows($res) > 0) {
$this->source_refs_datas = array();
$this->target_refs_datas = array();
while ($field_array = db_fetch_array($res)) {
$target_id = $field_array['target_id'];
$target_gid = $field_array['target_gid'];
$target_type = $field_array['target_type'];
$target_key = $field_array['target_keyword'];
$source_id = $field_array['source_id'];
$source_gid = $field_array['source_gid'];
$source_type = $field_array['source_type'];
$source_key = $field_array['source_keyword'];
$user_id = $field_array['user_id'];
$created_at = $field_array['created_at'];
if ($target_id == $this->entity_id && $target_gid == $this->entity_gid && $target_type == $this->entity_type) {
$this->source_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
}
if ($source_id == $this->entity_id && $source_gid == $this->entity_gid && $source_type == $this->entity_type) {
$this->target_refs_datas[] = new CrossReference($source_id, $source_gid, $source_type, $source_key, $target_id, $target_gid, $target_type, $target_key, $user_id);
}
}
}
}
function new_utils_get_new_releases($start_time, &$select, &$from, &$where)
{
$frsrf = new FRSReleaseFactory();
$select = "SELECT groups.group_name AS group_name, " . "groups.group_id AS group_id, " . "groups.unix_group_name AS unix_group_name, " . "frs_release.release_id AS release_id, " . "frs_release.name AS release_version, " . "frs_release.release_date AS release_date, " . "frs_package.package_id AS package_id ";
$from = "FROM groups,frs_package,frs_release ";
$where = "WHERE frs_release.release_date > " . db_ei($start_time) . " " . "AND frs_release.package_id = frs_package.package_id " . "AND frs_package.group_id = groups.group_id " . "AND frs_release.status_id=" . $frsrf->STATUS_ACTIVE . " " . "AND groups.access != '" . db_es(Project::ACCESS_PRIVATE) . "'";
}
/**
* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
*
*
*
*/
function service_create_service($arr, $group_id, $template, $force_enable = false)
{
// Convert link to real values
// NOTE: if you change link variables here, change them also in src/www/project/admin/servicebar.php and src/www/include/Layout.class.php
$link = $arr['link'];
$pm = ProjectManager::instance();
if ($template['system']) {
$link = str_replace('$projectname', $pm->getProject($group_id)->getUnixName(), $link);
$link = str_replace('$sys_default_domain', $GLOBALS['sys_default_domain'], $link);
$link = str_replace('$group_id', $group_id, $link);
if ($GLOBALS['sys_force_ssl']) {
$sys_default_protocol = 'https';
} else {
$sys_default_protocol = 'http';
}
$link = str_replace('$sys_default_protocol', $sys_default_protocol, $link);
} else {
//for non-system templates
$link = service_replace_template_name_in_link($link, $template, $pm->getProject($group_id));
}
$is_used = isset($template['is_used']) ? $template['is_used'] : $arr['is_used'];
$server_id = isset($template['server_id']) ? $template['server_id'] : $arr['server_id'];
$sql = "INSERT INTO service (group_id, label, description, short_name, link, is_active, is_used, scope, rank, location, server_id, is_in_iframe) VALUES (" . db_ei($group_id) . ", '" . db_es($arr['label']) . "', '" . db_es($arr['description']) . "', '" . db_es($arr['short_name']) . "', '" . db_es($link) . "', " . db_ei($arr['is_active']) . ", " . ($force_enable ? 1 : db_ei($is_used)) . ", '" . db_es($arr['scope']) . "', " . db_ei($arr['rank']) . ", '" . db_es($arr['location']) . "', " . db_ei($server_id) . ", " . db_ei($arr['is_in_iframe']) . ")";
$result = db_query($sql);
if ($result) {
// activate corresponding references
$reference_manager =& ReferenceManager::instance();
if ($arr['short_name'] != "") {
$reference_manager->addSystemReferencesForService($template['id'], $group_id, $arr['short_name']);
}
return true;
} else {
return false;
}
}
function group_getid_by_name($groupname)
{
$res = db_query("SELECT group_id FROM groups WHERE unix_group_name='" . db_es($groupname) . "'");
if (db_numrows($res) == 0) {
return false;
} else {
return db_result($res, 0, 'group_id');
}
}
/**
* get_public_active_projects_asc() - Get a list of rows for public active projects (initially in trove/full_list)
*
* @param int Opional Maximum number of rows to limit query length·
*/
function get_public_active_projects_asc($max_query_limit = -1)
{
$private_access = db_es(Project::ACCESS_PRIVATE);
$res_grp = db_query("\n SELECT group_id, group_name, unix_group_name, short_description, register_time\n FROM groups\n WHERE status = 'A' AND access != '{$private_access}' AND group_id > 4 AND register_time > 0\n ORDER BY group_name ASC\n\t\t\t");
$projects = array();
while ($row_grp = db_fetch_array($res_grp)) {
if (!forge_check_perm('project_read', $row_grp['group_id'])) {
continue;
}
$projects[] = $row_grp;
}
return $projects;
}
function trove_genfullpaths($mynode, $myfullpath, $myfullpathids)
{
// first generate own path
$res_update = db_query('UPDATE trove_cat SET fullpath=\'' . db_es($myfullpath) . '\',fullpath_ids=\'' . db_es($myfullpathids) . '\' WHERE trove_cat_id=' . db_ei($mynode));
$res_child = db_query('SELECT trove_cat_id,fullname FROM ' . 'trove_cat WHERE parent=' . db_ei($mynode));
while ($row_child = db_fetch_array($res_child)) {
//for the root node everything works a bit different ...
