| [ Index ] |
|
Code source de Mantis 1.1.0rc3 |
1 <?php 2 # Mantis - a php based bugtracking system 3 4 # Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 5 # Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net 6 7 # Mantis is free software: you can redistribute it and/or modify 8 # it under the terms of the GNU General Public License as published by 9 # the Free Software Foundation, either version 2 of the License, or 10 # (at your option) any later version. 11 # 12 # Mantis is distributed in the hope that it will be useful, 13 # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 # GNU General Public License for more details. 16 # 17 # You should have received a copy of the GNU General Public License 18 # along with Mantis. If not, see <http://www.gnu.org/licenses/>. 19 20 # -------------------------------------------------------- 21 # $Id: file_api.php,v 1.85.2.3 2007-10-28 19:08:29 giallu Exp $ 22 # -------------------------------------------------------- 23 24 $t_core_dir = dirname( __FILE__ ).DIRECTORY_SEPARATOR; 25 26 require_once ( $t_core_dir . 'history_api.php' ); 27 require_once ( $t_core_dir . 'bug_api.php' ); 28 29 $g_cache_file_count = array(); 30 31 ### File API ### 32 33 # -------------------- 34 # Gets the filename without the bug id prefix. 35 function file_get_display_name( $p_filename ) { 36 $t_array = explode( '-', $p_filename, 2 ); 37 38 # Check if it's a project document filename (doc-0000000-filename) 39 # or a bug attachment filename (0000000-filename) 40 # for newer filenames, the filename in schema is correct. 41 # This is important to handle filenames with '-'s properly 42 $t_doc_match = '/^' . config_get( 'document_files_prefix' ) . '-\d{7}-/'; 43 $t_name = preg_split($t_doc_match, $p_filename); 44 if ( isset( $t_name[1] ) ) { 45 return $t_name[1]; 46 } else { 47 $t_bug_match = '/^\d{7}-/'; 48 $t_name = preg_split($t_bug_match, $p_filename); 49 if ( isset( $t_name[1] ) ) { 50 return $t_name[1]; 51 } else { 52 return $p_filename; 53 } 54 } 55 } 56 57 # -------------------- 58 # Check the number of attachments a bug has (if any) 59 function file_bug_attachment_count( $p_bug_id ) { 60 global $g_cache_file_count; 61 62 $c_bug_id = db_prepare_int( $p_bug_id ); 63 $t_bug_file_table = config_get( 'mantis_bug_file_table' ); 64 65 # First check if we have a cache hit 66 if ( isset( $g_cache_file_count[ $p_bug_id ] )) 67 return $g_cache_file_count[ $p_bug_id ]; 68 69 # If there is no cache hit, check if there is anything in 70 # the cache. If the cache isn't empty and we didn't have 71 # a hit, then there are not attachments for this bug. 72 if ( count( $g_cache_file_count ) > 0 ) 73 return 0; 74 75 # Otherwise build the cache and return the attachment count 76 # for the given bug (if any). 77 $query = "SELECT bug_id, COUNT(bug_id) AS attachments 78 FROM $t_bug_file_table 79 GROUP BY bug_id"; 80 $result = db_query( $query ); 81 82 $t_file_count = 0; 83 while( $row = db_fetch_array( $result )) { 84 $g_cache_file_count[ $row['bug_id'] ] = $row['attachments']; 85 if ( $p_bug_id == $row['bug_id'] ) 86 $t_file_count = $row['attachments']; 87 } 88 89 # If no attachments are present, mark the cache to avoid 90 # repeated queries for this. 91 if ( count( $g_cache_file_count ) == 0 ) { 92 $g_cache_file_count[ '_no_files_' ] = -1; 93 } 94 95 return $t_file_count; 96 } 97 98 # -------------------- 