function profile_update($p_user_id, $p_profile_id, $p_platform, $p_os, $p_os_build, $p_description)
{
$c_user_id = db_prepare_int($p_user_id);
$c_profile_id = db_prepare_int($p_profile_id);
$c_platform = db_prepare_string($p_platform);
$c_os = db_prepare_string($p_os);
$c_os_build = db_prepare_string($p_os_build);
$c_description = db_prepare_string($p_description);
if (ALL_USERS != $p_user_id) {
user_ensure_unprotected($p_user_id);
}
# platform cannot be blank
if (is_blank($c_platform)) {
error_parameters(lang_get('platform'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# os cannot be blank
if (is_blank($c_os)) {
error_parameters(lang_get('operating_system'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
# os_build cannot be blank
if (is_blank($c_os_build)) {
error_parameters(lang_get('version'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$t_user_profile_table = config_get('mantis_user_profile_table');
# Add item
$query = "UPDATE {$t_user_profile_table}\n\t\t\t\t SET platform='{$c_platform}',\n\t\t\t\t \t os='{$c_os}',\n\t\t\t\t\t os_build='{$c_os_build}',\n\t\t\t\t\t description='{$c_description}'\n\t\t\t\t WHERE id='{$c_profile_id}' AND user_id='{$c_user_id}'";
$result = db_query($query);
# db_query() errors on failure so:
return true;
}
function faq_update_query($p_id, $p_question, $p_answere, $p_project_id, $p_view_level)
{
global $g_mantis_faq_table;
# " character poses problem when editting so let's just convert them to '
$p_question = db_prepare_string($p_question);
$p_answere = db_prepare_string($p_answere);
# Update entry
$query = "UPDATE {$g_mantis_faq_table}\n\t\t\t\tSET question='{$p_question}', answere='{$p_answere}',\n\t\t\t\t\tproject_id='{$p_project_id}', view_access='{$p_view_level}', last_modified=NOW()\n\t \t\tWHERE id='{$p_id}'";
return db_query_bound($query);
}
function history_log_event_special($p_bug_id, $p_type, $p_optional = '', $p_optional2 = '')
{
$c_bug_id = db_prepare_int($p_bug_id);
$c_type = db_prepare_int($p_type);
$c_optional = db_prepare_string($p_optional);
$c_optional2 = db_prepare_string($p_optional2);
$t_user_id = auth_get_current_user_id();
$t_mantis_bug_history_table = config_get('mantis_bug_history_table');
$query = "INSERT INTO {$t_mantis_bug_history_table}\n\t\t\t\t\t( user_id, bug_id, date_modified, type, old_value, new_value, field_name )\n\t\t\t\tVALUES\n\t\t\t\t\t( '{$t_user_id}', '{$c_bug_id}', " . db_now() . ", '{$c_type}', '{$c_optional}', '{$c_optional2}', '' )";
$result = db_query($query);
}
function admin_check_applied($p_table_name, $p_field_name = '')
{
$c_table_name = db_prepare_string($p_table_name);
$c_field_name = db_prepare_string($p_field_name);
$result = db_query("DESCRIBE {$c_table_name} {$c_field_name}");
if ($result && 0 < db_num_rows($result)) {
return true;
} else {
return false;
}
}
function email_queue_prepare_db($p_email_data)
{
$t_email_data = new EmailData();
$t_email_data->email_id = db_prepare_int($p_email_data->email_id);
$t_email_data->email = db_prepare_string($p_email_data->email);
$t_email_data->subject = db_prepare_string($p_email_data->subject);
$t_email_data->body = db_prepare_string($p_email_data->body);
$t_email_data->metadata = array();
foreach ($p_email_data->metadata as $t_key => $t_value) {
if ($t_key != 'headers') {
$t_email_data->metadata[$t_key] = db_prepare_string($t_value);
}
}
foreach ($p_email_data->metadata['headers'] as $t_key => $t_value) {
$t_email_data->metadata['headers'][$t_key] = db_prepare_string($t_value);
}
$t_email_data->submitted = db_prepare_string($p_email_data->submitted);
return $t_email_data;
}
function news_update($p_news_id, $p_project_id, $p_view_state, $p_announcement, $p_headline, $p_body)
{
$c_news_id = db_prepare_int($p_news_id);
$c_project_id = db_prepare_int($p_project_id);
$c_view_state = db_prepare_int($p_view_state);
$c_announcement = db_prepare_bool($p_announcement);
$c_headline = db_prepare_string($p_headline);
$c_body = db_prepare_string($p_body);
if (is_blank($c_headline)) {
error_parameters(lang_get('headline'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
if (is_blank($c_body)) {
error_parameters(lang_get('body'));
trigger_error(ERROR_EMPTY_FIELD, ERROR);
}
$t_news_table = config_get('mantis_news_table');
# Update entry
$query = "UPDATE {$t_news_table}\n\t\t\t\t SET view_state='{$c_view_state}',\n\t\t\t\t\tannouncement='{$c_announcement}',\n\t\t\t\t\theadline='{$c_headline}',\n\t\t\t\t\tbody='{$c_body}',\n\t\t\t\t\tproject_id='{$c_project_id}',\n\t\t\t\t\tlast_modified= " . db_now() . "\n\t\t\t\t WHERE id='{$c_news_id}'";
db_query($query);
# db_query() errors on failure so:
return true;
}
function upgrade_fix_strings($p_table_name, $p_primary_key, $p_fields)
{
$c_table_name = db_prepare_string($p_table_name);
$c_primary_key = db_prepare_string($p_primary_key);
$t_field_string = db_prepare_string(implode(',', $p_fields));
$query = "SELECT {$c_primary_key}, {$t_field_string} FROM {$c_table_name}";
$result = @db_query($query);
if (false == $result) {
return false;
}
$count = db_num_rows($result);
$t_failures = 0;
for ($i = 0; $i < $count; $i++) {
$row = db_fetch_array($result);
$query2 = "UPDATE {$c_table_name} SET ";
$t_updates = array();
foreach ($p_fields as $t_field) {
$t_new_value = stripslashes(upgrade_decode_entities($row[$t_field]));
$t_updates[] = db_prepare_string($t_field) . "='" . db_prepare_string($t_new_value) . "'";
}
$query2 .= implode(',', $t_updates);
$query2 .= "WHERE {$c_primary_key}=" . $row[$p_primary_key];
$result2 = @db_query($query2);
if (false == $result2) {
$t_failures++;
}
}
# If every query failed, something must be wrong so let's fail
# If fewer failed, we don't want to fail because unescaping the
# successful ones again is bad.
if ($count > 0 && $t_failures == $count) {
return false;
} else {
return true;
}
}
$f_user_id = gpc_get_int('user_id');
$f_email = trim($f_email);
$f_username = trim($f_username);
$t_old_username = user_get_field($f_user_id, 'username');
# check that the username is unique
if (0 != strcasecmp($t_old_username, $f_username) && false == user_is_name_unique($f_username)) {
trigger_error(ERROR_USER_NAME_NOT_UNIQUE, ERROR);
}
user_ensure_name_valid($f_username);
user_ensure_realname_valid($f_realname);
user_ensure_realname_unique($f_username, $f_realname);
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
$c_email = db_prepare_string($f_email);
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
user_delete_project_specific_access_levels($c_user_id);
/**
* Return object of a specific class by SQL
*
* @param string $sql
* @param array $arguments
* @param boolean $one
* @param string $table_name
* @return array
*/
function findBySQL($sql, $arguments = null, $one = false)
{
if ($arguments !== null) {
$sql = db_prepare_string($sql, $arguments);
}
// if
$rows = db_execute_all($sql);
if (is_error($rows)) {
return $rows;
}
// if
if (!is_foreachable($rows)) {
return null;
}
// if
if ($one) {
$row = $rows[0];
$item_class = array_var($row, 'type');
$item = new $item_class();
$item->loadFromRow($row);
return $item;
} else {
$items = array();
foreach ($rows as $row) {
$item_class = array_var($row, 'type');
$item = new $item_class();
$item->loadFromRow($row);
$items[] = $item;
}
// foreach
return count($items) ? $items : null;
}
// if
}
else
{
if(NeedQuotes($cUserNameFieldType))
$value=db_prepare_string($value);
else
$value=(0+$value);
}
$sWhere="(".GetFullFieldName($cUserNameField,"webreport_users",false)."=".$value;
$value=$strUsernameEmail;
if($cipherer->isFieldEncrypted($cEmailField))
$value = $cipherer->MakeDBValue($cEmailField,$value,"","",true);
else
{
if(NeedQuotes($cEmailFieldType))
$value=db_prepare_string($value);
else
$value=(0+$value);
}
$sWhere.=" or ".GetFullFieldName($cEmailField,"webreport_users",false)."=".$value.")";
if($tosearch && $globalEvents->exists("BeforeRemindPassword"))
$tosearch = $globalEvents->BeforeRemindPassword($strUsernameEmail,$strUsernameEmail, $pageObject);
if($tosearch)
{
$selectClause = "select ".GetFullFieldName($cUserNameField,"webreport_users",false)." as ".AddFieldWrappers($cUserNameField)
.",".GetFullFieldName($cPasswordField,"webreport_users",false)." as ".AddFieldWrappers($cPasswordField);
// prevent aliases mixing
if( $cUserNameField != $cEmailField )
} else {
$t_caption = $t_prefix;
}
if ($t_prefix == $f_prefix) {
$t_link = "<strong>{$t_caption}</strong>";
} else {
$t_link = '<a href="manage_user_page.php?prefix=' . $t_prefix . '">' . $t_caption . '</a>';
}
$t_index_links .= '<td>' . $t_link . '</td>';
}
$t_index_links .= '</tr></table></center>';
echo $t_index_links;
