in['attachmentid'])) { $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); if (!$attachment) { $message->error($lang->getlex('error_invalid_id')); } } $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid']))); if (!$bug) { $message->error($lang->getlex('error_invalid_id')); } // setup logging require_once('./includes/class_history.php'); $log = new History(); $log->bugid = $bug['bugid']; // ################################################################### if ($_REQUEST['do'] == 'kill') { if (!can_perform('caneditattach')) { $message->error_permission(); } $db->query("DELETE FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]"); $log->arguments = array($attachment['attachmentid']); $log->allowempty = true; $log->log(); $message->redirect($lang->string('The attachment has been removed.'), "showreport.php?bugid=$bug[bugid]"); } // ################################################################### if ($_REQUEST['do'] == 'delete') { if (!can_perform('caneditattach')) { $message->error_permission(); } $message->message(sprintf($lang->string('Are you sure want to delete this attachment (id: %1$s)? Yes'), $attachment['attachmentid'])); } // ################################################################### if ($_POST['do'] == 'insert') { if (!can_perform('canputattach')) { $message->error_permission(); } // create alias $FILE =& $_FILES['attachment']; // PHP errors switch ($FILE['error']) { case 0: break; case 1: $message->error($lang->string('PHP said the file you uploaded was too big.')); break; case 2: $message->error($lang->string('The file exceeds the allowed upload size.')); break; case 3: $message->error($lang->string('The file was only partially uploaded.')); break; case 4: $message->error($lang->string('The file was not uploaded at all.')); break; case 6: $message->error($lang->string('PHP could not find the /tmp directory.')); break; } // did it upload? if (!is_uploaded_file($FILE['tmp_name'])) { $message->error($lang->string('The file you specified did not upload.')); } // #*# put some MIME-type validation here if (!$bugsys->in['description']) { $message->error($lang->string('You need to specify a file description.')); } $filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true); $time = TIMENOW; // insert an attachment $db->query(" INSERT INTO attachment (bugid, filename, mimetype, filesize, attachment, description, dateline, userid) VALUES ($bug[bugid], '" . $bugsys->escape($FILE['name']) . "', '" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ", '$filedata', '" . $bugsys->in['description'] . "', $time, " . $bugsys->userinfo['userid'] . " )" ); // mark obsoletes $obsoletes = $_POST['obsoletes']; if (count($obsoletes) > 0) { array_walk($obsoletes, 'intval'); $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]"); $log->arguments = array($attachmentid, $FILE['name'], implode(', ', $obsoletes)); $log->log($log->diff($lang->string('Obsoleted attachments'), '', implode(', ', $obsoletes))); } // handle comment stuff if (can_perform('canpostcomments') AND trim($bugsys->in['comment'])) { $bugsys->in['comment_parsed'] = $bugsys->in['comment']; if (!$bugsys->options['allowhtml']) { $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES ($bug[bugid], " . $bugsys->userinfo['userid'] . ", $time, '" . $bugsys->in['comment'] . "', '" . nl2br($bugsys->in['comment_parsed']) . "' )" ); } // update the last post data $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]"); $message->redirect($lang->string('The attachment has been added to the bug.'), "showreport.php?bugid=$bug[bugid]"); } // ################################################################### if ($_REQUEST['do'] == 'add') { if (!can_perform('canputattach')) { $message->error_permission(); } $MAXFILESIZE = $funct->fetch_max_attachment_size(); $show['addcomment'] = ((can_perform('canpostcomments')) ? true : false); $show['obsoletes'] = false; $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); $obsoletes = ''; while ($obsolete = $db->fetch_array($obsoletes_fetch)) { $show['obsoletes'] = true; $obsoletes .= "