99 # Check if a specific bug has attachments 100 function file_bug_has_attachments( $p_bug_id ) { 101 if ( file_bug_attachment_count( $p_bug_id ) > 0 ) { 102 return true; 103 } else { 104 return false; 105 } 106 } 107 108 # -------------------- 109 # Check if the current user can view attachments for the specified bug. 110 function file_can_view_bug_attachments( $p_bug_id ) { 111 $t_reported_by_me = bug_is_user_reporter( $p_bug_id, auth_get_current_user_id() ); 112 $t_can_view = access_has_bug_level( config_get( 'view_attachments_threshold' ), $p_bug_id ); 113 # @@@ Fix this to be readable 114 $t_can_view = $t_can_view || ( $t_reported_by_me && config_get( 'allow_view_own_attachments' ) ); 115 116 return $t_can_view; 117 } 118 119 # -------------------- 120 # Check if the current user can download attachments for the specified bug. 121 function file_can_download_bug_attachments( $p_bug_id ) { 122 $t_reported_by_me = bug_is_user_reporter( $p_bug_id, auth_get_current_user_id() ); 123 $t_can_download = access_has_bug_level( config_get( 'download_attachments_threshold' ), $p_bug_id ); 124 # @@@ Fix this to be readable 125 $t_can_download = $t_can_download || ( $t_reported_by_me && config_get( 'allow_download_own_attachments' ) ); 126 127 return $t_can_download; 128 } 129 130 # -------------------- 131 # Check if the current user can delete attachments from the specified bug. 132 function file_can_delete_bug_attachments( $p_bug_id ) { 133 if ( bug_is_readonly( $p_bug_id ) ) { 134 return false; 135 } 136 137 $t_reported_by_me = bug_is_user_reporter( $p_bug_id, auth_get_current_user_id() ); 138 $t_can_download = access_has_bug_level( config_get( 'delete_attachments_threshold' ), $p_bug_id ); 139 # @@@ Fix this to be readable 140 $t_can_download = $t_can_download || ( $t_reported_by_me && config_get( 'allow_delete_own_attachments' ) ); 141 142 return $t_can_download; 143 } 144 145 # -------------------- 146 # List the attachments belonging to the specified bug. This is used from within 147 # bug_view_page.php and bug_view_advanced_page.php 148 function file_list_attachments( $p_bug_id ) { 149 $t_attachment_rows = bug_get_attachments( $p_bug_id ); 150 151 $num_files = sizeof( $t_attachment_rows ); 152 if ( $num_files === 0 ) { 153 return; 154 } 155 156 $t_can_download = file_can_download_bug_attachments( $p_bug_id ); 157 $t_can_delete = file_can_delete_bug_attachments( $p_bug_id ); 158 $t_preview_text_ext = config_get( 'preview_text_extensions' ); 159 $t_preview_image_ext = config_get( 'preview_image_extensions' ); 160 161 $image_previewed = false; 162 for ( $i = 0 ; $i < $num_files ; $i++ ) { 163 $row = $t_attachment_rows[$i]; 164 extract( $row, EXTR_PREFIX_ALL, 'v' ); 165 166 $t_file_display_name = file_get_display_name( $v_filename ); 167 $t_filesize = number_format( $v_filesize ); 168 $t_date_added = date( config_get( 'normal_date_format' ), db_unixtimestamp( $v_date_added ) ); 169 170 if ( $image_previewed ) { 171 $image_previewed = false; 172 PRINT '<br />'; 173 } 174 175 if ( $t_can_download ) { 176 $t_href_start = "<a href=\"file_download.php?file_id=$v_id&type=bug\">"; 177 $t_href_end = '</a>'; 178 179 $t_href_clicket = " [<a href=\"file_download.php?file_id=$v_id&type=bug\" target=\"_blank\">^</a>]"; 180 } else { 181 $t_href_start = ''; 182 $t_href_end = ''; 183 184 $t_href_clicket = ''; 185 } 186 187 $t_exists = config_get( 'file_upload_method' ) != DISK || file_exists( $v_diskfile ); 188 189 if ( !