if ($f_prefix === 'ALL') {
$t_where = '(1 = 1)';
} else {
$c_prefix = db_prepare_string($f_prefix);
$t_where = "(username like '{$c_prefix}%')";
}
# Get the user data in $c_sort order
if (0 == $c_hide) {
$query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE {$t_where}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}";
} else {
$query = "SELECT *\n\t\t\t\tFROM {$t_user_table}\n\t\t\t\tWHERE (" . db_helper_compare_days(db_now(), "last_visit", "< '{$days_old}'") . ") AND {$t_where}\n\t\t\t\tORDER BY {$c_sort} {$c_dir}";
}
$result = db_query($query);
$user_count = db_num_rows($result);
?>
<br />
<table class="width100" cellspacing="1">
<tr>
<td class="form-title" colspan="5">
# DEVELOPER / RESOLUTION #
?>
<table class="width100" cellspacing="1">
<tr>
<td class="form-title" colspan="1">
<?php
echo lang_get('developer_by_resolution');
?>
</td>
<?php
$t_arr = explode_enum_string(config_get('resolution_enum_string'));
$enum_count = count($t_arr);
for ($i = 0; $i < $enum_count; $i++) {
print '<td>';
$t_s = explode_enum_arr($t_arr[$i]);
$c_s[0] = db_prepare_string($t_s[0]);
echo get_enum_element('resolution', $c_s[0]);
print '</td>';
}
print '<td>';
print lang_get('percentage_fixed');
print '</td>';
?>
</tr>
<?php
summary_print_developer_resolution(config_get('resolution_enum_string'));
?>
</table>
</td>
</tr>
</table>
}
$c_file_id = db_prepare_int($f_file_id);
$c_title = db_prepare_string($f_title);
$c_description = db_prepare_string($f_description);
$t_project_file_table = db_get_table('mantis_project_file_table');
/** @todo (thraxisp) this code should probably be integrated into file_api to share methods used to store files */
file_ensure_uploaded($f_file);
extract($f_file, EXTR_PREFIX_ALL, 'v');
if (is_uploaded_file($v_tmp_name)) {
$t_project_id = helper_get_current_project();
# grab the original file path and name
$t_disk_file_name = file_get_field($f_file_id, 'diskfile', 'project');
$t_file_path = dirname($t_disk_file_name);
# prepare variables for insertion
$c_file_name = db_prepare_string($v_name);
$c_file_type = db_prepare_string($v_type);
$t_file_size = filesize($v_tmp_name);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
trigger_error(ERROR_FILE_TOO_BIG, ERROR);
}
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
file_ensure_valid_upload_path($t_file_path);
if (FTP == $t_method) {
$conn_id = file_ftp_connect();
file_ftp_delete($conn_id, $t_disk_file_name);
file_ftp_put($conn_id, $t_disk_file_name, $v_tmp_name);
/**
* Print due on string (due in, due today or late) for a given object
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_due($params, &$smarty)
{
$object = array_var($params, 'object');
$due_date = null;
if (instance_of($object, 'ProjectObject')) {
if ($object->can_be_completed) {
if ($object->isCompleted()) {
return lang('Completed');
}
// if
$due_date = $object->getDueOn();
} else {
return '--';
}
// if
} elseif (instance_of($object, 'Invoice')) {
if ($object->getStatus() == INVOICE_STATUS_ISSUED) {
$due_date = $object->getDueOn();
} else {
return '--';
}
// if
} else {
return new InvalidParamError('object', $object, '$object is not expected to be an instance of ProjectObject or Invoice class', true);
}
// if
$offset = get_user_gmt_offset();
if (instance_of($due_date, 'DateValue')) {
require_once SMARTY_PATH . '/plugins/modifier.date.php';
$date = smarty_modifier_date($due_date, 0);
// just printing date, offset is 0!
$reminder_string_begining = '';
$reminder_string_end = '';
$sql = "select auto_email_status, email_reminder_period, email_reminder_unit, email_reminder_time from healingcrystals_project_object_misc where object_id=? and auto_email_status='1'";
$arguments = array($object->getId());
$sql = db_prepare_string($sql, $arguments);
$row = db_execute_all($sql);
if (!empty($row)) {
$entry = $row[0];
$auto_email_status = array_var($entry, 'auto_email_status');
$email_reminder_period = array_var($entry, 'email_reminder_period', '0');
$email_reminder_unit = array_var($entry, 'email_reminder_unit', 'D');
$email_reminder_time = array_var($entry, 'email_reminder_time', '06:00');
$meridian = '';
list($h, $m) = explode(':', $email_reminder_time);
$h = (int) $h;
if ($h > 12) {
$h -= 12;
$meridian = 'PM';
} elseif ($h == 12) {
$meridian = 'PM';
} elseif ($h == 0) {
$meridian = 'AM';
} else {
$meridian = 'AM';
}
$email_reminder_time = str_pad($h, 2, '0', STR_PAD_LEFT) . ':' . $m . ' ' . $meridian;
$reminder_string_begining = 'Reminder set for ' . $email_reminder_period . ' ' . ($email_reminder_unit == 'D' ? 'Day(s)' : ($email_reminder_unit == 'W' ? 'Week(s)' : ($email_reminder_unit == 'M' ? 'Month(s)' : ''))) . " from Due Date: ";
$reminder_string_end = " at " . $email_reminder_time;
}
if ($due_date->isToday($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="today">' . $reminder_string_begining . '<span class="number">' . lang('Today') . '</span>' . $reminder_string_end . '</span>';
} else {
return '<span class="today"><span class="number">' . lang('Due Today') . '</span></span>';
}
} elseif ($due_date->isYesterday($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="late" title="' . clean($date) . '">' . $reminder_string_begining . lang('<span class="number">1 Day Late</span>') . $reminder_string_end . '</span>';
} else {
return '<span class="late" title="' . clean($date) . '">' . lang('<span class="number">1 Day Late</span>') . '</span>';
}
} elseif ($due_date->isTomorrow($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="upcoming" title="' . clean($date) . '">' . $reminder_string_begining . '<span class="number">' . lang('Tomorrow') . '</span>' . $reminder_string_end . '</span>';
} else {
return '<span class="upcoming" title="' . clean($date) . '"><span class="number">' . lang('Due Tomorrow') . '</span></span>';
}
} else {
$now = new DateTimeValue();
$now->advance($offset);
$now = $now->beginningOfDay();
$due_date->beginningOfDay();
if ($due_date->getTimestamp() > $now->getTimestamp()) {
//return '<span class="upcoming" title="' . clean($date) . '">' . lang('Due in <span class="number">:days</span> Days', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
//return '<span class="upcoming" title="' . clean($date) . '">' . lang('<span class="number">:days</span> Days', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
if (!empty($reminder_string_begining)) {
return '<span class="upcoming" title="' . clean($date) . '">' . $reminder_string_begining . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days)', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . $reminder_string_end . '</span>';
} else {
return '<span class="upcoming" title="' . clean($date) . '">Due ' . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days)', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
}
} else {
//return '<span class="late" title="' . clean($date) . '">' . lang('<span class="number">:days</span> Days Late', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . '</span>';
if (!empty($reminder_string_begining)) {
return '<span class="late" title="' . clean($date) . '">' . $reminder_string_begining . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days Late)', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . $reminder_string_end . '</span>';
} else {
return '<span class="late" title="' . clean($date) . '">Due ' . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days Late)', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . '</span>';
}
}
// if
}
// if
} else {
//return lang('No Due Date');
return lang('--');
}
// if
}
/**
* Sets multiple fields on a user
*
* @param integer $p_user_id A valid user identifier.
* @param array $p_fields Keys are the field names and the values are the field values.
* @return void
*/
function user_set_fields($p_user_id, array $p_fields)
{
if (!array_key_exists('protected', $p_fields)) {
user_ensure_unprotected($p_user_id);
}
$t_query = 'UPDATE {user}';
$t_parameters = array();
foreach ($p_fields as $t_field_name => $t_field_value) {
$c_field_name = db_prepare_string($t_field_name);
if (count($t_parameters) == 0) {
$t_query .= ' SET ' . $c_field_name . '=' . db_param();
} else {
$t_query .= ' , ' . $c_field_name . '=' . db_param();
}
array_push($t_parameters, $t_field_value);
}
$t_query .= ' WHERE id=' . db_param();
array_push($t_parameters, (int) $p_user_id);
db_query($t_query, $t_parameters);
user_clear_cache($p_user_id);
}
/**
* Move any attachments as needed when a bug is moved from project to project.
*
* @param integer $p_bug_id ID of bug containing attachments to be moved.
* @param integer $p_project_id_to Destination project ID for the bug.
