in['attachmentid'])) { $attachment = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $input->inputClean('attachmentid', TYPE_UINT)); if (!$attachment) { $message->error(L_INVALID_ID); } } $bug = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : $input->inputClean('bugid', TYPE_UINT))); if (!$bug) { $message->error(L_INVALID_ID); } if (!check_bug_permissions($bug)) { $message->errorPermission(); } require_once('./includes/class_logging.php'); $notif = new NotificationCenter; $notif->set_bug_data($bug); // ################################################################### if ($_POST['do'] == 'insert') { $attachapi = new AttachmentAPI($bugsys); $attachapi->set('bugid', $input->in['bugid']); if (!can_perform('canputattach', $bug['product'])) { $message->errorPermission(); } // max packet size $var = $db->queryFirst("SHOW VARIABLES LIKE 'max_allowed_packet'"); BSApp::debug("max_allowed_packet = $var[Value]"); // create alias $FILE =& $_FILES['attachment']; // PHP errors switch ($FILE['error']) { case 0: break; case 1: $message->addError(T('PHP said the file you uploaded was too big.')); break; case 2: $message->addError(T('The file exceeds the allowed upload size.')); break; case 3: $message->addError(T('The file was only partially uploaded.')); break; case 4: $message->addError(T('The file was not uploaded at all.')); break; case 6: $message->addError(T('PHP could not find the /tmp directory.')); break; } // did it upload? if (!is_uploaded_file($FILE['tmp_name'])) { $message->addError(T('The file you specified did not upload.')); } // TODO - put some MIME-type validation here if (filesize($FILE['tmp_name']) > $var['Value']) { $message->addError(T('The file you specified exceeds MySQL\'s maximum allowed packet.')); } $attachapi->set('attachment', file_get_contents($FILE['tmp_name'])); $attachapi->set('filename', $FILE['name']); $attachapi->set('mimetype', $FILE['type']); $attachapi->set('filesize', $FILE['size']); $attachapi->set('description', $input->in['description']); $attachapi->set('userid', bugdar::$userinfo['userid']); // insert an attachment if (!$message->hasErrors()) { $attachapi->insert(); $obsoletes = $input->inputClean('obsoletes', TYPE_UINT); $notif->send_new_attachment_notice($attachapi->values, $obsoletes, $attachapi->insertid); // mark obsoletes if (is_array($obsoletes) AND sizeof($obsoletes) > 0) { $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]"); foreach ($obsoletes AS $attachmentid) { $log = new Logging; $log->set_bugid($bug['bugid']); $log->set_attachmentid($attachmentid); $log->add_data(true, array('obsolete' => 0), array('obsolete'), false, 'attachment'); $log->add_data(false, array('obsolete' => 1), array('obsolete'), false, 'attachment'); $log->update_history(); } } // handle comment stuff if (can_perform('canpostcomments', $bug['product']) AND trim($input->in['comment'])) { $comment = new CommentAPI($bugsys); $comment->set('bugid', $input->in['bugid']); $comment->set('userid', bugdar::$userinfo['userid']); $comment->set('comment', $input->in['comment']); $comment->set('dateline', $attachapi->values['dateline']); $comment->insert(); $notif->send_new_comment_notice($comment->values); } // update the last post data $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = " . $attachapi->values['dateline'] . ", hiddenlastposttime = " . $attachapi->values['dateline'] . ", lastpostby = " . bugdar::$userinfo['userid'] . ", hiddenlastpostby = " . bugdar::$userinfo['userid'] . " WHERE bugid = $bug[bugid]"); $notif->finalize(); $message->redirect(T('The attachment has been added to the bug.'), "showreport.php?bugid=$bug[bugid]"); } else { $show['errors'] = true; $_REQUEST['do'] = 'add'; } } // ################################################################### if ($_REQUEST['do'] == 'add') { if (!can_perform('canputattach', $bug['product'])) { $message->errorPermission(); } $MAXFILESIZE = BSFunctions::fetch_max_php_file_size(); $show['addcomment'] = ((can_perform('canpostcomments', $bug['product'])) ? true : false); $show['obsoletes'] = false; $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); $obsoletes = ''; foreach ($obsoletes_fetch as $obsolete) { $show['obsoletes'] = true; $obsoletes .= "