$t_exists ) { 190 print_file_icon ( $t_file_display_name ); 191 PRINT ' <span class="strike">' . $t_file_display_name . '</span> (attachment missing)'; 192 } else { 193 PRINT $t_href_start; 194 print_file_icon ( $t_file_display_name ); 195 PRINT $t_href_end . ' ' . $t_href_start . $t_file_display_name . 196 $t_href_end . "$t_href_clicket ($t_filesize bytes) <span class=\"italic\">$t_date_added</span>"; 197 198 if ( $t_can_delete ) { 199 PRINT " [<a class=\"small\" href=\"bug_file_delete.php?file_id=$v_id\">" . lang_get('delete_link') . '</a>]'; 200 } 201 202 if ( ( FTP == config_get( 'file_upload_method' ) ) && file_exists ( $v_diskfile ) ) { 203 PRINT ' (' . lang_get( 'cached' ) . ')'; 204 } 205 206 if ( $t_can_download && 207 ( $v_filesize <= config_get( 'preview_attachments_inline_max_size' ) ) && 208 ( $v_filesize != 0 ) && 209 ( in_array( strtolower( file_get_extension( $t_file_display_name ) ), $t_preview_text_ext, true ) ) ) { 210 $c_id = db_prepare_int( $v_id ); 211 $t_bug_file_table = config_get( 'mantis_bug_file_table' ); 212 213 echo "<script type=\"text/javascript\" language=\"JavaScript\"> 214 <!-- 215 function swap_content( span ) { 216 displayType = ( document.getElementById( span ).style.display == 'none' ) ? '' : 'none'; 217 document.getElementById( span ).style.display = displayType; 218 } 219 220 --> 221 </script>"; 222 PRINT " <span id=\"hideSection_$c_id\">[<a class=\"small\" href='#' id='attmlink_".$c_id."' onclick='swap_content(\"hideSection_".$c_id."\");swap_content(\"showSection_".$c_id."\");return false;'>". lang_get( 'show_content' ) ."</a>]</span>"; 223 PRINT " <span style='display:none' id=\"showSection_$c_id\">[<a class=\"small\" href='#' id='attmlink_".$c_id."' onclick='swap_content(\"hideSection_".$c_id."\");swap_content(\"showSection_".$c_id."\");return false;'>". lang_get( 'hide_content' ) ."</a>]"; 224 225 PRINT "<pre>"; 226 switch ( config_get( 'file_upload_method' ) ) { 227 case DISK: 228 if ( file_exists( $v_diskfile ) ) { 229 $v_content=file_get_contents( $v_diskfile ); 230 } 231 break; 232 case FTP: 233 if ( file_exists( $v_diskfile ) ) { 234 file_get_contents( $v_diskfile ); 235 } else { 236 $ftp = file_ftp_connect(); 237 file_ftp_get ( $ftp, $v_diskfile, $v_diskfile ); 238 file_ftp_disconnect( $ftp ); 239 $v_content=file_get_contents( $v_diskfile ); 240 } 241 break; 242 default: 243 $query = "SELECT * 244 FROM $t_bug_file_table 245 WHERE id='$c_id'"; 246 $result = db_query( $query ); 247 $row = db_fetch_array( $result ); 248 $v_content=$row['content']; 249 } 250 echo htmlspecialchars($v_content); 251 252 PRINT "</pre></span>\n"; 253 } 254 255 256 if ( $t_can_download && 257 ( $v_filesize <= config_get( 'preview_attachments_inline_max_size' ) ) && 258 ( $v_filesize != 0 ) && 259 ( in_array( strtolower( file_get_extension( $t_file_display_name ) ), $t_preview_image_ext, true ) ) ) { 260 261 $t_preview_style = 'border: 0;'; 262 $t_max_width = config_get( 'preview_max_width' ); 263 if ( $t_max_width > 0 ) { 264 $t_preview_style .= ' max-width:' . $t_max_width . 'px;'; 265 } 266 267 $t_max_height = config_get( 'preview_max_height' ); 268 if ( $t_max_height > 0 ) { 269 $t_preview_style .= ' max-height:' . $t_max_height . 