$relPath = "./../../pinc/";
include_once $relPath . 'base.inc';
include_once $relPath . 'misc.inc';
include_once $relPath . 'user_is.inc';
include_once $relPath . 'project_edit.inc';
include_once $relPath . 'DPage.inc';
include_once $relPath . 'Project.inc';
include_once $relPath . 'projectinfo.inc';
require_login();
$projectid = validate_projectID('project', @$_GET['project']);
$loading_tpnv = @$_GET['tpnv'] == '1';
abort_if_cant_edit_project($projectid);
if (!user_can_add_project_pages($projectid, $loading_tpnv == 1 ? "tp&v" : "normal")) {
// abort if a load_disabled user is trying to load normal pages into an empty project
check_user_can_load_projects(true);
// exit if they can't
// otherwise the state must have been wrong
echo "<p>" . _("Pages cannot be added to the project in its current state.") . "</p>";
exit;
}
if ($_GET['rel_source'] == '') {
die('rel_source parameter is empty or unset');
} else {
$rel_source = $_GET['rel_source'];
if (get_magic_quotes_gpc()) {
$rel_source = stripslashes($rel_source);
}
// Prevent sneaky parent-link tricks.
if (str_contains($rel_source, "..")) {
echo "Source directory '{$rel_source}' is not acceptable.";
function do_change_state()
{
global $project, $pguser, $code_url, $charset;
$valid_transitions = get_valid_transitions($project, $pguser);
if (count($valid_transitions) == 0) {
return;
}
echo "<h4>";
echo _("Change Project State");
echo "</h4>\n";
if ($project->state == PROJ_NEW) {
echo "<p>\n";
echo _("Check for missing pages and make sure that all illustration files have been uploaded <b>before</b> moving this project into the rounds.");
echo "</p>\n";
}
// print out a message if PM has project loads disabled,
// as they can't move a project out of the unavailable state
if ($project->can_be_managed_by_current_user) {
check_user_can_load_projects(false);
}
$here = $_SERVER['REQUEST_URI'];
// If the request URI included an 'expected_state' parameter, there's a wrinkle:
// If the user clicks on this button, the project's state will (normally) change.
// So if we then returned the user to exactly this URI, they'd get a warning:
// "The project is no longer in 'this state'. It is now in 'that state'.
// So we suppress the 'expected_state' parameter from the request URI.
$here = preg_replace('/expected_state=[A-Za-z._0-9]+/', '', $here);
// This can leave an extra &, but I suspect browsers can handle it.
foreach ($valid_transitions as $transition) {
echo "<form method='POST' action='{$code_url}/tools/changestate.php'>";
echo "<input type='hidden' name='projectid' value='{$project->projectid}'>\n";
echo "<input type='hidden' name='curr_state' value='{$project->state}'>\n";
echo "<input type='hidden' name='next_state' value='{$transition->to_state}'>\n";
echo "<input type='hidden' name='confirmed' value='yes'>\n";
echo "<input type='hidden' name='return_uri' value='{$here}'>\n";
$question = $transition->confirmation_question;
if (is_null($question)) {
$onClick_condition = "return true;";
} else {
$onClick_condition = "return confirm(\"" . javascript_safe($question, $charset) . "\");";
}
$onclick_attr = "onClick='{$onClick_condition}'";
echo "<input type='submit' value='", attr_safe($transition->action_name), "' {$onclick_attr}>";
if (1) {
// Say who is allowed to do this transition.
echo " [{$transition->who_restriction}]";
}
echo "</form>\n";
}
}