if (!$mynode) {
trove_genfullpaths($row_child['trove_cat_id'], $row_child['fullname'], $row_child['trove_cat_id']);
} else {
trove_genfullpaths($row_child['trove_cat_id'], $myfullpath . ' :: ' . $row_child['fullname'], $myfullpathids . ' :: ' . $row_child['trove_cat_id']);
}
}
}
function register_valid()
{
global $Language;
$request =& HTTPRequest::instance();
if (!$request->isPost() || !$request->exist('Update')) {
return 0;
}
if (!$request->existAndNonEmpty('form_realname')) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('account_change_realname', 'error'));
return 0;
}
// if we got this far, it must be good
$sql = "UPDATE user SET realname='" . db_es($request->get('form_realname')) . "' WHERE user_id=" . user_getid();
db_query($sql);
return 1;
}
protected function updateSpecificProperties($row)
{
$db_update_needed = false;
foreach (array('field_base') as $prop) {
if (isset($row[$prop]) && $this->{$prop} != $row[$prop]) {
$this->{$prop} = $row[$prop];
$db_update_needed = true;
}
}
if ($db_update_needed) {
$sql = sprintf("UPDATE plugin_graphontrackers_pie_chart SET\n field_base = '%s'\n WHERE id = %d", db_es($this->field_base), db_ei($this->id));
$res = db_query($sql);
return db_affected_rows($res);
}
return false;
}
function getAllProject($offset, $limit, $condition, $pattern)
{
$projects = array();
if (count($condition) > 0) {
$statements = '(';
$i = 0;
$nbConditions = count($condition) - 1;
for ($i; $i < $nbConditions; $i++) {
$statements .= db_es($condition[$i]) . ' LIKE "%' . db_es($pattern) . '%" OR ';
}
$statements .= db_es($condition[$i]) . ' LIKE "%' . db_es($pattern) . '%") AND ';
}
$sql = 'SELECT SQL_CALC_FOUND_ROWS group_name, group_id, unix_group_name, is_public FROM groups WHERE ' . $statements . ' status = "A" ORDER BY register_time DESC LIMIT ' . db_ei($offset) . ', ' . db_ei($limit);
$res = db_query($sql);
$sql = 'SELECT FOUND_ROWS() as nb';
$res_numrows = db_query($sql);
$row = db_fetch_array($res_numrows);
return array('projects' => $res, 'numrows' => $row['nb']);
}
/**
* updateDateFieldReminderSettings - use this to update the date-fields reminder settings in the database.
*
* @param $field_id The date field concerned by the notification.
* @param $group_artifact_id The tracker id
* @param $start When will the notification start taking effect, with regards to date occurence (in days)
* @param $type What is the type of the notification (after date occurence, before date occurence)
* @param $frequency At which frequency (in days) the notification wil occur
* @param $recurse How many times the notification mail will be sent
* @param $submitter Is submitter notified ?
* @param $assignee Is assignee notified ?
* @param $cc Is cc notified ?
* @param $commenter Is commetner notified ?
*
* @return true on success, false on failure.