'px;'; 270 } 271 272 $t_preview_style = 'style="' . $t_preview_style . '"'; 273 $t_title = file_get_field( $v_id, 'title' ); 274 275 PRINT "\n<br />$t_href_start<img alt=\"$t_title\" $t_preview_style src=\"file_download.php?file_id=$v_id&type=bug\" />$t_href_end"; 276 $image_previewed = true; 277 } 278 } 279 280 if ( $i != ( $num_files - 1 ) ) { 281 PRINT "<br />\n"; 282 } 283 } 284 } 285 # -------------------- 286 # delete all files that are associated with the given bug 287 function file_delete_attachments( $p_bug_id ) { 288 $c_bug_id = db_prepare_int( $p_bug_id ); 289 290 $t_bug_file_table = config_get( 'mantis_bug_file_table' ); 291 292 $t_method = config_get( 'file_upload_method' ); 293 294 # Delete files from disk 295 $query = "SELECT diskfile, filename 296 FROM $t_bug_file_table 297 WHERE bug_id='$c_bug_id'"; 298 $result = db_query( $query ); 299 300 $file_count = db_num_rows( $result ); 301 if ( 0 == $file_count ) { 302 return true; 303 } 304 305 if ( ( DISK == $t_method ) || ( FTP == $t_method ) ) { 306 # there may be more than one file 307 $ftp = 0; 308 if ( FTP == $t_method ) { 309 $ftp = file_ftp_connect(); 310 } 311 312 for ( $i = 0 ; $i < $file_count ; $i++ ) { 313 $row = db_fetch_array( $result ); 314 315 file_delete_local ( $row['diskfile'] ); 316 317 if ( FTP == $t_method ) { 318 file_ftp_delete ( $ftp, $row['diskfile'] ); 319 } 320 } 321 322 if ( FTP == $t_method ) { 323 file_ftp_disconnect( $ftp ); 324 } 325 } 326 327 # Delete the corresponding db records 328 $query = "DELETE FROM $t_bug_file_table 329 WHERE bug_id='$c_bug_id'"; 330 $result = db_query( $query ); 331 332 # db_query() errors on failure so: 333 return true; 334 } 335 # -------------------- 336 function file_delete_project_files( $p_project_id ) { 337 $t_project_file_table = config_get( 'mantis_project_file_table' ); 338 $t_method = config_get( 'file_upload_method' ); 339 340 # Delete the file physically (if stored via DISK or FTP) 341 if ( ( DISK == $t_method ) || ( FTP == $t_method ) ) { 342 # Delete files from disk 343 $query = "SELECT diskfile, filename 344 FROM $t_project_file_table 345 WHERE project_id=$p_project_id"; 346 $result = db_query( $query ); 347 348 $file_count = db_num_rows( $result ); 349 350 $ftp = 0; 351 if ( FTP == $t_method ) { 352 $ftp = file_ftp_connect(); 353 } 354 355 for ( $i = 0 ; $i < $file_count ; $i++ ) { 356 $row = db_fetch_array( $result ); 357 358 file_delete_local ( $row['diskfile'] ); 359 360 if ( FTP == $t_method ) { 361 file_ftp_delete ( $ftp, $row['diskfile'] ); 362 } 363 } 364 365 if ( FTP == $t_method ) { 366 file_ftp_disconnect( $ftp ); 367 } 368 } 369 370 # Delete the corresponding db records 371 $query = "DELETE FROM $t_project_file_table 372 WHERE project_id=$p_project_id"; 373 $result = db_query($query); 374 } 375 # -------------------- 376 # Delete all cached files that are older than configured number of days. 377 function file_ftp_cache_cleanup() { 378 379 } 380 # -------------------- 381 # Connect to ftp server using configured server address, user name, and password. 382 function file_ftp_connect() { 383 $conn_id = ftp_connect( config_get( 'file_upload_ftp_server' ) ); 384 $login_result = ftp_login( $conn_id, config_get( 'file_upload_ftp_user' ), config_get( 'file_upload_ftp_pass' ) ); 385 386 if ( ( !$conn_id ) || ( !$login_result ) ) { 387 trigger_error( ERROR_FTP_CONNECT_ERROR, ERROR ); 388 } 389 390 return $conn_id; 391 } 392 # -------------------- 393 # Put a file to the ftp server. 