* @return void
*
* @todo: this function can't cope with source or target storing attachments in DB
*/
function file_move_bug_attachments($p_bug_id, $p_project_id_to)
{
$t_project_id_from = bug_get_field($p_bug_id, 'project_id');
if ($t_project_id_from == $p_project_id_to) {
return;
}
$t_method = config_get('file_upload_method');
if ($t_method != DISK) {
return;
}
if (!file_bug_has_attachments($p_bug_id)) {
return;
}
$t_path_from = project_get_field($t_project_id_from, 'file_path');
if (is_blank($t_path_from)) {
$t_path_from = config_get('absolute_path_default_upload_folder', null, null, $t_project_id_from);
}
file_ensure_valid_upload_path($t_path_from);
$t_path_to = project_get_field($p_project_id_to, 'file_path');
if (is_blank($t_path_to)) {
$t_path_to = config_get('absolute_path_default_upload_folder', null, null, $p_project_id_to);
}
file_ensure_valid_upload_path($t_path_to);
if ($t_path_from == $t_path_to) {
return;
}
# Initialize the update query to update a single row
$c_bug_id = (int) $p_bug_id;
$t_query_disk_attachment_update = 'UPDATE {bug_file}
SET folder=' . db_param() . '
WHERE bug_id=' . db_param() . '
AND id =' . db_param();
$t_attachment_rows = bug_get_attachments($p_bug_id);
$t_attachments_count = count($t_attachment_rows);
for ($i = 0; $i < $t_attachments_count; $i++) {
$t_row = $t_attachment_rows[$i];
$t_basename = basename($t_row['diskfile']);
$t_disk_file_name_from = file_path_combine($t_path_from, $t_basename);
$t_disk_file_name_to = file_path_combine($t_path_to, $t_basename);
if (!file_exists($t_disk_file_name_to)) {
chmod($t_disk_file_name_from, 0775);
if (!rename($t_disk_file_name_from, $t_disk_file_name_to)) {
if (!copy($t_disk_file_name_from, $t_disk_file_name_to)) {
trigger_error(ERROR_FILE_MOVE_FAILED, ERROR);
}
file_delete_local($t_disk_file_name_from);
}
chmod($t_disk_file_name_to, config_get('attachments_file_permissions'));
db_query($t_query_disk_attachment_update, array(db_prepare_string($t_path_to), $c_bug_id, (int) $t_row['id']));
} else {
trigger_error(ERROR_FILE_DUPLICATE, ERROR);
}
}
}
function mci_file_add($p_id, $p_name, $p_content, $p_file_type, $p_table, $p_title = '', $p_desc = '', $p_user_id = null)
{
if (!file_type_check($p_name)) {
return new soap_fault('Client', '', 'File type not allowed.');
}
if (!file_is_name_unique($p_name, $p_id)) {
return new soap_fault('Client', '', 'Duplicate filename.');
}
$t_file_size = strlen($p_content);
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
if ($t_file_size > $t_max_file_size) {
return new soap_fault('Client', '', 'File is too big.');
}
if ('bug' == $p_table) {
$t_project_id = bug_get_field($p_id, 'project_id');
$t_issue_id = bug_format_id($p_id);
} else {
$t_project_id = $p_id;
$t_issue_id = 0;
}
# prepare variables for insertion
$c_issue_id = db_prepare_int($t_issue_id);
$c_project_id = db_prepare_int($t_project_id);
$c_file_type = db_prepare_string($p_file_type);
$c_title = db_prepare_string($p_title);
$c_desc = db_prepare_string($p_desc);
if ($p_user_id === null) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = (int) $p_user_id;
}
if ($t_project_id == ALL_PROJECTS) {
$t_file_path = config_get('absolute_path_default_upload_folder');
} else {
$t_file_path = project_get_field($t_project_id, 'file_path');
if ($t_file_path == '') {
$t_file_path = config_get('absolute_path_default_upload_folder');
}
}
$c_file_path = db_prepare_string($t_file_path);
$c_new_file_name = db_prepare_string($p_name);
$t_file_hash = $t_issue_id;
$t_disk_file_name = $t_file_path . file_generate_unique_name($t_file_hash . '-' . $p_name, $t_file_path);
$c_disk_file_name = db_prepare_string($t_disk_file_name);
$t_file_size = strlen($p_content);
$c_file_size = db_prepare_int($t_file_size);
$t_method = config_get('file_upload_method');
switch ($t_method) {
case FTP:
case DISK:
if (!file_exists($t_file_path) || !is_dir($t_file_path) || !is_writable($t_file_path) || !is_readable($t_file_path)) {
return new soap_fault('Server', '', "Upload folder '{$t_file_path}' doesn't exist.");
}
file_ensure_valid_upload_path($t_file_path);
if (!file_exists($t_disk_file_name)) {
mci_file_write_local($t_disk_file_name, $p_content);
if (FTP == $t_method) {
$conn_id = file_ftp_connect();
file_ftp_put($conn_id, $t_disk_file_name, $t_disk_file_name);
file_ftp_disconnect($conn_id);
file_delete_local($t_disk_file_name);
} else {
chmod($t_disk_file_name, config_get('attachments_file_permissions'));
}
$c_content = "''";
}
break;
case DATABASE:
$c_content = db_prepare_binary_string($p_content);
break;
}
$t_file_table = db_get_table($p_table . '_file');
$c_id = 'bug' == $p_table ? $c_issue_id : $c_project_id;
$query = "INSERT INTO {$t_file_table}\n\t\t\t(" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content, user_id)\n\t\tVALUES\n\t\t\t({$c_id}, '{$c_title}', '{$c_desc}', '{$c_disk_file_name}', '{$c_new_file_name}', '{$c_file_path}', {$c_file_size}, '{$c_file_type}', '" . db_now() . "', {$c_content}, {$c_user_id})";
db_query($query);
# get attachment id
$t_attachment_id = db_insert_id($t_file_table);
if ('bug' == $p_table) {
# updated the last_updated date
$result = bug_update_date($c_issue_id);
# log new bug
history_log_event_special($c_issue_id, FILE_ADDED, $c_new_file_name);
}
return $t_attachment_id;
}
}
}
echo '</td>';
}
echo '</tr></table></center>';
$t_where_params = null;
if ($f_filter === 'ALL') {
$t_where = '(1 = 1)';
} else {
if ($f_filter === 'UNUSED') {
$t_where = '(login_count = 0) AND ( date_created = last_visit )';
} else {
if ($f_filter === 'NEW') {
$t_where = db_helper_compare_days("" . db_now() . "", "date_created", "<= {$days_old}");
} else {
$c_prefix = db_prepare_string($f_filter);
$t_where = "(UPPER(username) LIKE '{$c_prefix}%')";
}
}
}
$p_per_page = 50;
$t_offset = ($f_page_number - 1) * $p_per_page;
$total_user_count = 0;
# Get the user data in $c_sort order
$result = '';
if (1 == $c_show_disabled) {
$t_show_disabled_cond = '';
} else {
$t_show_disabled_cond = ' AND enabled = ' . db_prepare_bool(true);
}
if (0 == $c_hide_inactive) {
require_once 'core.php';
# helper_ensure_post();
# lost password feature disabled or reset password via email disabled -> stop here!
if (OFF == config_get('lost_password_feature') || OFF == config_get('send_reset_password') || OFF == config_get('enable_email_notification')) {
trigger_error(ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR);
}
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
}
$f_username = gpc_get_string('username');
$f_email = gpc_get_string('email');
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
$c_username = db_prepare_string($f_username);
$c_email = db_prepare_string($f_email);
$t_user_table = config_get('mantis_user_table');
# @@@ Consider moving this query to user_api.php
$query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = \'' . $c_username . '\' AND email = \'' . $c_email . '\' AND enabled=1';
$result = db_query($query);
if (0 == db_num_rows($result)) {
trigger_error(ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR);
}
if (is_blank($f_email)) {
trigger_error(ERROR_LOST_PASSWORD_NO_EMAIL_SPECIFIED, ERROR);
}
$row = db_fetch_array($result);
$t_user_id = $row['id'];
if (user_is_protected($t_user_id)) {
trigger_error(ERROR_PROTECTED_ACCOUNT, ERROR);
}
/**
* Delete selected records
*/
function deleteRecords()
{
global $globalEvents;
$this->deleteMessage = "";
if (@$_REQUEST["mdelete"]) {
foreach (@$_REQUEST["mdelete"] as $ind) {
for ($i = 0; $i < count($this->arrKeyFields); $i++) {
$keys[$this->arrKeyFields[$i]] = refine($_REQUEST["mdelete" . ($i + 1)][mdeleteIndex($ind)]);
}
$this->selectedRecs[] = $keys;
}
} elseif (@$_REQUEST["selection"]) {
foreach (@$_REQUEST["selection"] as $keyblock) {
$arr = explode("&", refine($keyblock));
if (count($arr) < count($this->arrKeyFields)) {
continue;
}
for ($i = 0; $i < count($this->arrKeyFields); $i++) {
$keys[$this->arrKeyFields[$i]] = urldecode(@$arr[$i]);
}
$this->selectedRecs[] = $keys;
}
}
$this->recordsDeleted = 0;
$this->lockDelRec = array();
foreach ($this->selectedRecs as $keys) {
$where = KeyWhere($keys);
// delete only owned records
if ($this->nSecOptions != ADVSECURITY_ALL && $this->nLoginMethod == SECURITY_TABLE && $this->createLoginPage) {
$where = whereAdd($where, SecuritySQL("Delete"));
}
$strSQl = "delete from " . AddTableWrappers($this->origTName) . " where " . $where;
$retval = true;
$deletedrs = db_query(SQLQuery::gSQLWhere_having($this->gsqlHead, $this->gsqlFrom, $this->gsqlWhereExpr, $this->gsqlGroupBy, $this->gsqlHaving, $where), $this->conn);
$deleted_values = $this->cipherer->DecryptFetchedArray($deletedrs);
if ($globalEvents->exists("IsRecordEditable", $this->tName)) {
if (!$globalEvents->IsRecordEditable($deleted_values, true, $this->tName)) {
continue;
}
}
if ($this->eventExists("BeforeDelete")) {
$tdeleteMessage = $this->deleteMessage;
$retval = $this->eventsObject->BeforeDelete($where, $deleted_values, $tdeleteMessage, $this);
$this->deleteMessage = $tdeleteMessage;
}
$lockRecord = false;
if ($this->lockingObj) {
$lockWhere = "";
foreach ($keys as $keysvalue) {
$lockWhere .= rawurlencode($keysvalue) . "&";
}
$lockWhere = substr($lockWhere, 0, -1);
$lockSQL = "select * from " . AddTableWrappers("") . " where " . AddFieldWrappers("keys") . "=" . db_prepare_string($lockWhere) . " and " . AddFieldWrappers("table") . "=" . db_prepare_string($this->origTName) . " and " . AddFieldWrappers("action") . "=1";
$lockSet = db_query($lockSQL, $this->conn);
if ($data = db_fetch_array($lockSet)) {
$lockRecord = true;
$this->lockDelRec[] = $keys;
}
if ($this->mode == LIST_SIMPLE) {
$_SESSION[$this->sessionPrefix . "_lockDelRec"] = $this->lockDelRec;
}
}
if (!$lockRecord && @$_REQUEST["a"] == "delete" && $retval) {
$this->recordsDeleted++;
// delete associated uploaded files if any
DeleteUploadedFiles($this->pSet, $deleted_values);
LogInfo($strSQl);
db_exec($strSQl, $this->conn);
if ($this->audit && $deleted_values) {
$fieldsList = $this->pSet->getFieldsList();
$i = 0;
foreach ($deleted_values as $key => $value) {
if (IsBinaryType($this->pSet->getFieldType($fieldsList[$i]))) {
$deleted_audit_values[$fieldsList[$i]] = $value;
} else {
$deleted_audit_values[$key] = $value;
}
$i++;
}
$this->audit->LogDelete($this->tName, $deleted_audit_values, $keys);
}
if ($this->eventExists("AfterDelete")) {
$tdeleteMessage = $this->deleteMessage;
$this->eventsObject->AfterDelete($where, $deleted_values, $tdeleteMessage, $this);
$this->deleteMessage = $tdeleteMessage;
}
}
if (strlen($this->deleteMessage)) {
$this->xt->assignbyref("message", $this->deleteMessage);
$this->xt->assign("message_block", true);
}
}
if (count($this->selectedRecs) && $this->eventExists("AfterMassDelete")) {
$this->eventsObject->AfterMassDelete($this->recordsDeleted, $this);
}
}
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
if (!$p_allow_protected) {
user_ensure_unprotected($p_user_id);
}
$t_email = user_get_field($p_user_id, 'email');
$t_username = user_get_field($p_user_id, 'username');