*/
function updateDateFieldReminderSettings(ArtifactType $at, ArtifactField $field, $group_artifact_id, $start, $notif_type, $frequency, $recurse, $people_notified)
{
$res = $this->getDateFieldReminderSettings($field->getID(), $group_artifact_id);
if ($res && !db_error($res)) {
$notified_users = implode(",", $people_notified);
if (db_numrows($res) == 0) {
// No reminder, create it
$insert = 'INSERT INTO artifact_date_reminder_settings' . '(field_id, group_artifact_id, notification_start, notification_type, frequency, recurse, notified_people)' . ' VALUES' . ' (' . db_ei($field->getId()) . ',' . db_ei($group_artifact_id) . ',' . db_ei($start) . ',' . db_ei($notif_type) . ',' . db_ei($frequency) . ',' . db_ei($recurse) . ',"' . db_es($notified_users) . '")';
$inserted = db_query($insert);
if ($inserted) {
$this->populateProcessingForField($at, $field->getId(), $group_artifact_id);
return true;
}
return false;
} else {
//update reminder settings
$update = sprintf('UPDATE artifact_date_reminder_settings' . ' SET notification_start=%d' . ' , notification_type=%d' . ' , frequency=%d' . ' , recurse=%d' . ' , notified_people="%s"' . ' WHERE group_artifact_id=%d' . ' AND field_id=%d', db_ei($start), db_ei($notif_type), db_ei($frequency), db_ei($recurse), db_es($notified_users), db_ei($group_artifact_id), db_ei($field->getId()));
$result = db_query($update);
return $result;
}
} else {
return false;
}
}
require_once 'pre.php';
require_once 'common/mail/Mail.class.php';
require_once 'common/event/EventManager.class.php';
$em =& EventManager::instance();
$em->processEvent('before_change_email-confirm', array());
$request =& HTTPRequest::instance();
$confirm_hash = substr(md5($GLOBALS['session_hash'] . time()), 0, 16);
$res_user = db_query("SELECT * FROM user WHERE user_id=" . user_getid());
if (db_numrows($res_user) < 1) {
exit_error("Invalid User", "That user does not exist.");
}
$row_user = db_fetch_array($res_user);
$mail_is_sent = false;
$form_newemail = $request->get('form_newemail');
if (validate_email($form_newemail)) {
db_query("UPDATE user SET confirm_hash='" . $confirm_hash . "',email_new='" . db_es($form_newemail) . "' " . "WHERE user_id=" . $row_user['user_id']);
$message = stripcslashes($Language->getText('account_change_email-confirm', 'message', array($GLOBALS['sys_name'], get_server_url() . "/account/change_email-complete.php?confirm_hash=" . $confirm_hash)));
$mail = new Mail();
$mail->setTo($form_newemail, true);
$mail->setSubject($GLOBALS['sys_name'] . ': ' . $Language->getText('account_change_email-confirm', 'title'));
$mail->setBody($message);
$mail->setFrom($GLOBALS['sys_noreply']);
$mail_is_sent = $mail->send();
if (!$mail_is_sent) {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('global', 'mail_failed', array($GLOBALS['sys_email_admin'])));
}
} else {
$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_utils', 'invalid_email'));
}
site_header(array('title' => $Language->getText('account_change_email-confirm', 'title')));
?>
function file_utils_update_proc($pid, $pname, $prank)
{
global $group_id, $Language;
$sql = sprintf('UPDATE frs_processor' . ' SET name = "%s",rank = %d' . ' WHERE processor_id=%d' . ' AND group_id=%d', db_es($pname), db_ei($prank), db_ei($pid), db_ei($group_id));
$result = db_query($sql);
if ($result) {
$GLOBALS['Response']->addFeedback('info', $Language->getText('file_file_utils', 'update_proc_success'));
} else {
$GLOBALS['Response']->addFeedback('error', $Language->getText('file_file_utils', 'update_proc_fail'));
}
}
function svn_get_revisions(Project $project, $offset, $chunksz, $_rev_id = '', $_commiter = '', $_srch = '', $order_by = '', $pv = 0, $foundRows = true)
{
global $_path;
$um = UserManager::instance();
//check user access rights
$forbidden = svn_utils_get_forbidden_paths($um->getCurrentUser()->getName(), $project->getSVNRootPath());
$select = 'SELECT';
$group_by = '';
if ($foundRows) {
$select .= ' SQL_CALC_FOUND_ROWS';
}
$select .= ' svn_commits.revision as revision, svn_commits.id as commit_id, svn_commits.description as description, svn_commits.date as date, svn_commits.whoid';
$from = " FROM svn_commits";
$where = " WHERE svn_commits.group_id=" . db_ei($project->getGroupId());
//check user access rights
if (!empty($forbidden)) {
$from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)";
$from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)";
$where_forbidden = "";
foreach ($forbidden as $no_access => $v) {
if ($no_access == $_path) {
$_path = '';
}
$where_forbidden .= " AND svn_dirs.dir not like '" . db_es(substr($no_access, 1)) . "%'";
}
$where .= $where_forbidden;
$group_by .= ' GROUP BY revision';
}
//if status selected, and more to where clause
if ($_path != '') {
$path_str = " AND svn_dirs.dir like '%" . db_es($_path) . "%'";
if (!isset($forbidden) || empty($forbidden)) {
$from .= " INNER JOIN svn_checkins ON (svn_checkins.commitid = svn_commits.id)";
$from .= " INNER JOIN svn_dirs ON (svn_dirs.id = svn_checkins.dirid)";
$group_by .= ' GROUP BY revision';
}
} else {
$path_str = "";
}
//if revision selected, and more to where clause
if (isset($_rev_id) && $_rev_id != '') {
$commit_str = " AND svn_commits.revision='" . db_ei($_rev_id) . "' ";
} else {
$commit_str = '';
}
if (isset($_commiter) && $_commiter && $_commiter != 100) {
$commiter_str = " AND svn_commits.whoid='" . db_ei($um->getUserByUserName($_commiter)->getId()) . "' ";
} else {
//no assigned to was chosen, so don't add it to where clause
$commiter_str = '';
}
if (isset($_srch) && $_srch != '') {
$srch_str = " AND svn_commits.description like '%" . db_es(htmlspecialchars($_srch)) . "%'";
} else {
$srch_str = "";
}
$where .= $commiter_str . $commit_str . $srch_str . $path_str;
if (!isset($pv) || !$pv) {
$limit = " LIMIT " . db_ei($offset) . "," . db_ei($chunksz);
}
// SQLi Warning: no real possibility to escape $order_by here.