394 function file_ftp_put ( $p_conn_id, $p_remote_filename, $p_local_filename ) { 395 helper_begin_long_process(); 396 $upload = ftp_put( $p_conn_id, $p_remote_filename, $p_local_filename, FTP_BINARY); 397 } 398 # -------------------- 399 # Get a file from the ftp server. 400 function file_ftp_get ( $p_conn_id, $p_local_filename, $p_remote_filename ) { 401 helper_begin_long_process(); 402 $download = ftp_get( $p_conn_id, $p_local_filename, $p_remote_filename, FTP_BINARY); 403 } 404 # -------------------- 405 # Delete a file from the ftp server 406 function file_ftp_delete ( $p_conn_id, $p_filename ) { 407 @ftp_delete( $p_conn_id, $p_filename ); 408 } 409 # -------------------- 410 # Disconnect from the ftp server 411 function file_ftp_disconnect( $p_conn_id ) { 412 ftp_quit( $p_conn_id ); 413 } 414 # -------------------- 415 # Delete a local file even if it is read-only. 416 function file_delete_local( $p_filename ) { 417 if ( file_exists( $p_filename ) ) { 418 chmod( $p_filename, 0775 ); 419 unlink( $p_filename ); 420 } 421 } 422 # -------------------- 423 # Return the specified field value 424 function file_get_field( $p_file_id, $p_field_name, $p_table = 'bug' ) { 425 $c_file_id = db_prepare_int( $p_file_id ); 426 $c_field_name = db_prepare_string( $p_field_name ); 427 $t_bug_file_table = config_get( 'mantis_' . $p_table . '_file_table' ); 428 429 # get info 430 $query = "SELECT $c_field_name 431 FROM $t_bug_file_table 432 WHERE id='$c_file_id'"; 433 $result = db_query( $query, 1 ); 434 435 return db_result( $result ); 436 } 437 # -------------------- 438 function file_delete( $p_file_id, $p_table = 'bug' ) { 439 $t_upload_method = config_get( 'file_upload_method' ); 440 441 $c_file_id = db_prepare_int( $p_file_id ); 442 $t_filename = file_get_field( $p_file_id, 'filename', $p_table ); 443 $t_diskfile = file_get_field( $p_file_id, 'diskfile', $p_table ); 444 445 if( ( DISK == $t_upload_method ) || ( FTP == $t_upload_method ) ) { 446 if ( FTP == $t_upload_method ) { 447 $ftp = file_ftp_connect(); 448 file_ftp_delete( $ftp, $t_diskfile ); 449 file_ftp_disconnect( $ftp ); 450 } 451 452 if ( file_exists( $t_diskfile ) ) { 453 file_delete_local( $t_diskfile ); 454 } 455 } 456 457 if( 'bug' == $p_table ) { 458 # log file deletion 459 $t_bug_id = file_get_field( $p_file_id, 'bug_id', 'bug' ); 460 history_log_event_special( $t_bug_id, FILE_DELETED, file_get_display_name ( $t_filename ) ); 461 } 462 463 $t_file_table = config_get( 'mantis_' . $p_table . '_file_table' ); 464 $query = "DELETE FROM $t_file_table 465 WHERE id='$c_file_id'"; 466 db_query( $query ); 467 return true; 468 } 469 # -------------------- 470 # File type check 471 function file_type_check( $p_file_name ) { 472 $t_allowed_files = config_get( 'allowed_files' ); 473 $t_disallowed_files = config_get( 'disallowed_files' );; 474 475 # grab extension 476 $t_ext_array = explode( '.', $p_file_name ); 477 $last_position = count( $t_ext_array )-1; 478 $t_extension = $t_ext_array[$last_position]; 479 480 # check against disallowed files 481 $t_disallowed_arr = explode_enum_string( $t_disallowed_files ); 482 foreach ( $t_disallowed_arr as $t_val ) { 483 if ( 0 == strcasecmp( $t_val, $t_extension ) ) { 484 return false; 485 } 486 } 487 488 # if the allowed list is note populated then the file