in['attachmentid'])) { $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); if (!$attachment) { $message->error($lang->getlex('error_invalid_id')); } } $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid']))); if (!$bug) { $message->error($lang->getlex('error_invalid_id')); } // setup logging require_once('./includes/class_history.php'); $log = new History(); $log->bugid = $bug['bugid']; // ################################################################### if ($_POST['do'] == 'insert') { if (!can_perform('canputattach', $bug['productid'])) { $message->error_permission(); } // max packet size $var = $db->query_first("SHOW VARIABLES LIKE 'max_allowed_packet'"); $bugsys->debug("max_allowed_packet = $var[Value]"); // create alias $FILE =& $_FILES['attachment']; // PHP errors switch ($FILE['error']) { case 0: break; case 1: $message->items[] = $lang->string('PHP said the file you uploaded was too big.'); break; case 2: $message->items[] = $lang->string('The file exceeds the allowed upload size.'); break; case 3: $message->items[] = $lang->string('The file was only partially uploaded.'); break; case 4: $message->items[] = $lang->string('The file was not uploaded at all.'); break; case 6: $message->items[] = $lang->string('PHP could not find the /tmp directory.'); break; } // did it upload? if (!is_uploaded_file($FILE['tmp_name'])) { $message->items[] = $lang->string('The file you specified did not upload.'); } // #*# put some MIME-type validation here if (filesize($FILE['tmp_name']) > $var['Value']) { $message->items[] = $lang->string('The file you specified exceeds MySQL\'s maximum allowed packet.'); } // insert an attachment if (!$message->items) { $filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true); $time = TIMENOW; $db->query(" INSERT INTO " . TABLE_PREFIX . "attachment (bugid, filename, mimetype, filesize, attachment, description, dateline, userid) VALUES ($bug[bugid], '" . $bugsys->escape($FILE['name']) . "', '" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ", '$filedata', '" . $bugsys->in['description'] . "', $time, " . $bugsys->userinfo['userid'] . " )" ); // mark obsoletes $obsoletes = $_POST['obsoletes']; if (count($obsoletes) > 0) { array_walk($obsoletes, 'intval'); $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]"); foreach ($obsoletes AS $attachmentid) { $log->attachmentid = $attachmentid; $log->log($log->diff('obsolete', 0, 1)); } } // handle comment stuff if (can_perform('canpostcomments', $bug['productid']) AND trim($bugsys->in['comment'])) { $bugsys->in['comment_parsed'] = $bugsys->in['comment']; if (!$bugsys->options['allowhtml']) { $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES ($bug[bugid], " . $bugsys->userinfo['userid'] . ", $time, '" . $bugsys->in['comment'] . "', '" . nl2br($bugsys->in['comment_parsed']) . "' )" ); } // update the last post data $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]"); $message->redirect($lang->string('The attachment has been added to the bug.'), "showreport.php?bugid=$bug[bugid]"); } else { $show['errors'] = true; $_REQUEST['do'] = 'add'; $message->error_list_process(); } } // ################################################################### if ($_REQUEST['do'] == 'add') { if (!can_perform('canputattach', $bug['productid'])) { $message->error_permission(); } $MAXFILESIZE = $funct->fetch_max_attachment_size(); $show['addcomment'] = ((can_perform('canpostcomments', $bug['productid'])) ? true : false); $show['obsoletes'] = false; $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); $obsoletes = ''; while ($obsolete = $db->fetch_array($obsoletes_fetch)) { $show['obsoletes'] = true; $obsoletes .= "