// We rely on a proper filtering of user input by calling methods.
if (!isset($order_by) || $order_by == '') {
$order_by = " ORDER BY revision DESC ";
}
$sql = $select . $from . $where . $group_by . $order_by . $limit;
//echo $sql."<br>\n";
$result = db_query($sql);
// Compute the number of rows.
$totalrows = -1;
if ($foundRows) {
$sql1 = 'SELECT FOUND_ROWS() as nb';
$result1 = db_query($sql1);
if ($result1 && !db_error($result1)) {
$row1 = db_fetch_array($result1);
$totalrows = $row1['nb'];
}
}
return array($result, $totalrows);
}
/**
* function to get a Text field value
* @param field_name : the Text field_name
* @return String : value of the Text field
*/
function getTFValues(ArtifactField $af)
{
if (!$af->isStandardField()) {
$sql = sprintf('SELECT artifact_id as id,afv.valueText as val
FROM artifact_field_value afv
INNER JOIN artifact_field af
USING (field_id)
WHERE af.group_artifact_id = %d
AND af.field_name = "%s"
AND afv.artifact_id IN (' . implode(',', $this->artifacts) . ')', db_ei($this->chart->getGraphicReport()->getAtid()), db_es($af->field_name));
} else {
$sql = sprintf('SELECT artifact_id as id, %s as val
FROM artifact a
WHERE a.group_artifact_id = %d
AND a.artifact_id IN (' . implode(',', $this->artifacts) . ')', db_es($af->field_name), db_ei($this->chart->getGraphicReport()->getAtid()));
}
return db_query($sql);
}
function bookmark_delete($bookmark_id)
{
db_query("DELETE from user_bookmarks WHERE bookmark_id='" . db_es($bookmark_id) . "' " . "and user_id='" . user_getid() . "'");
}
<?php
// ## export sf front page news in RSS
require_once 'pre.php';
header("Content-Type: text/xml");
// ## group_id must be specified
$res_grp = db_query("SELECT group_id,group_name FROM groups '\n\t.'WHERE access != '" . db_es(Project::ACCESS_PRIVATE) . "' AND status='A' AND group_id=" . db_ei($group_id));
if (db_numrows($res_grp) < 1) {
print $Language->getText('export_nitf_sfforums', 'g_id_err');
exit;
} else {
$row_grp = db_fetch_array($res_grp);
}
print '<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE sf_forum SYSTEM "' . get_server_url() . '/exports/sf_forum_0.1.dtd">
';
print "<group name=\"{$row_grp['group_name']}\">";
$res_forum = db_query('SELECT group_forum_id,forum_name FROM forum_group_list ' . 'WHERE group_id=' . $group_id);
while ($row_forum = db_fetch_array($res_forum)) {
print " <forum name=\"{$row_forum['forum_name']}\">\n";
$res_post = db_query('SELECT forum.msg_id AS msg_id,forum.subject AS subject,' . 'forum.body AS body,forum.date AS date,user.user_name AS user_name,' . 'user.realname AS realname FROM forum,user ' . 'WHERE forum.posted_by=user.user_id AND forum.group_forum_id=' . $row_forum[group_forum_id]);
// ## item outputs
while ($row_post = db_fetch_array($res_post)) {
print " <nitf version=\"XMLNews/DTD XMLNEWS-STORY 1.8//EN\">\n";
print " <head>\n";
print " <title>{$row_post['subject']}</title>\n";
print " </head>\n";
print " <body><body.content><block>\n";
print $row_post[body];
print " </block></body.content></body>\n";
print " </nitf>\n";
function Project($param)
{
global $Language;
$this->Group($param);
//for right now, just point our prefs array at Group's data array
//this will change later when we split the project_data table off from groups table
$this->project_data_array = $this->data_array;
// Get defined classname of services
// TODO: Move this in a helper for performances pov (load of many projects)
$this->serviceClassnames = array('file' => 'ServiceFile', 'svn' => 'ServiceSVN');