must be allowed 489 if ( is_blank( $t_allowed_files ) ) { 490 return true; 491 } 492 493 # check against allowed files 494 $t_allowed_arr = explode_enum_string( $t_allowed_files ); 495 foreach ( $t_allowed_arr as $t_val ) { 496 if ( 0 == strcasecmp( $t_val, $t_extension ) ) { 497 return true; 498 } 499 } 500 501 return false; 502 } 503 504 # -------------------- 505 # clean file name by removing sensitive characters and replacing them with underscores 506 function file_clean_name( $p_filename ) { 507 return preg_replace( "/[\/\\ :&]/", "_", $p_filename); 508 } 509 510 # -------------------- 511 # Generate a string to use as the identifier for the file 512 # It is not guaranteed to be unique and should be checked 513 # The string returned should be 32 characters in length 514 function file_generate_name( $p_seed ) { 515 $t_val = md5( $p_seed . time() ); 516 517 return substr( $t_val, 0, 32 ); 518 } 519 520 # -------------------- 521 # Generate a UNIQUE string to use as the identifier for the file 522 # The string returned should be 64 characters in length 523 function file_generate_unique_name( $p_seed , $p_filepath ) { 524 do { 525 $t_string = file_generate_name( $p_seed ); 526 } while ( !diskfile_is_name_unique( $t_string , $p_filepath ) ); 527 528 return $t_string; 529 } 530 531 # -------------------- 532 # Return true if the diskfile name identifier is unique, false otherwise 533 function diskfile_is_name_unique( $p_name , $p_filepath ) { 534 $t_file_table = config_get( 'mantis_bug_file_table' ); 535 536 $c_name = db_prepare_string( $p_filepath . $p_name ); 537 538 $query = "SELECT COUNT(*) 539 FROM $t_file_table 540 WHERE diskfile='$c_name'"; 541 $result = db_query( $query ); 542 $t_count = db_result( $result ); 543 544 if ( $t_count > 0 ) { 545 return false; 546 } else { 547 return true; 548 } 549 } 550 551 # -------------------- 552 # Return true if the file name identifier is unique, false otherwise 553 function file_is_name_unique( $p_name, $p_bug_id ) { 554 $t_file_table = config_get( 'mantis_bug_file_table' ); 555 556 $c_name = db_prepare_string( $p_name ); 557 $c_bug = db_prepare_string( $p_bug_id ); 558 559 $query = "SELECT COUNT(*) 560 FROM $t_file_table 561 WHERE filename='$c_name' and bug_id=$c_bug"; 562 $result = db_query( $query ); 563 $t_count = db_result( $result ); 564 565 if ( $t_count > 0 ) { 566 return false; 567 } else { 568 return true; 569 } 570 } 571 572 # -------------------- 573 function file_add( $p_bug_id, $p_tmp_file, $p_file_name, $p_file_type='', $p_table = 'bug', $p_file_error = 0, $p_title = '', $p_desc = '' ) { 574 575 if ( php_version_at_least( '4.2.0' ) ) { 576 switch ( (int) $p_file_error ) { 577 case UPLOAD_ERR_INI_SIZE: 578 case UPLOAD_ERR_FORM_SIZE: 579 trigger_error( ERROR_FILE_TOO_BIG, ERROR ); 580 break; 581 case UPLOAD_ERR_PARTIAL: 582 case UPLOAD_ERR_NO_FILE: 583 trigger_error( ERROR_FILE_NO_UPLOAD_FAILURE, ERROR ); 584 break; 585 default: 586 break; 587 } 588 } 589 590 if ( ( '' == $p_tmp_file ) || ( '' == $p_file_name ) ) { 591 trigger_error( ERROR_FILE_NO_UPLOAD_FAILURE, ERROR ); 592 } 593 if ( !is_readable( $p_tmp_file ) ) { 594 trigger_error( ERROR_UPLOAD_FAILURE, ERROR ); 595 } 596 597 if ( !file_type_check( $p_file_name ) ) { 598 trigger_error( ERROR_FILE_NOT_ALLOWED, ERROR ); 599 } 600 601 if ( !file_is_name_unique( $p_file_name, $p_bug_id ) ) { 602 