# When the password is changed, invalidate the cookie to expire sessions that
# may be active on all browsers.
$t_seed = $t_email . $t_username;
$c_cookie_string = db_prepare_string(auth_generate_unique_cookie_string($t_seed));
$c_user_id = db_prepare_int($p_user_id);
$c_password = db_prepare_string(auth_process_plain_password($p_password));
$c_user_table = config_get('mantis_user_table');
$query = "UPDATE {$c_user_table}\n\t\t\t\t SET password='******',\n\t\t\t\t cookie_string='{$c_cookie_string}'\n\t\t\t\t WHERE id='{$c_user_id}'";
db_query($query);
#db_query() errors on failure so:
return true;
}
function UnlockAdmin($strtable, $keys, $startEdit)
{
$skeys = "";
foreach ($keys as $ind => $val) {
if (strlen($skeys)) {
$skeys .= "&";
}
$skeys .= rawurlencode($val);
}
$sdate = now();
if ($startEdit) {
// add a record - lock
$this->TableObj->startdatetime = $sdate;
$this->TableObj->confirmdatetime = $sdate;
$this->TableObj->sessionid = session_id();
$this->TableObj->table = $strtable;
$this->TableObj->keys = $skeys;
$this->TableObj->userid = $this->UserID;
$this->TableObj->action = 1;
$this->TableObj->Add();
}
// delete all other locking records
$rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("table") . "=" . db_prepare_string($strtable) . " and " . AddFieldWrappers("keys") . "=" . db_prepare_string($skeys) . " and " . AddFieldWrappers("action") . "=1 and " . AddFieldWrappers("sessionid") . "<>'" . session_id() . "' ");
// inform other users that their locking were removed by locking
$rstmp = CustomQuery("delete from " . AddTableWrappers($this->lockTableName) . " where " . AddFieldWrappers("startdatetime") . "<'" . format_datetime_custom(adddays(db2time(now()), -2), "yyyy-MM-dd HH:mm:ss") . "' and " . AddFieldWrappers("action") . "=2");
$this->TableObj->startdatetime = $sdate;
$this->TableObj->confirmdatetime = $sdate;
$this->TableObj->sessionid = session_id();
$this->TableObj->table = $strtable;
$this->TableObj->keys = $skeys;
$this->TableObj->userid = $this->UserID;
$this->TableObj->action = 2;
$this->TableObj->Add();
}
/**
* @todo Had to make all these parameters required because we can't use
* call-time pass by reference anymore. I really preferred not having
* to pass all the params in if you didn't want to, but I wanted to get
* rid of the errors for now. If we can think of a better way later
* (maybe return an object) that would be great.
*
* @param int $p_page_number the page you want to see (set to the actual page on return)
* @param int $p_per_page the number of bugs to see per page (set to actual on return)
* -1 indicates you want to see all bugs
* null indicates you want to use the value specified in the filter
* @param int $p_page_count you don't need to give a value here, the number of pages will be stored here on return
* @param int $p_bug_count you don't need to give a value here, the number of bugs will be stored here on return
* @param mixed $p_custom_filter Filter to use.
* @param int $p_project_id project id to use in filtering.
* @param int $p_user_id user id to use as current user when filtering.
* @param bool $p_show_sticky get sticky issues only.
*/
function filter_get_bug_rows(&$p_page_number, &$p_per_page, &$p_page_count, &$p_bug_count, $p_custom_filter = null, $p_project_id = null, $p_user_id = null, $p_show_sticky = null)
{
log_event(LOG_FILTERING, 'START NEW FILTER QUERY');
$t_bug_table = db_get_table('bug');
$t_bug_text_table = db_get_table('bug_text');
$t_bugnote_table = db_get_table('bugnote');
$t_category_table = db_get_table('category');
$t_custom_field_string_table = db_get_table('custom_field_string');
$t_bugnote_text_table = db_get_table('bugnote_text');
$t_project_table = db_get_table('project');
$t_bug_monitor_table = db_get_table('bug_monitor');
$t_limit_reporters = config_get('limit_reporters');
$t_bug_relationship_table = db_get_table('bug_relationship');
$t_report_bug_threshold = config_get('report_bug_threshold');
$t_where_param_count = 0;
$t_current_user_id = auth_get_current_user_id();
if (null === $p_user_id) {
$t_user_id = $t_current_user_id;
} else {
$t_user_id = $p_user_id;
}
$c_user_id = db_prepare_int($t_user_id);
if (null === $p_project_id) {
# @@@ If project_id is not specified, then use the project id(s) in the filter if set, otherwise, use current project.
$t_project_id = helper_get_current_project();
} else {
$t_project_id = $p_project_id;
}
if ($p_custom_filter === null) {
# Prefer current_user_get_bug_filter() over user_get_filter() when applicable since it supports
# cookies set by previous version of the code.
if ($t_user_id == $t_current_user_id) {
$t_filter = current_user_get_bug_filter();
} else {
$t_filter = user_get_bug_filter($t_user_id, $t_project_id);
}
} else {
$t_filter = $p_custom_filter;
}
$t_filter = filter_ensure_valid_filter($t_filter);
if (false === $t_filter) {
return false;
# signify a need to create a cookie
# @@@ error instead?
}
$t_view_type = $t_filter['_view_type'];
$t_where_clauses = array("{$t_project_table}.enabled = " . db_param(), "{$t_project_table}.id = {$t_bug_table}.project_id");
$t_where_params = array(1);
$t_select_clauses = array("{$t_bug_table}.*");
$t_join_clauses = array();
$t_from_clauses = array();
// normalize the project filtering into an array $t_project_ids
if ('simple' == $t_view_type) {
log_event(LOG_FILTERING, 'Simple Filter');
$t_project_ids = array($t_project_id);
$t_include_sub_projects = true;
} else {
log_event(LOG_FILTERING, 'Advanced Filter');
if (!is_array($t_filter[FILTER_PROPERTY_PROJECT_ID])) {
$t_project_ids = array(db_prepare_int($t_filter[FILTER_PROPERTY_PROJECT_ID]));
} else {
$t_project_ids = array_map('db_prepare_int', $t_filter[FILTER_PROPERTY_PROJECT_ID]);
}
$t_include_sub_projects = count($t_project_ids) == 1 && ($t_project_ids[0] == META_FILTER_CURRENT || $t_project_ids[0] == ALL_PROJECTS);
}
log_event(LOG_FILTERING, 'project_ids = @P' . implode(', @P', $t_project_ids));
log_event(LOG_FILTERING, 'include sub-projects = ' . ($t_include_sub_projects ? '1' : '0'));
// if the array has ALL_PROJECTS, then reset the array to only contain ALL_PROJECTS.
// replace META_FILTER_CURRENT with the actualy current project id.