EventManager::instance()->processEvent(Event::SERVICE_CLASSNAMES, array('classnames' => &$this->serviceClassnames));
// Get Service data
$db_res = db_query("SELECT * FROM service WHERE group_id='" . db_es($this->group_id) . "' ORDER BY rank");
$rows = db_numrows($db_res);
if ($rows < 1) {
$this->service_data_array = array();
}
for ($j = 0; $j < $rows; $j++) {
$res_row = db_fetch_array($db_res);
$short_name = $res_row['short_name'];
if (!$short_name) {
$short_name = $j;
}
// needed for localisation
$matches = array();
if ($res_row['description'] == "service_" . $short_name . "_desc_key") {
$res_row['description'] = $Language->getText('project_admin_editservice', $res_row['description']);
} elseif (preg_match('/(.*):(.*)/', $res_row['description'], $matches)) {
if ($Language->hasText($matches[1], $matches[2])) {
$res_row['description'] = $Language->getText($matches[1], $matches[2]);
}
}
if ($res_row['label'] == "service_" . $short_name . "_lbl_key") {
$res_row['label'] = $Language->getText('project_admin_editservice', $res_row['label']);
} elseif (preg_match('/(.*):(.*)/', $res_row['label'], $matches)) {
if ($Language->hasText($matches[1], $matches[2])) {
$res_row['label'] = $Language->getText($matches[1], $matches[2]);
}
}
// Init Service object corresponding to given service
try {
$classname = $this->getServiceClassName($short_name);
$s = new $classname($this, $res_row);
$this->service_data_array[$short_name] = $res_row;
if ($short_name) {
$this->use_service[$short_name] = $res_row['is_used'];
}
$this->services[$short_name] = $s;
if ($res_row['is_active']) {
$this->cache_active_services[] = $s;
}
} catch (ServiceNotAllowedForProjectException $e) {
//do nothing
}
}
}
/**
* Checks if the comment was removed
*
* @params int comment_id
*
* @return boolean
*/
function isFollowupCommentDeleted($comment_id)
{
$sql = 'SELECT artifact_id, new_value
FROM artifact_history
WHERE artifact_history_id = ' . db_ei($comment_id);
$res = db_query($sql);
if (db_result($res, 0, 'new_value') == "") {
return true;
}
$lbl = "lbl_" . $comment_id . "_comment";
$aid = db_result($res, 0, 'artifact_id');
$qry = 'SELECT NULL FROM artifact_history' . ' WHERE artifact_id = ' . db_ei($aid) . ' AND field_name = "' . db_es($lbl) . '"' . ' AND new_value = ""';
$result = db_query($qry);
if (db_numrows($result) > 0) {
return true;
} else {
return false;
}
}
?>
</TR>
</TABLE>
<?php
$HTML->box1_bottom();
?>
</TD>
<TD> </TD>
<TD width=50%>
<?php
$HTML->box1_top($Language->getText('include_user_home', 'proj_info'));
// now get listing of groups for that user
$res_cat = db_query("SELECT groups.group_name, " . "groups.unix_group_name, " . "groups.group_id, " . "user_group.admin_flags, " . "user_group.bug_flags FROM " . "groups,user_group WHERE user_group.user_id='" . $user->getId() . "' AND " . "groups.group_id=user_group.group_id AND groups.access != '" . db_es(Project::ACCESS_PRIVATE) . "' AND groups.status='A' AND groups.type='1'");
// see if there were any groups
if (db_numrows($res_cat) < 1) {
echo '
<p>' . $Language->getText('include_user_home', 'not_member');
} else {
// endif no groups
print '<p>' . $Language->getText('include_user_home', 'is_member') . ":<BR> ";
while ($row_cat = db_fetch_array($res_cat)) {
print '<BR><A href="/projects/' . urlencode($row_cat['unix_group_name']) . '/">' . $hp->purify($row_cat['group_name']) . "</A>\n";
}
print "</ul>";
}
// end if groups
$HTML->box1_bottom();
?>
/**
* Create a clone of a wiki page by inserting a new row in wiki_page table.