trigger_error( ERROR_DUPLICATE_FILE, ERROR ); 603 } 604 605 if ( 'bug' == $p_table ) { 606 $t_project_id = bug_get_field( $p_bug_id, 'project_id' ); 607 $t_bug_id = bug_format_id( $p_bug_id ); 608 } else { 609 $t_project_id = helper_get_current_project(); 610 $t_bug_id = 0; 611 } 612 613 # prepare variables for insertion 614 $c_bug_id = db_prepare_int( $p_bug_id ); 615 $c_project_id = db_prepare_int( $t_project_id ); 616 $c_file_type = db_prepare_string( $p_file_type ); 617 $c_title = db_prepare_string( $p_title ); 618 $c_desc = db_prepare_string( $p_desc ); 619 620 if( $t_project_id == ALL_PROJECTS ) { 621 $t_file_path = config_get( 'absolute_path_default_upload_folder' ); 622 } 623 else { 624 $t_file_path = project_get_field( $t_project_id, 'file_path' ); 625 if( $t_file_path == '' ) { 626 $t_file_path = config_get( 'absolute_path_default_upload_folder' ); 627 } 628 } 629 $c_file_path = db_prepare_string( $t_file_path ); 630 $c_new_file_name = db_prepare_string( $p_file_name ); 631 632 $t_file_hash = ( 'bug' == $p_table ) ? $t_bug_id : config_get( 'document_files_prefix' ) . '-' . $t_project_id; 633 $t_disk_file_name = $t_file_path . file_generate_unique_name( $t_file_hash . '-' . $p_file_name, $t_file_path ); 634 $c_disk_file_name = db_prepare_string( $t_disk_file_name ); 635 636 $t_file_size = filesize( $p_tmp_file ); 637 if ( 0 == $t_file_size ) { 638 trigger_error( ERROR_FILE_NO_UPLOAD_FAILURE, ERROR ); 639 } 640 $t_max_file_size = (int)min( ini_get_number( 'upload_max_filesize' ), ini_get_number( 'post_max_size' ), config_get( 'max_file_size' ) ); 641 if ( $t_file_size > $t_max_file_size ) { 642 trigger_error( ERROR_FILE_TOO_BIG, ERROR ); 643 } 644 $c_file_size = db_prepare_int( $t_file_size ); 645 646 $t_method = config_get( 'file_upload_method' ); 647 648 switch ( $t_method ) { 649 case FTP: 650 case DISK: 651 file_ensure_valid_upload_path( $t_file_path ); 652 653 if ( !file_exists( $t_disk_file_name ) ) { 654 if ( FTP == $t_method ) { 655 $conn_id = file_ftp_connect(); 656 file_ftp_put ( $conn_id, $t_disk_file_name, $p_tmp_file ); 657 file_ftp_disconnect ( $conn_id ); 658 } 659 660 if ( !move_uploaded_file( $p_tmp_file, $t_disk_file_name ) ) { 661 trigger_error( FILE_MOVE_FAILED, ERROR ); 662 } 663 664 chmod( $t_disk_file_name, config_get( 'attachments_file_permissions' ) ); 665 666 $c_content = "''"; 667 } else { 668 trigger_error( ERROR_FILE_DUPLICATE, ERROR ); 669 } 670 break; 671 case DATABASE: 672 $c_content = db_prepare_binary_string ( fread ( fopen( $p_tmp_file, 'rb' ), $t_file_size ) ) ; 673 break; 674 default: 675 trigger_error( ERROR_GENERIC, ERROR ); 676 } 677 678 $t_file_table = config_get( 'mantis_' . $p_table . '_file_table' ); 679 $c_id = ( 'bug' == $p_table ) ? $c_bug_id : $c_project_id; 680 681 $query = "INSERT INTO $t_file_table 682 (" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content) 683 VALUES 684 ($c_id, '$c_title', '$c_desc', '$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size, '$c_file_type', " . db_now() .", $c_content)"; 685 db_query( $query ); 686 687 if ( 'bug' == $p_table ) { 688 # updated the last_updated date 689 $result = bug_update_date( $p_bug_id ); 690 691 # log new bug 692 history_log_event_special( $p_bug_id, FILE_ADDED, $p_file_name ); 693 } 694 695 } 696 697 # -------------------- 698 # Return true if file uploading is enabled (in our config