$t_all_projects_found = false;
$t_new_project_ids = array();
foreach ($t_project_ids as $t_pid) {
if ($t_pid == META_FILTER_CURRENT) {
$t_pid = $t_project_id;
}
if ($t_pid == ALL_PROJECTS) {
$t_all_projects_found = true;
log_event(LOG_FILTERING, 'all projects selected');
break;
}
// filter out inaccessible projects.
if (!access_has_project_level(VIEWER, $t_pid, $t_user_id)) {
continue;
}
$t_new_project_ids[] = $t_pid;
}
$t_projects_query_required = true;
if ($t_all_projects_found) {
if (user_is_administrator($t_user_id)) {
log_event(LOG_FILTERING, 'all projects + administrator, hence no project filter.');
$t_projects_query_required = false;
} else {
$t_project_ids = user_get_accessible_projects($t_user_id);
}
} else {
$t_project_ids = $t_new_project_ids;
}
if ($t_projects_query_required) {
// expand project ids to include sub-projects
if ($t_include_sub_projects) {
$t_top_project_ids = $t_project_ids;
foreach ($t_top_project_ids as $t_pid) {
log_event(LOG_FILTERING, 'Getting sub-projects for project id @P' . $t_pid);
$t_subproject_ids = user_get_all_accessible_subprojects($t_user_id, $t_pid);
if (!$t_subproject_ids) {
continue;
}
$t_project_ids = array_merge($t_project_ids, $t_subproject_ids);
}
$t_project_ids = array_unique($t_project_ids);
}
// if no projects are accessible, then return an empty array.
if (count($t_project_ids) == 0) {
log_event(LOG_FILTERING, 'no accessible projects');
return array();
}
log_event(LOG_FILTERING, 'project_ids after including sub-projects = @P' . implode(', @P', $t_project_ids));
// this array is to be populated with project ids for which we only want to show public issues. This is due to the limited
// access of the current user.
$t_public_only_project_ids = array();
// this array is populated with project ids that the current user has full access to.
$t_private_and_public_project_ids = array();
foreach ($t_project_ids as $t_pid) {
$t_access_required_to_view_private_bugs = config_get('private_bug_threshold', null, null, $t_pid);
if (access_has_project_level($t_access_required_to_view_private_bugs, $t_pid, $t_user_id)) {
$t_private_and_public_project_ids[] = $t_pid;
} else {
$t_public_only_project_ids[] = $t_pid;
}
}
log_event(LOG_FILTERING, 'project_ids (with public/private access) = @P' . implode(', @P', $t_private_and_public_project_ids));
log_event(LOG_FILTERING, 'project_ids (with public access) = @P' . implode(', @P', $t_public_only_project_ids));
$t_count_private_and_public_project_ids = count($t_private_and_public_project_ids);
if ($t_count_private_and_public_project_ids == 1) {
$t_private_and_public_query = "( {$t_bug_table}.project_id = " . $t_private_and_public_project_ids[0] . " )";
} else {
if ($t_count_private_and_public_project_ids > 1) {
$t_private_and_public_query = "( {$t_bug_table}.project_id in (" . implode(', ', $t_private_and_public_project_ids) . ") )";
} else {
$t_private_and_public_query = null;
}
}
$t_count_public_only_project_ids = count($t_public_only_project_ids);
$t_public_view_state_check = "( ( {$t_bug_table}.view_state = " . VS_PUBLIC . " ) OR ( {$t_bug_table}.reporter_id = {$t_user_id} ) )";
if ($t_count_public_only_project_ids == 1) {
$t_public_only_query = "( ( {$t_bug_table}.project_id = " . $t_public_only_project_ids[0] . " ) AND {$t_public_view_state_check} )";
} else {
if ($t_count_public_only_project_ids > 1) {
$t_public_only_query = "( ( {$t_bug_table}.project_id in (" . implode(', ', $t_public_only_project_ids) . ") ) AND {$t_public_view_state_check} )";
} else {
$t_public_only_query = null;
}
}
// both queries can't be null, so we either have one of them or both.
if ($t_private_and_public_query === null) {
$t_project_query = $t_public_only_query;
} else {
if ($t_public_only_query === null) {
$t_project_query = $t_private_and_public_query;
} else {
$t_project_query = "( {$t_public_only_query} OR {$t_private_and_public_query} )";
}
}
log_event(LOG_FILTERING, 'project query = ' . $t_project_query);
array_push($t_where_clauses, $t_project_query);
}
# view state
$t_view_state = db_prepare_int($t_filter[FILTER_PROPERTY_VIEW_STATE]);
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_VIEW_STATE])) {
$t_view_state_query = "({$t_bug_table}.view_state=" . db_param() . ')';
log_event(LOG_FILTERING, 'view_state query = ' . $t_view_state_query);
$t_where_params[] = $t_view_state;
array_push($t_where_clauses, $t_view_state_query);
} else {
log_event(LOG_FILTERING, 'no view_state query');
}
# reporter
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_REPORTER_ID])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_REPORTER_ID] as $t_filter_member) {
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, "0");
} else {
$c_reporter_id = db_prepare_int($t_filter_member);
if (filter_field_is_myself($c_reporter_id)) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_reporter_id);
}
}
}
if (1 < count($t_clauses)) {
$t_reporter_query = "( {$t_bug_table}.reporter_id in (" . implode(', ', $t_clauses) . ") )";
} else {
$t_reporter_query = "( {$t_bug_table}.reporter_id={$t_clauses['0']} )";
}
log_event(LOG_FILTERING, 'reporter query = ' . $t_reporter_query);
array_push($t_where_clauses, $t_reporter_query);
} else {
log_event(LOG_FILTERING, 'no reporter query');
}
# limit reporter
# @@@ thraxisp - access_has_project_level checks greater than or equal to,
# this assumed that there aren't any holes above REPORTER where the limit would apply
#
if (ON === $t_limit_reporters && !access_has_project_level(REPORTER + 1, $t_project_id, $t_user_id)) {
$c_reporter_id = $c_user_id;
$t_where_params[] = $c_reporter_id;
array_push($t_where_clauses, "({$t_bug_table}.reporter_id=" . db_param() . ')');
}
# handler
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_HANDLER_ID])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_HANDLER_ID] as $t_filter_member) {
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, 0);
} else {
$c_handler_id = db_prepare_int($t_filter_member);
if (filter_field_is_myself($c_handler_id)) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_handler_id);
}
}
}
if (1 < count($t_clauses)) {
$t_handler_query = "( {$t_bug_table}.handler_id in (" . implode(', ', $t_clauses) . ") )";
} else {
$t_handler_query = "( {$t_bug_table}.handler_id={$t_clauses['0']} )";
}
log_event(LOG_FILTERING, 'handler query = ' . $t_handler_query);
array_push($t_where_clauses, $t_handler_query);
} else {
log_event(LOG_FILTERING, 'no handler query');
}
# category
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_CATEGORY_ID])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_CATEGORY_ID] as $t_filter_member) {
if (!filter_field_is_none($t_filter_member)) {
array_push($t_clauses, $t_filter_member);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.category_id in ( SELECT id FROM {$t_category_table} WHERE name in (" . implode(', ', $t_where_tmp) . ") ) )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.category_id in ( SELECT id FROM {$t_category_table} WHERE name=" . db_param() . ") )");
}
}
# severity
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_SEVERITY])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_SEVERITY] as $t_filter_member) {
$c_show_severity = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_severity);
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.severity in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.severity=" . db_param() . " )");
}
}
# show / hide status
# take a list of all available statuses then remove the ones that we want hidden, then make sure
# the ones we want shown are still available
$t_desired_statuses = array();
$t_available_statuses = MantisEnum::getValues(config_get('status_enum_string'));
if ('simple' == $t_filter['_view_type']) {
# simple filtering: if showing any, restrict by the hide status value, otherwise ignore the hide
$t_any_found = false;
$t_this_status = $t_filter[FILTER_PROPERTY_STATUS][0];
$t_this_hide_status = $t_filter[FILTER_PROPERTY_HIDE_STATUS][0];
if (filter_field_is_any($t_this_status)) {
foreach ($t_available_statuses as $t_this_available_status) {
if ($t_this_hide_status > $t_this_available_status) {
$t_desired_statuses[] = $t_this_available_status;
}
}
} else {
$t_desired_statuses[] = $t_this_status;
}
} else {
# advanced filtering: ignore the hide
if (filter_field_is_any($t_filter[FILTER_PROPERTY_STATUS])) {
$t_desired_statuses = array();
} else {
foreach ($t_filter[FILTER_PROPERTY_STATUS] as $t_this_status) {
$t_desired_statuses[] = $t_this_status;
}
}
}
if (count($t_desired_statuses) > 0) {
$t_clauses = array();
foreach ($t_desired_statuses as $t_filter_member) {
$c_show_status = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_status);
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.status in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.status=" . db_param() . " )");
}
}
# resolution
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_RESOLUTION])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_RESOLUTION] as $t_filter_member) {
$c_show_resolution = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_resolution);
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.resolution in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.resolution=" . db_param() . " )");
}
}
# priority
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_PRIORITY])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_PRIORITY] as $t_filter_member) {
$c_show_priority = db_prepare_int($t_filter_member);
array_push($t_clauses, $c_show_priority);
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.priority in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.priority=" . db_param() . " )");
}
}