*
* @params array data : array of page data
* @params string pagename : escaped wiki page name
* @return int id : id of the created page
*
*/
function insertNewWikiPage($data, $pagename)
{
$result = db_query(sprintf("INSERT INTO plugin_phpwiki_page (pagename, hits, pagedata, group_id)" . "VALUES('%s', %d, '%s', %d)", $pagename, 0, $this->_serialize($data), $this->group_id));
if (!empty($result)) {
$res = db_query(sprintf("SELECT id from plugin_phpwiki_page where pagename='%s' and group_id=%d", db_es($pagename), $this->group_id));
while ($row = db_fetch_array($res)) {
$id = $row[0];
}
return $id;
}
}
exit_error($Language->getText('global', 'error'), $ath->getErrorMessage());
}
// Check if this tracker is valid (not deleted)
if (!$ath->isValid()) {
exit_error($Language->getText('global', 'error'), $Language->getText('global', 'error'));
}
// Create field factory
$art_field_fact = new ArtifactFieldFactory($ath);
$params = array('title' => $group->getPublicName() . ': \'' . $ath->getName() . '\' ' . $Language->getText('tracker_browse', 'search_report'), 'titlevals' => array($ath->getName()), 'pagename' => 'tracker_browse', 'atid' => $ath->getID(), 'sectionvals' => array($group->getPublicName()), 'pv' => 0, 'help' => 'ArtifactBrowsing.html');
$ath->header($params);
echo '<div id="tracker_toolbar_clear"></div>';
$array = explode(" ", $words);
$words1 = implode($array, "%' {$crit} artifact.details LIKE '%");
$words2 = implode($array, "%' {$crit} artifact.summary LIKE '%");
$words3 = implode($array, "%' {$crit} artifact_history.new_value LIKE '%");
$sql = "SELECT SQL_CALC_FOUND_ROWS artifact.artifact_id,\n artifact.summary,\n artifact.open_date,\n user.user_name\n FROM artifact INNER JOIN user ON user.user_id=artifact.submitted_by \n LEFT JOIN artifact_history ON artifact_history.artifact_id=artifact.artifact_id \n LEFT JOIN permissions ON (permissions.object_id = CAST(artifact.artifact_id AS CHAR) AND permissions.permission_type = 'TRACKER_ARTIFACT_ACCESS')\n WHERE artifact.group_artifact_id='" . db_ei($atid) . "' \n AND (\n artifact.use_artifact_permissions = 0\n OR \n (\n permissions.ugroup_id IN (" . implode(',', UserManager::instance()->getCurrentUser()->getUgroups($group_id, $atid)) . ")\n )\n )\n AND (\n (artifact.details LIKE '%" . db_es($words1) . "%') \n OR \n (artifact.summary LIKE '%" . db_es($words2) . "%') \n OR \n (artifact_history.field_name='comment' AND (artifact_history.new_value LIKE '%" . db_es($words3) . "%'))\n ) \n GROUP BY open_date DESC \n LIMIT " . db_ei($offset) . ", 25";
$result = db_query($sql);
$rows_returned = db_result(db_query('SELECT FOUND_ROWS() as nb'), 0, 'nb');
if (!$result || $rows_returned < 1) {
$no_rows = 1;
echo '<H2>' . $Language->getText('search_index', 'no_match_found', htmlentities(stripslashes($words), ENT_QUOTES, 'UTF-8')) . '</H2>';
echo db_error();
} else {
echo '<H3>' . $Language->getText('search_index', 'search_res', array(htmlentities(stripslashes($words), ENT_QUOTES, 'UTF-8'), $rows_returned)) . "</H3><P>\n";
$title_arr = array();
$summary_field = $art_field_fact->getFieldFromName("summary");
if ($summary_field->userCanRead($group_id, $atid)) {
$title_arr[] = $Language->getText('search_index', 'artifact_summary');
}
$submitted_field = $art_field_fact->getFieldFromName("submitted_by");
if ($submitted_field->userCanRead($group_id, $atid)) {
if ($request->existAndNonEmpty('remove_parent_project')) {
$set_parent = $project_manager->removeParentProject($group_id);
}
} catch (Project_HierarchyManagerNoChangeException $e) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('project_admin_editgroupinfo', 'upd_fail', db_error() ? db_error() : ' '));
$valid_parent = false;
} catch (Project_HierarchyManagerAncestorIsSelfException $e) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('project_admin_editgroupinfo', 'self_exception', db_error() ? db_error() : ' '));
$valid_parent = false;
} catch (Project_HierarchyManagerAlreadyAncestorException $e) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('project_admin_editgroupinfo', 'ancestor_exception', db_error() ? db_error() : ' '));
$valid_parent = false;
}
// in the database, these all default to '1',
// so we have to explicity set 0