and PHP's), 699 # false otherwise 700 function file_is_uploading_enabled() { 701 if ( ini_get_bool( 'file_uploads' ) && ( ON == config_get( 'allow_file_upload' ) ) ) { 702 return true; 703 } else { 704 return false; 705 } 706 } 707 708 # -------------------- 709 # Check if the user can upload files for this project 710 # return true if they can, false otherwise 711 # the project defaults to the current project and the user to the current user 712 function file_allow_project_upload( $p_project_id = null, $p_user_id = null ) { 713 if ( null === $p_project_id ) { 714 $p_project_id = helper_get_current_project(); 715 } 716 if ( null === $p_user_id ) { 717 $p_user_id = auth_get_current_user_id(); 718 } 719 return ( file_is_uploading_enabled() && 720 ( access_has_project_level( config_get( 'upload_project_file_threshold' ), $p_project_id, $p_user_id ) ) ); 721 } 722 723 # -------------------- 724 # Check if the user can upload files for this bug 725 # return true if they can, false otherwise 726 # the user defaults to the current user 727 # 728 # if the bug null (the default) we answer whether the user can 729 # upload a file to a new bug in the current project 730 function file_allow_bug_upload( $p_bug_id = null, $p_user_id = null ) { 731 if ( null === $p_user_id ) { 732 $p_user_id = auth_get_current_user_id(); 733 } 734 735 # If uploads are disbled just return false 736 if ( !file_is_uploading_enabled() ) { 737 return false; 738 } 739 740 if ( null === $p_bug_id ) { # new bug 741 $t_project_id = helper_get_current_project(); 742 743 # the user must be the reporter if they're reporting a new bug 744 $t_reporter = true; 745 } else { # existing bug 746 $t_project_id = bug_get_field( $p_bug_id, 'project_id' ); 747 748 # check if the user is the reporter of the bug 749 $t_reporter = bug_is_user_reporter( $p_bug_id, $p_user_id ); 750 } 751 752 # *** If we ever wanted to have a per-project setting enabling file 753 # uploads, we'd want to check it here before exempting the reporter 754 755 if ( $t_reporter && ( ON == config_get( 'allow_reporter_upload' ) ) ) { 756 return true; 757 } 758 759 # Check the access level against the config setting 760 return access_has_project_level( config_get( 'upload_bug_file_threshold' ), $t_project_id, $p_user_id ); 761 } 762 763 # -------------------- 764 # checks whether the specified upload path exists and is writable 765 function file_ensure_valid_upload_path( $p_upload_path ) { 766 if ( !file_exists( $p_upload_path ) || !is_dir( $p_upload_path ) || !is_writable( $p_upload_path ) || !is_readable( $p_upload_path ) ) { 767 trigger_error( ERROR_FILE_INVALID_UPLOAD_PATH, ERROR ); 768 } 769 } 770 771 # -------------------- 772 # Get extension given the filename or its full path. 773 function file_get_extension( $p_filename ) { 774 $ext = ''; 775 $dot_found = false; 776 $i = strlen( $p_filename ) - 1; 777 while ( $i >= 0 ) { 778 if ( '.' == $p_filename[$i] ) { 779 $dot_found = true; 780 break; 781 } 782 783 # foung a directoryarker before a period. 784 if ( ( $p_filename[$i] == "/" ) || ( $p_filename[$i] == "\\" ) ) { 785 return ''; 786 } 787 788 $ext = $p_filename[$i] . $ext; 789 $i--; 790 } 791 792 if ( $dot_found ) { 793 return $ext; 794 } else { 795 return ''; 796 } 797 } 798 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 09:42:17 2007 | par Balluche grâce à PHPXref 0.7 |
|
|