]>
src.bluestatic.org Git - bugdar.git/blob - attachment.php
2 /*=====================================================================*\
3 || ################################################################### ||
4 || # BugStrike [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
7 || # This file may not be reproduced in any way without permission. # ||
8 || # --------------------------------------------------------------- # ||
9 || # User License Agreement at http://www.iris-studios.com/license/ # ||
10 || ################################################################### ||
11 \*=====================================================================*/
13 $fetchtemplates = array (
18 require_once ( './global.php' );
20 if ( isset ( $bugsys- > in
[ 'attachmentid' ]))
22 $attachment = $db- > query_first ( "SELECT * FROM " . TABLE_PREFIX
. "attachment WHERE attachmentid = " . intval ( $bugsys- > in
[ 'attachmentid' ]));
25 echo 'alert: bad attachment' ;
30 $bug = $db- > query_first ( "SELECT * FROM " . TABLE_PREFIX
. "bug WHERE bugid = " . (( $attachment [ 'attachmentid' ]) ? $attachment [ 'bugid' ] : intval ( $bugsys- > in
[ 'bugid' ])));
33 echo 'alert: bad bug' ;
37 // ###################################################################
39 if ( $_REQUEST [ 'do' ] == 'kill' )
41 if (! can_perform ( 'caneditattach' ))
43 echo 'alert: no permission' ;
47 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "attachment WHERE attachmentid = $attachment [attachmentid]" );
49 log_action ( $bug [ 'bugid' ], 'log_kill_attachment' , array ( $attachment [ 'attachmentid' ]));
51 echo "<a href= \" showreport.php?bugid= $bug [bugid] \" >attachment removed</a>" ;
54 // ###################################################################
56 if ( $_REQUEST [ 'do' ] == 'delete' )
58 if (! can_perform ( 'caneditattach' ))
60 echo 'alert: no permission' ;
64 echo "are you sure you want to delete this attachment? <a href= \" attachment.php?do=kill&attachmentid= $attachment [attachmentid] \" >yes</a>" ;
67 // ###################################################################
69 if ( $_POST [ 'do' ] == 'insert' )
71 if (! can_perform ( 'canputattach' ))
73 echo 'alert: no permission' ;
78 $FILE =& $_FILES [ 'attachment' ];
81 switch ( $FILE [ 'error' ])
84 case 1 : echo 'PHP said the file you uploaded was too big.' ; exit ; break ;
85 case 2 : echo 'The file exceeds the allowed upload size.' ; exit ; break ;
86 case 3 : echo 'The file was only partially uploaded.' ; exit ; break ;
87 case 4 : echo 'The file was not uploaded at all.' ; exit ; break ;
88 case 6 : echo 'PHP could not find the /tmp directory.' ; exit ; break ;
92 if (! is_uploaded_file ( $FILE [ 'tmp_name' ]))
94 echo 'The file you specified did not upload.' ;
98 // #*# put some MIME-type validation here
100 if (! $bugsys- > in
[ 'description' ])
102 echo 'you need a file description!' ;
106 $filedata = $bugsys- > escape ( file_get_contents ( $FILE [ 'tmp_name' ]), true , true );
109 // insert an attachment
111 INSERT INTO attachment
112 (bugid, filename, mimetype, filesize,
113 attachment, description, dateline, userid)
115 ( $bug [bugid], '" . $bugsys- > escape ( $FILE [ 'name' ]) . "',
116 '" . $bugsys- > escape ( $FILE [ 'type' ]) . "', " . intval ( $FILE [ 'size' ]) . ",
117 ' $filedata' , '" . $bugsys- > in
[ 'description' ] . "', $time ,
118 " . $bugsys- > userinfo
[ 'userid' ] . "
122 $attachmentid = $db- > insert_id ();
123 log_action ( $bug [ 'bugid' ], 'log_new_attachment' , array ( $FILE [ 'name' ], $attachmentid ));
126 $obsoletes = $_POST [ 'obsoletes' ];
127 if ( count ( $obsoletes ) > 0 )
129 array_walk ( $obsoletes , 'intval' );
130 $db- > query ( "UPDATE " . TABLE_PREFIX
. "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode ( ',' , $obsoletes ) . ") AND !obsolete AND bugid = $bug [bugid]" );