$sql = 'UPDATE groups SET ' . "group_name='" . db_es(htmlspecialchars($form_group_name)) . "'," . "short_description='" . db_es($form_shortdesc) . "'";
$sql .= " WHERE group_id='" . db_ei($group_id) . "'";
//echo $sql;
$result = db_query($sql);
$update_success = true;
if ((!$result || db_affected_rows($result) < 1) && $updatedesc == 0 && !$set_parent) {
$update_success = false;
} else {
group_add_history('changed_public_info', '', $group_id);
// Raise an event
$em =& EventManager::instance();
$em->processEvent('project_admin_edition', array('group_id' => $group_id));
}
//update visibility
if ($user_can_choose_visibility) {
if ($currentproject->getAccess() != $request->get('project_visibility')) {
/**
* Update ugroup with list of members
*/
function ugroup_update($group_id, $ugroup_id, $ugroup_name, $ugroup_description)
{
global $Language;
$purifier = Codendi_HTMLPurifier::instance();
// Sanity check
if (!$ugroup_name) {
exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_ugroup_utils', 'ug_name_missed'));
}
if (!eregi("^[a-zA-Z0-9_\\-]+\$", $ugroup_name)) {
exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_ugroup_utils', 'invalid_ug_name', $purifier->purify($ugroup_name)));
}
if (!$ugroup_id) {
exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_editugroup', 'ug_id_missed'));
}
// Retrieve ugroup old name before updating
$sql = "SELECT name FROM ugroup WHERE group_id='" . db_ei($group_id) . "' AND ugroup_id ='" . db_ei($ugroup_id) . "'";
$result = db_query($sql);
if ($result && !db_error($result)) {
$row = db_fetch_array($result);
$ugroup_old_name = $row['name'];
}
// Check that there is no ugroup with the same name and a different id in this project
$sql = "SELECT * FROM ugroup WHERE name='" . db_es($ugroup_name) . "' AND group_id='" . db_ei($group_id) . "' AND ugroup_id!='" . db_ei($ugroup_id) . "'";
$result = db_query($sql);
if (db_numrows($result) > 0) {
exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_ugroup_utils', 'ug__exist', $purifier->purify($ugroup_name)));
}
// Update
$sql = "UPDATE ugroup SET name='" . db_es($ugroup_name) . "', description='" . db_es($ugroup_description) . "' WHERE ugroup_id=" . db_ei($ugroup_id);
$result = db_query($sql);
if (!$result) {
exit_error($Language->getText('global', 'error'), $Language->getText('project_admin_ugroup_utils', 'cant_update_ug', db_error()));
}
// Search for all members of this ugroup
$pickList = array();
$sql = "SELECT user_id FROM ugroup_user WHERE ugroup_id = " . db_ei($ugroup_id);
if ($res = db_query($sql)) {
while ($row = db_fetch_array($res)) {
$pickList[] = $row['user_id'];
}
}
// raise an event for ugroup edition
$em =& EventManager::instance();
$em->processEvent('project_admin_ugroup_edition', array('group_id' => $group_id, 'ugroup_id' => $ugroup_id, 'ugroup_name' => $ugroup_name, 'ugroup_old_name' => $ugroup_old_name, 'ugroup_desc' => $ugroup_description, 'pick_list' => $pickList));
// Now log in project history
group_add_history('upd_ug', '', $group_id, array($ugroup_name));
$GLOBALS['Response']->addFeedback('info', $Language->getText('project_admin_ugroup_utils', 'ug_upd_success', array($ugroup_name, count($pickList))));
}
$validStatus = new Valid_WhiteList('status', array(0, 1, 2));
if ($request->valid($validStatus)) {
$status = $request->get('status');
} else {
$status = 0;
}
$validSummary = new Valid_String('summary');
$validSummary->setErrorMessage('Summary is required');
$validSummary->required();
$validDetails = new Valid_Text('details');
if ($request->valid($validSummary) && $request->valid($validDetails)) {
if ($status == 1) {
/*
Update the db so the item shows on the home page
*/
$sql = "UPDATE news_bytes SET is_approved='1', date='" . time() . "', " . "summary='" . db_es(htmlspecialchars($request->get('summary'))) . "', details='" . db_es(htmlspecialchars($request->get('details'))) . "' WHERE id=" . db_ei($id);
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('news_admin_index', 'update_err'));
} else {
$GLOBALS['Response']->addFeedback('info', $Language->getText('news_admin_index', 'newsbyte_updated'));
}
} else {
if ($status == 2) {
/*
Move msg to deleted status
*/
$sql = "UPDATE news_bytes SET is_approved='2' WHERE id=" . db_ei($id);