# product build
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_BUILD])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_BUILD] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_show_build = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_show_build);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.build in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.build=" . db_param() . " )");
}
}
# product version
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_VERSION])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_VERSION] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_show_version = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_show_version);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.version in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.version=" . db_param() . " )");
}
}
# profile
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_PROFILE_ID])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_PROFILE_ID] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, "0");
} else {
$c_show_profile = db_prepare_int($t_filter_member);
array_push($t_clauses, "{$c_show_profile}");
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.profile_id in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.profile_id=" . db_param() . " )");
}
}
# platform
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_PLATFORM])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_PLATFORM] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_platform = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_platform);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.platform in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.platform = " . db_param() . " )");
}
}
# os
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_OS])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_OS] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_os = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_os);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.os in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.os = " . db_param() . " )");
}
}
# os_build
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_OS_BUILD])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_OS_BUILD] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_os_build = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_os_build);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.os_build in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.os_build = " . db_param() . " )");
}
}
# date filter
if ('on' == $t_filter[FILTER_PROPERTY_FILTER_BY_DATE] && is_numeric($t_filter[FILTER_PROPERTY_START_MONTH]) && is_numeric($t_filter[FILTER_PROPERTY_START_DAY]) && is_numeric($t_filter[FILTER_PROPERTY_START_YEAR]) && is_numeric($t_filter[FILTER_PROPERTY_END_MONTH]) && is_numeric($t_filter[FILTER_PROPERTY_END_DAY]) && is_numeric($t_filter[FILTER_PROPERTY_END_YEAR])) {
$t_start_string = $t_filter[FILTER_PROPERTY_START_YEAR] . "-" . $t_filter[FILTER_PROPERTY_START_MONTH] . "-" . $t_filter[FILTER_PROPERTY_START_DAY] . " 00:00:00";
$t_end_string = $t_filter[FILTER_PROPERTY_END_YEAR] . "-" . $t_filter[FILTER_PROPERTY_END_MONTH] . "-" . $t_filter[FILTER_PROPERTY_END_DAY] . " 23:59:59";
$t_where_params[] = strtotime($t_start_string);
$t_where_params[] = strtotime($t_end_string);
array_push($t_where_clauses, "({$t_bug_table}.date_submitted BETWEEN " . db_param() . " AND " . db_param() . " )");
}
# fixed in version
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_FIXED_IN_VERSION])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_FIXED_IN_VERSION] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_fixed_in_version = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_fixed_in_version);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.fixed_in_version=" . db_param() . " )");
}
}
# target version
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_TARGET_VERSION])) {
$t_clauses = array();
foreach ($t_filter[FILTER_PROPERTY_TARGET_VERSION] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
array_push($t_clauses, '');
} else {
$c_target_version = db_prepare_string($t_filter_member);
array_push($t_clauses, $c_target_version);
}
}
# echo var_dump( $t_clauses ); exit;
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bug_table}.target_version in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bug_table}.target_version=" . db_param() . " )");
}
}
# users monitoring a bug
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_MONITOR_USER_ID])) {
$t_clauses = array();
$t_table_name = 'user_monitor';
array_push($t_join_clauses, "LEFT JOIN {$t_bug_monitor_table} {$t_table_name} ON {$t_table_name}.bug_id = {$t_bug_table}.id");
foreach ($t_filter[FILTER_PROPERTY_MONITOR_USER_ID] as $t_filter_member) {
$c_user_monitor = db_prepare_int($t_filter_member);
if (filter_field_is_myself($c_user_monitor)) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_user_monitor);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_table_name}.user_id in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_table_name}.user_id=" . db_param() . " )");
}
}
# bug relationship
$t_any_found = false;
$c_rel_type = $t_filter[FILTER_PROPERTY_RELATIONSHIP_TYPE];
$c_rel_bug = $t_filter[FILTER_PROPERTY_RELATIONSHIP_BUG];
if (-1 == $c_rel_type || 0 == $c_rel_bug) {
$t_any_found = true;
}
if (!$t_any_found) {
# use the complementary type
$t_comp_type = relationship_get_complementary_type($c_rel_type);
$t_clauses = array();
$t_table_name = 'relationship';
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name} ON {$t_table_name}.destination_bug_id = {$t_bug_table}.id");
array_push($t_join_clauses, "LEFT JOIN {$t_bug_relationship_table} {$t_table_name}2 ON {$t_table_name}2.source_bug_id = {$t_bug_table}.id");
// get reverse relationships
$t_where_params[] = $t_comp_type;
$t_where_params[] = $c_rel_bug;
$t_where_params[] = $c_rel_type;
$t_where_params[] = $c_rel_bug;
array_push($t_clauses, "({$t_table_name}.relationship_type=" . db_param() . " AND {$t_table_name}.source_bug_id=" . db_param() . ')');
array_push($t_clauses, "({$t_table_name}" . "2.relationship_type=" . db_param() . " AND {$t_table_name}" . "2.destination_bug_id=" . db_param() . ')');
array_push($t_where_clauses, '(' . implode(' OR ', $t_clauses) . ')');
}
# tags
$c_tag_string = trim($t_filter[FILTER_PROPERTY_TAG_STRING]);
$c_tag_select = trim($t_filter[FILTER_PROPERTY_TAG_SELECT]);
if (is_blank($c_tag_string) && !is_blank($c_tag_select) && $c_tag_select != 0) {
$t_tag = tag_get($c_tag_select);
$c_tag_string = $t_tag['name'];
}
if (!is_blank($c_tag_string)) {
$t_tags = tag_parse_filters($c_tag_string);
if (count($t_tags)) {
$t_tags_all = array();
$t_tags_any = array();
$t_tags_none = array();
foreach ($t_tags as $t_tag_row) {
switch ($t_tag_row['filter']) {
case 1:
$t_tags_all[] = $t_tag_row;
break;
case 0:
$t_tags_any[] = $t_tag_row;
break;
case -1:
$t_tags_none[] = $t_tag_row;
break;
}
}
if (0 < $t_filter[FILTER_PROPERTY_TAG_SELECT] && tag_exists($t_filter[FILTER_PROPERTY_TAG_SELECT])) {
$t_tags_any[] = tag_get($t_filter[FILTER_PROPERTY_TAG_SELECT]);
}
$t_bug_tag_table = db_get_table('bug_tag');
if (count($t_tags_all)) {
$t_clauses = array();
foreach ($t_tags_all as $t_tag_row) {
array_push($t_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE {$t_bug_tag_table}.tag_id = {$t_tag_row['id']} )");
}
array_push($t_where_clauses, '(' . implode(' AND ', $t_clauses) . ')');
}
if (count($t_tags_any)) {
$t_clauses = array();
foreach ($t_tags_any as $t_tag_row) {
array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
}
array_push($t_where_clauses, "{$t_bug_table}.id IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
}
if (count($t_tags_none)) {
$t_clauses = array();
foreach ($t_tags_none as $t_tag_row) {
array_push($t_clauses, "{$t_bug_tag_table}.tag_id = {$t_tag_row['id']}");
}
array_push($t_where_clauses, "{$t_bug_table}.id NOT IN ( SELECT bug_id FROM {$t_bug_tag_table} WHERE ( " . implode(' OR ', $t_clauses) . ') )');
}
}
}
# note user id
if (!filter_field_is_any($t_filter[FILTER_PROPERTY_NOTE_USER_ID])) {
$t_bugnote_table_alias = 'mbnt';
$t_clauses = array();
array_push($t_from_clauses, "{$t_bugnote_table} {$t_bugnote_table_alias}");
array_push($t_where_clauses, "( {$t_bug_table}.id = {$t_bugnote_table_alias}.bug_id )");
foreach ($t_filter[FILTER_PROPERTY_NOTE_USER_ID] as $t_filter_member) {
$c_note_user_id = db_prepare_int($t_filter_member);
if (filter_field_is_myself($c_note_user_id)) {
array_push($t_clauses, $c_user_id);
} else {
array_push($t_clauses, $c_note_user_id);
}
}
if (1 < count($t_clauses)) {
$t_where_tmp = array();
foreach ($t_clauses as $t_clause) {
$t_where_tmp[] = db_param();
$t_where_params[] = $t_clause;
}
array_push($t_where_clauses, "( {$t_bugnote_table_alias}.reporter_id in (" . implode(', ', $t_where_tmp) . ") )");
} else {
$t_where_params[] = $t_clauses[0];
array_push($t_where_clauses, "( {$t_bugnote_table_alias}.reporter_id=" . db_param() . " )");
}
}
# plugin filters
$t_plugin_filters = filter_get_plugin_filters();
foreach ($t_plugin_filters as $t_field_name => $t_filter_object) {
if (!filter_field_is_any($t_filter[$t_field_name]) || $t_filter_object->type == FILTER_TYPE_BOOLEAN) {
$t_filter_query = $t_filter_object->query($t_filter[$t_field_name]);
if (is_array($t_filter_query)) {
if (isset($t_filter_query['join'])) {
array_push($t_join_clauses, $t_filter_query['join']);
}
if (isset($t_filter_query['where'])) {
array_push($t_where_clauses, $t_filter_query['where']);
}
if (isset($t_filter_query['params']) && is_array($t_filter_query['params'])) {
$t_where_params = array_merge($t_where_params, $t_filter_query['params']);