131 log_action ( $bug [ 'bugid' ], 'log_mark_obsoletes' , array ( $attachmentid , $FILE [ 'name' ], implode ( ', ' , $obsoletes )));
134 // handle comment stuff
135 if ( can_perform ( 'canpostcomments' ) AND trim ( $bugsys- > in
[ 'comment' ]))
137 $bugsys- > in
[ 'comment_parsed' ] = $bugsys- > in
[ 'comment' ];
139 if (! $bugsys- > options
[ 'allowhtml' ])
141 $bugsys- > in
[ 'comment_parsed' ] = $bugsys- > sanitize ( $bugsys- > in
[ 'comment_parsed' ]);
145 INSERT INTO " . TABLE_PREFIX
. "comment
146 (bugid, userid, dateline, comment, comment_parsed)
148 ( $bug [bugid], " . $bugsys- > userinfo
[ 'userid' ] . ",
149 $time , '" . $bugsys- > in
[ 'comment' ] . "',
150 '" . nl2br ( $bugsys- > in
[ 'comment_parsed' ]) . "'
154 $commentid = $db- > insert_id ();
156 log_action ( $bug [ 'bugid' ], 'log_new_attachment_comment' , array ( $attachmentid , $commentid ));
159 // update the last post data
160 $db- > query ( "UPDATE " . TABLE_PREFIX
. "bug SET lastposttime = $time , lastpostby = " . $bugsys- > userinfo
[ 'userid' ] . " WHERE bugid = $bug [bugid]" );
162 echo "<a href= \" showreport.php?bugid= $bug [bugid] \" >attachment added</a>" ;
165 // ###################################################################
167 if ( $_REQUEST [ 'do' ] == 'add' )
169 if (! can_perform ( 'canputattach' ))
171 echo 'alert: no permission' ;
175 $MAXFILESIZE = $funct- > fetch_max_attachment_size ();
177 $show [ 'addcomment' ] = (( can_perform ( 'canpostcomments' )) ? true : false );
178 $show [ 'obsoletes' ] = false ;
180 $obsoletes_fetch = $db- > query ( "SELECT * FROM " . TABLE_PREFIX
. "attachment WHERE bugid = $bug [bugid] AND !obsolete" );
182 while ( $obsolete = $db- > fetch_array ( $obsoletes_fetch ))
184 $show [ 'obsoletes' ] = true ;
185 $obsoletes .= "<div><input name= \" obsoletes[] \" type= \" checkbox \" value= \" $obsolete [attachmentid] \" /> $obsolete [filename] [ $obsolete [description]]</div> \n " ;
188 eval ( ' $template- >flush("' . $template- > fetch ( 'newattach' ) . '");' );
191 // ###################################################################
193 if ( $_POST [ 'do' ] == 'update' )
195 if (!( can_perform ( 'caneditattach' ) OR ( $attachment [ 'userid' ] == $bugsys- > userinfo
[ 'userid' ] AND can_perform ( 'canputattach' ))))
197 echo 'alert: no permssion' ;
202 UPDATE " . TABLE_PREFIX
. "attachment
203 SET description = '" . $bugsys- > in
[ 'description' ] . "',
204 obsolete = " . intval ( $bugsys- > in
[ 'obsolete' ]) . "
205 WHERE attachmentid = " . intval ( $bugsys- > in
[ 'attachmentid' ])
208 $hist [ 1 ] = $db- > query_first ( "SELECT * FROM " . TABLE_PREFIX
. "attachment WHERE attachmentid = $attachment [attachmentid]" );
210 $diff [ 0 ] = array_diff_assoc ( $attachment , $hist [ 1 ]);
211 $diff [ 1 ] = array_diff_assoc ( $hist [ 1 ], $attachment );
213 log_action ( $bug [ 'bugid' ], 'log_update_attachment' , array ( $attachment [ 'attachmentid' ], intval ( $bugsys- > in
[ 'obsolete' ])));
215 echo "<a href= \" showreport.php?bugid= $bug [bugid] \" >attachment updated</a>" ;
218 // ###################################################################
220 if ( $_REQUEST [ 'do' ] == 'edit' )
222 if (!( can_perform ( 'caneditattach' ) OR ( $attachment [ 'userid' ] == $bugsys- > userinfo
[ 'userid' ] AND can_perform ( 'canputattach' ))))
224 echo 'alert: no permssion' ;
228 $show [ 'delete' ] = (( can_perform ( 'caneditattach' )) ? true : false );
230 eval ( ' $template- >flush("' . $template- > fetch ( 'editattach' ) . '");' );
233 /*=====================================================================*\
234 || ###################################################################
237 || ###################################################################
238 \*=====================================================================*/