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$GLOBALS['Response']->addFeedback('error', $Language->getText('news_admin_index', 'update_err') . ' ' . db_error());
forum_add_monitor($fid, user_getid());
}
}
} else {
if ($request->existAndNonEmpty('change_status')) {
/*
Change a forum to public/private
*/
$vGrpForum = new Valid_UInt('group_forum_id');
$vGrpForum->required();
if ($request->valid($vForumName) && $request->valid($vDescription) && $request->valid($vIsPublic) && $request->valid($vGrpForum)) {
$forum_name = $request->get('forum_name');
$is_public = $request->get('is_public');
$description = $request->get('description');
$group_forum_id = $request->get('group_forum_id');
$sql = "UPDATE forum_group_list SET is_public=" . db_ei($is_public) . ",forum_name='" . db_es(htmlspecialchars($forum_name)) . "'," . "description='" . db_es(htmlspecialchars($description)) . "' " . "WHERE group_forum_id=" . db_ei($group_forum_id) . " AND group_id=" . db_ei($group_id);
$result = db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ' . $Language->getText('forum_admin_index', 'upd_err') . ' ';
} else {
$feedback .= ' ' . $Language->getText('forum_admin_index', 'upd_success') . ' ';
}
}
}
}
}
}
if ($request->existAndNonEmpty('delete')) {
/*
Show page for deleting messages
*/
/**
* create - create a new item in the database.
*
* @para string Filename of the item.
* @param string Item filetype.
* @param string Item filesize.
* @param binary Binary item data.
* @param string Item description.
* @return id on success / false on failure.
*/
function create($filename, $filetype, $filesize, $bin_data, $description = false, &$changes)
{
global $Language;
if (!$description) {
$description = $Language->getText('global', 'none');
}
$old_value = $this->Artifact->getAttachedFileNames();
// Some browsers don't supply mime type if they don't know it
if (!$filetype) {
// Let's be on safe side?
$filetype = 'application/octet-stream';
}
//
// data validation
//
if (!$filename || !$filetype || !$filesize || !$bin_data) {
$GLOBALS['Response']->addFeedback('error', '<P>|' . $filename . '|' . $filetype . '|' . $filesize . '|' . $bin_data . '|');
$this->setError('ArtifactFile: ' . $Language->getText('tracker_common_file', 'name_requ'));
return false;
}
if (user_isloggedin()) {
$userid = user_getid();
} else {
$userid = 100;
}
$res = db_query("INSERT INTO artifact_file\n\t\t\t(artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by)\n\t\t\tVALUES \n\t\t\t('" . db_ei($this->Artifact->getID()) . "','" . db_es($description) . "','" . db_es($bin_data) . "','" . db_es($filename) . "',\n\t\t\t'" . db_ei($filesize) . "','" . db_es($filetype) . "','" . time() . "','" . db_ei($userid) . "')");
$id = db_insertid($res, 'artifact_file', 'id');
if (!$res || !$id) {
$this->setError('ArtifactFile: ' . db_error());
return false;
} else {
$this->clearError();
$changes['attach']['description'] = $description;
$changes['attach']['name'] = $filename;
$changes['attach']['size'] = $filesize;
if ($old_value == '') {
$new_value = $filename;
} else {
$new_value = $old_value . "," . $filename;
}
$this->Artifact->addHistory('attachment', $old_value, $new_value);
$changes['attach']['href'] = get_server_url() . "/tracker/download.php?artifact_id=" . $this->Artifact->getID() . "&id={$id}";
return $id;
}
}
/**
* Allow update of the specific properties of the concrete chart
* @return boolean true if the update is successful
*/
protected function updateSpecificProperties($row)
{
$db_update_needed = false;
foreach (array('remaining_field', 'done_field', 'start_date', 'duration') as $prop) {
if (isset($row[$prop]) && $this->{$prop} != $row[$prop]) {
if ($prop == 'start_date' && strtotime($row[$prop])) {
$this->{$prop} = strtotime($row[$prop]);
} else {
$this->{$prop} = $row[$prop];
}
$db_update_needed = true;
}
}
if ($db_update_needed) {
$sql = sprintf("UPDATE plugin_graphontrackersv5_scrum_burnup SET\n remaining_field_id = %s,\n done_field_id = %s,\n start_date = '%s',\n duration = '%s'\n WHERE id = %d", db_ei($this->remaining_field), db_ei($this->done_field), db_es($this->start_date), db_es($this->duration), db_ei($this->id));
$res = db_query($sql);
return db_affected_rows($res);
}
return false;
}