}
}
}
}
# custom field filters
if (ON == config_get('filter_by_custom_fields')) {
# custom field filtering
# @@@ At the moment this gets the linked fields relating to the current project
# It should get the ones relating to the project in the filter or all projects
# if multiple projects.
$t_custom_fields = custom_field_get_linked_ids($t_project_id);
foreach ($t_custom_fields as $t_cfid) {
$t_field_info = custom_field_cache_row($t_cfid, true);
if (!$t_field_info['filter_by']) {
continue;
# skip this custom field it shouldn't be filterable
}
$t_custom_where_clause = '';
# Ignore all custom filters that are not set, or that are set to '' or "any"
if (!filter_field_is_any($t_filter['custom_fields'][$t_cfid])) {
$t_def = custom_field_get_definition($t_cfid);
$t_table_name = $t_custom_field_string_table . '_' . $t_cfid;
# We need to filter each joined table or the result query will explode in dimensions
# Each custom field will result in a exponential growth like Number_of_Issues^Number_of_Custom_Fields
# and only after this process ends (if it is able to) the result query will be filtered
# by the WHERE clause and by the DISTINCT clause
$t_cf_join_clause = "LEFT JOIN {$t_custom_field_string_table} {$t_table_name} ON {$t_bug_table}.id = {$t_table_name}.bug_id AND {$t_table_name}.field_id = {$t_cfid}";
if ($t_def['type'] == CUSTOM_FIELD_TYPE_DATE) {
switch ($t_filter['custom_fields'][$t_cfid][0]) {
case CUSTOM_FIELD_DATE_ANY:
break;
case CUSTOM_FIELD_DATE_NONE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.bug_id is null) OR ( ' . $t_table_name . '.value = 0)';
break;
case CUSTOM_FIELD_DATE_BEFORE:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '(( ' . $t_table_name . '.value != 0 AND (' . $t_table_name . '.value+0) < ' . $t_filter['custom_fields'][$t_cfid][2] . ')';
break;
case CUSTOM_FIELD_DATE_AFTER:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '( (' . $t_table_name . '.value+0) > ' . ($t_filter['custom_fields'][$t_cfid][1] + 1);
break;
default:
array_push($t_join_clauses, $t_cf_join_clause);
$t_custom_where_clause = '( (' . $t_table_name . '.value+0) BETWEEN ' . $t_filter['custom_fields'][$t_cfid][1] . ' AND ' . $t_filter['custom_fields'][$t_cfid][2];
break;
}
} else {
array_push($t_join_clauses, $t_cf_join_clause);
$t_filter_array = array();
foreach ($t_filter['custom_fields'][$t_cfid] as $t_filter_member) {
$t_filter_member = stripslashes($t_filter_member);
if (filter_field_is_none($t_filter_member)) {
# coerce filter value if selecting META_FILTER_NONE so it will match empty fields
$t_filter_member = '';
# but also add those _not_ present in the custom field string table
array_push($t_filter_array, "{$t_bug_table}.id NOT IN (SELECT bug_id FROM {$t_custom_field_string_table} WHERE field_id={$t_cfid})");
}
switch ($t_def['type']) {
case CUSTOM_FIELD_TYPE_CHECKBOX:
case CUSTOM_FIELD_TYPE_MULTILIST:
$t_where_params[] = '%|' . $t_filter_member . '|%';
array_push($t_filter_array, db_helper_like("{$t_table_name}.value"));
break;
case CUSTOM_FIELD_TYPE_TEXTAREA:
$t_where_params[] = '%' . $t_filter_member . '%';
array_push($t_filter_array, db_helper_like("{$t_table_name}.text"));
break;
default:
$t_where_params[] = $t_filter_member;
array_push($t_filter_array, "{$t_table_name}.value = " . db_param());
}
}
$t_custom_where_clause .= '(' . implode(' OR ', $t_filter_array);
}
if (!is_blank($t_custom_where_clause)) {
array_push($t_where_clauses, $t_custom_where_clause . ')');
}
}
}
}
# Text search
if (!is_blank($t_filter[FILTER_PROPERTY_SEARCH])) {
# break up search terms by spacing or quoting
preg_match_all("/-?([^'\"\\s]+|\"[^\"]+\"|'[^']+')/", $t_filter[FILTER_PROPERTY_SEARCH], $t_matches, PREG_SET_ORDER);
# organize terms without quoting, paying attention to negation
$t_search_terms = array();
foreach ($t_matches as $t_match) {
$t_search_terms[trim($t_match[1], "\\'\"")] = $t_match[0][0] == '-';
}
# build a big where-clause and param list for all search terms, including negations
$t_first = true;
$t_textsearch_where_clause = "( ";
foreach ($t_search_terms as $t_search_term => $t_negate) {
if (!$t_first) {
$t_textsearch_where_clause .= ' AND ';
}
if ($t_negate) {
$t_textsearch_where_clause .= 'NOT ';
}
$c_search = '%' . $t_search_term . '%';
$t_textsearch_where_clause .= '( ' . db_helper_like('summary') . ' OR ' . db_helper_like("{$t_bug_text_table}.description") . ' OR ' . db_helper_like("{$t_bug_text_table}.steps_to_reproduce") . ' OR ' . db_helper_like("{$t_bug_text_table}.additional_information") . ' OR ' . db_helper_like("{$t_bugnote_text_table}.note");
$t_where_params[] = $c_search;
$t_where_params[] = $c_search;
$t_where_params[] = $c_search;
$t_where_params[] = $c_search;
$t_where_params[] = $c_search;
if (is_numeric($t_search_term)) {
// PostgreSQL on 64-bit OS hack (see #14014)
if (PHP_INT_MAX > 0x7fffffff && db_is_pgsql()) {
$t_search_max = 0x7fffffff;
} else {
$t_search_max = PHP_INT_MAX;
}
// Note: no need to test negative values, '-' sign has been removed
if ($t_search_term <= $t_search_max) {
$c_search_int = (int) $t_search_term;
$t_textsearch_where_clause .= " OR {$t_bug_table}.id = " . db_param();
$t_textsearch_where_clause .= " OR {$t_bugnote_table}.id = " . db_param();
$t_where_params[] = $c_search_int;
$t_where_params[] = $c_search_int;
}
}
$t_textsearch_where_clause .= ' )';
$t_first = false;
}
$t_textsearch_where_clause .= ' )';
# add text query elements to arrays
if (!$t_first) {
$t_from_clauses[] = "{$t_bug_text_table}";
$t_where_clauses[] = "{$t_bug_table}.bug_text_id = {$t_bug_text_table}.id";
$t_where_clauses[] = $t_textsearch_where_clause;
$t_join_clauses[] = " LEFT JOIN {$t_bugnote_table} ON {$t_bug_table}.id = {$t_bugnote_table}.bug_id";
$t_join_clauses[] = " LEFT JOIN {$t_bugnote_text_table} ON {$t_bugnote_table}.bugnote_text_id = {$t_bugnote_text_table}.id";
}
}
# End text search
$t_from_clauses[] = $t_project_table;
$t_from_clauses[] = $t_bug_table;
$t_query_clauses['select'] = $t_select_clauses;
$t_query_clauses['from'] = $t_from_clauses;
$t_query_clauses['join'] = $t_join_clauses;
$t_query_clauses['where'] = $t_where_clauses;
$t_query_clauses['where_values'] = $t_where_params;
$t_query_clauses = filter_get_query_sort_data($t_filter, $p_show_sticky, $t_query_clauses);
# assigning to $p_* for this function writes the values back in case the caller wants to know
# Get the total number of bugs that meet the criteria.
$p_bug_count = filter_get_bug_count($t_query_clauses);
if (0 == $p_bug_count) {
return array();
}
$p_per_page = filter_per_page($t_filter, $p_bug_count, $p_per_page);
$p_page_count = filter_page_count($p_bug_count, $p_per_page);
$p_page_number = filter_valid_page_number($p_page_number, $p_page_count);
$t_offset = filter_offset($p_page_number, $p_per_page);
$t_query_clauses = filter_unique_query_clauses($t_query_clauses);
$t_select_string = "SELECT DISTINCT " . implode(', ', $t_query_clauses['select']);
$t_from_string = " FROM " . implode(', ', $t_query_clauses['from']);
$t_order_string = " ORDER BY " . implode(', ', $t_query_clauses['order']);
$t_join_string = count($t_query_clauses['join']) > 0 ? implode(' ', $t_query_clauses['join']) : '';
$t_where_string = count($t_query_clauses['where']) > 0 ? 'WHERE ' . implode(' AND ', $t_query_clauses['where']) : '';
$t_result = db_query_bound("{$t_select_string} {$t_from_string} {$t_join_string} {$t_where_string} {$t_order_string}", $t_query_clauses['where_values'], $p_per_page, $t_offset);
$t_row_count = db_num_rows($t_result);
$t_id_array_lastmod = array();
for ($i = 0; $i < $t_row_count; $i++) {
$t_row = db_fetch_array($t_result);
$t_id_array_lastmod[] = (int) $t_row['id'];
$t_rows[] = $t_row;
}
return filter_cache_result($t_rows, $t_id_array_lastmod);
}
/**
* prepare a binary string before DB insertion
* @param string $p_string unprepared binary data
* @return string prepared database query string
* @todo Use/Behaviour of this function should be reviewed before 1.2.0 final
*/
function db_prepare_binary_string($p_string)
{
global $g_db;
$t_db_type = config_get_global('db_type');
switch ($t_db_type) {
case 'mssql':
case 'mssqlnative':
case 'odbc_mssql':
case 'ado_mssql':
$content = unpack("H*hex", $p_string);
return '0x' . $content['hex'];
break;
case 'postgres':
case 'postgres64':
case 'postgres7':
case 'pgsql':
return '\'' . pg_escape_bytea($p_string) . '\'';
break;
default:
return '\'' . db_prepare_string($p_string) . '\'';
break;
}
}
$keyToModify[$screen][$key] = false;
}
}
}
foreach ($keyToModify as $screen => $data){
foreach ($data as $key => $val){
$rpt_array[$xml_field][$screen][$key] = $val;
}
}
}
}
$rpt_array['miscellaneous']['print_friendly'] = ($rpt_array['miscellaneous']['print_friendly'] == "true") ? true : false;
// Load and assign styles
$sql_query = "SELECT " . AddFieldWrappers("report_style_id") . "," . AddFieldWrappers("type") . "," . AddFieldWrappers("field") . "," . AddFieldWrappers("group") . "," . AddFieldWrappers("style_str") . "," . AddFieldWrappers("uniq") . ", " . AddFieldWrappers("repname") . ", " . AddFieldWrappers("styletype") . " FROM " . AddTableWrappers("webreport_style") . " WHERE " . AddFieldWrappers("repname") . "=" . db_prepare_string(postvalue('rname')) . " ORDER BY " . AddFieldWrappers("report_style_id") . " ASC";
$rsReport = db_query($sql_query, $conn);
$styleStr = '';
while ($data = db_fetch_numarray($rsReport)){
if ($data[1] == 'table')
$styleStr .= "#legend td{" . $data[4] . "}\n";
else if (($data[2] == 0) && ($data[3] != 0))
$styleStr .= "#legend td.class" . $data[3] . "g" . "{" . $data[4] . "}\n";
else if (($data[2] != 0) && ($data[3] == 0))
$styleStr .= "#legend td.class" . $data[2] . "f" . "{" . $data[4] . "}\n";
else if ($data[5] == 0 && $data[2] != 0 && $data[3] != 0)
$styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f0u{" . $data[4] . "}\n";
else
$styleStr .= "#legend td.class" . $data[3] . "g" . $data[2] . "f" . $data[5] . "u" . "{" . $data[4] . "}\n";
function version_prepare_db($p_version_info)
{
$p_version_info->id = db_prepare_int($p_version_info->id);
$p_version_info->project_id = db_prepare_int($p_version_info->project_id);
$p_version_info->version = db_prepare_string($p_version_info->version);
$p_version_info->description = db_prepare_string($p_version_info->description);
$p_version_info->released = db_prepare_int($p_version_info->released);
$p_version_info->date_order = db_prepare_string($p_version_info->date_order);
return $p_version_info;
}
function smarty_function_recurring_info($params, &$smarty)
{
$object = array_var($params, 'object');
if (!instance_of($object, 'ProjectObject')) {
return new InvalidParamError('object', $object, '$object is expected to be an instance of ProjectObject', true);
}
$info = '';
$sql = "select recurring_period, recurring_period_type, recurring_period_condition, recurring_end_date from healingcrystals_project_object_misc where object_id=?";
$arguments = array($object->getId());
$sql = db_prepare_string($sql, $arguments);
$row = db_execute_all($sql);
if (!empty($row)) {
$entry = $row[0];
$recurring_period = array_var($entry, 'recurring_period');
$recurring_period_type = array_var($entry, 'recurring_period_type');
$recurring_period_condition = array_var($entry, 'recurring_period_condition');
$recurring_end_date = array_var($entry, 'recurring_end_date');
if (!empty($recurring_period) && !empty($recurring_period_type) && $recurring_period_condition) {
$info = 'Recurring every ' . $recurring_period . ' ';
switch ($recurring_period_type) {
case 'D':
$info .= ' day(s) ';
break;
case 'W':
$info .= ' week(s) ';
break;
case 'M':
$info .= ' month(s) ';
break;
}
switch ($recurring_period_condition) {
case 'after_due_date':
$info .= 'after Task is Due';
break;
case 'after_task_complete':
$info .= 'after Task has been Completed';
break;
}
$info = '<span class="recurring">' . $info . '</span>';
}
}
return $info;
if (instance_of($due_date, 'DateValue')) {
require_once SMARTY_PATH . '/plugins/modifier.date.php';
$date = smarty_modifier_date($due_date, 0);
// just printing date, offset is 0!
$reminder_string_begining = '';
$reminder_string_end = '';
$sql = "select auto_email_status, email_reminder_period, email_reminder_unit, email_reminder_time from healingcrystals_project_object_misc where object_id=?";
$arguments = array($object->getId());
$sql = db_prepare_string($sql, $arguments);
$row = db_execute_all($sql);
if (!empty($row)) {
$entry = $row[0];
$auto_email_status = array_var($entry, 'auto_email_status');
$email_reminder_period = array_var($entry, 'email_reminder_period', '0');
$email_reminder_unit = array_var($entry, 'email_reminder_unit', 'D');
$email_reminder_time = array_var($entry, 'email_reminder_time', '06:00');
$meridian = '';
list($h, $m) = explode(':', $email_reminder_time);
$h = (int) $h;
if ($h > 12) {
$h -= 12;
$meridian = 'PM';
} elseif ($h == 0) {
$meridian = 'PM';
} else {
$meridian = 'AM';
}
$email_reminder_time = str_pad($h, 2, '0', STR_PAD_LEFT) . ':' . $m . ' ' . $meridian;
$reminder_string_begining = 'Reminder set for ' . $email_reminder_period . ' ' . ($email_reminder_unit == 'D' ? 'Day(s)' : ($email_reminder_unit == 'W' ? 'Week(s)' : ($email_reminder_unit == 'M' ? 'Month(s)' : ''))) . " from Due Date: ";
$reminder_string_end = " at " . $email_reminder_time;
}
if ($due_date->isToday($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="today">' . $reminder_string_begining . '<span class="number">' . lang('Today') . '</span>' . $reminder_string_end . '</span>';
} else {
return '<span class="today"><span class="number">' . lang('Due Today') . '</span></span>';
}
} elseif ($due_date->isYesterday($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="late" title="' . clean($date) . '">' . $reminder_string_begining . lang('<span class="number">1 Day Late</span>') . $reminder_string_end . '</span>';
} else {
return '<span class="late" title="' . clean($date) . '">' . lang('<span class="number">1 Day Late</span>') . '</span>';
}
} elseif ($due_date->isTomorrow($offset)) {
if (!empty($reminder_string_begining)) {
return '<span class="upcoming" title="' . clean($date) . '">' . $reminder_string_begining . '<span class="number">' . lang('Tomorrow') . '</span>' . $reminder_string_end . '</span>';
} else {
return '<span class="upcoming" title="' . clean($date) . '"><span class="number">' . lang('Due Tomorrow') . '</span></span>';
}
} else {
$now = new DateTimeValue();
$now->advance($offset);
$now = $now->beginningOfDay();
$due_date->beginningOfDay();
if ($due_date->getTimestamp() > $now->getTimestamp()) {
//return '<span class="upcoming" title="' . clean($date) . '">' . lang('Due in <span class="number">:days</span> Days', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
//return '<span class="upcoming" title="' . clean($date) . '">' . lang('<span class="number">:days</span> Days', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
if (!empty($reminder_string_begining)) {
return '<span class="upcoming" title="' . clean($date) . '">' . $reminder_string_begining . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days)', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . $reminder_string_end . '</span>';
} else {
return '<span class="upcoming" title="' . clean($date) . '">Due ' . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days)', array('days' => floor(($due_date->getTimestamp() - $now->getTimestamp()) / 86400))) . '</span>';
}
} else {
//return '<span class="late" title="' . clean($date) . '">' . lang('<span class="number">:days</span> Days Late', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . '</span>';
if (!empty($reminder_string_begining)) {
return '<span class="late" title="' . clean($date) . '">' . $reminder_string_begining . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days Late)', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . $reminder_string_end . '</span>';
} else {
return '<span class="late" title="' . clean($date) . '">Due ' . date('F d, Y', $due_date->getTimestamp()) . lang(' (<span class="number">:days</span> Days Late)', array('days' => floor(($now->getTimestamp() - $due_date->getTimestamp()) / 86400))) . '</span>';
}
}
// if
}
// if
} else {
//return lang('No Due Date');
return lang('--');
}
// if
}
function user_set_field($p_user_id, $p_field_name, $p_field_value)
{
$c_user_id = db_prepare_int($p_user_id);
$c_field_name = db_prepare_string($p_field_name);
if ($p_field_name != 'protected') {
user_ensure_unprotected($p_user_id);
}
$t_user_table = db_get_table('user');
$query = 'UPDATE ' . $t_user_table . ' SET ' . $c_field_name . '=' . db_param() . ' WHERE id=' . db_param();
db_query_bound($query, array($p_field_value, $c_user_id));
user_clear_cache($p_user_id);
# db_query errors on failure so:
return true;
}
/**
* Return data for a given day
*
* @param DateValue $day
* @param string $additional_conditions
* @param boolean $include_assignments_table
* @return array
*/
function getDayData($day, $additional_conditions, $include_assignments_table = false)
{
$objects_table = TABLE_PREFIX . 'project_objects';
$assignments_table = TABLE_PREFIX . 'assignments';
$conditions = db_prepare_string("{$objects_table}.due_on = ?", array($day));
if ($additional_conditions) {
$conditions .= " AND {$additional_conditions}";
}
// if
// If we don't have user ID-s filter we can exclude assignments table
$tables = $include_assignments_table ? "{$objects_table}, {$assignments_table}" : $objects_table;
return ProjectObjects::findBySQL("SELECT DISTINCT {$objects_table}.* FROM {$tables} WHERE {$conditions} ORDER BY priority DESC");
}
/**
* Get a field for the given bugnote
* @param int $p_bugnote_id bugnote id
* @param string $p_field_name field name
* @return string field value
* @access public
*/
function bugnote_get_field($p_bugnote_id, $p_field_name)
{
global $g_cache_bugnote;
if (isset($g_cache_bugnote[(int) $p_bugnote_id])) {
return $g_cache_bugnote[(int) $p_bugnote_id]->{$p_field_name};
}
$c_bugnote_id = db_prepare_int($p_bugnote_id);
$c_field_name = db_prepare_string($p_field_name);
$t_bugnote_table = db_get_table('mantis_bugnote_table');
$query = "SELECT {$c_field_name}\n\t\t \tFROM {$t_bugnote_table}\n\t\t \tWHERE id=" . db_param();
$result = db_query_bound($query, array($c_bugnote_id), 1);
return db_result($result);
}