attachment.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # BugStrike [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
   7 || # This file may not be reproduced in any way without permission.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # User License Agreement at http://www.iris-studios.com/license/  # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 $fetchtemplates = array(
  14         'newattach',
  15         'editattach'
  16 );
  17
  18 require_once('./global.php');
  19
  20 if (isset($bugsys->in['attachmentid']))
  21 {
  22         $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid']));
  23         if (!$attachment)
  24         {
  25                 echo 'alert: bad attachment';
  26                 exit;
  27         }
  28 }
  29
  30 $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid'])));
  31 if (!$bug)
  32 {
  33         echo 'alert: bad bug';
  34         exit;
  35 }
  36
  37 // ###################################################################
  38
  39 if ($_REQUEST['do'] == 'kill')
  40 {
  41         if (!can_perform('caneditattach'))
  42         {
  43                 echo 'alert: no permission';
  44                 exit;
  45         }
  46
  47         $db->query("DELETE FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]");
  48
  49         log_action($bug['bugid'], 'log_kill_attachment', array($attachment['attachmentid']));
  50
  51         echo "<a href=\"showreport.php?bugid=$bug[bugid]\">attachment removed</a>";
  52 }
  53
  54 // ###################################################################
  55
  56 if ($_REQUEST['do'] == 'delete')
  57 {
  58         if (!can_perform('caneditattach'))
  59         {
  60                 echo 'alert: no permission';
  61                 exit;
  62         }
  63
  64         echo "are you sure you want to delete this attachment? <a href=\"attachment.php?do=kill&amp;attachmentid=$attachment[attachmentid]\">yes</a>";
  65 }
  66
  67 // ###################################################################
  68
  69 if ($_POST['do'] == 'insert')
  70 {
  71         if (!can_perform('canputattach'))
  72         {
  73                 echo 'alert: no permission';
  74                 exit;
  75         }
  76
  77         // create alias
  78         $FILE =& $_FILES['attachment'];
  79
  80         // PHP errors
  81         switch ($FILE['error'])
  82         {
  83                 case 0: break;
  84                 case 1: echo 'PHP said the file you uploaded was too big.'; exit; break;
  85                 case 2: echo 'The file exceeds the allowed upload size.'; exit; break;
  86                 case 3: echo 'The file was only partially uploaded.'; exit; break;
  87                 case 4: echo 'The file was not uploaded at all.'; exit; break;
  88                 case 6: echo 'PHP could not find the /tmp directory.'; exit; break;
  89         }
  90
  91         // did it upload?
  92         if (!is_uploaded_file($FILE['tmp_name']))
  93         {
  94                 echo 'The file you specified did not upload.';
  95                 exit;
  96         }
  97
  98         // #*# put some MIME-type validation here
  99
 100         if (!$bugsys->in['description'])
 101         {
 102                 echo 'you need a file description!';
 103                 exit;
 104         }
 105
 106         $filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true);
 107         $time = time();
 108
 109         // insert an attachment
 110         $db->query("
 111                 INSERT INTO attachment
 112                         (bugid, filename, mimetype, filesize,
 113                         attachment, description, dateline, userid)
 114                 VALUES
 115                         ($bug[bugid], '" . $bugsys->escape($FILE['name']) . "',
 116                         '" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ",
 117                         '$filedata', '" . $bugsys->in['description'] . "', $time,
 118                         " . $bugsys->userinfo['userid'] . "
 119                 )"
 120         );
 121
 122         $attachmentid = $db->insert_id();
 123         log_action($bug['bugid'], 'log_new_attachment', array($FILE['name'], $attachmentid));
 124
 125         // mark obsoletes
 126         $obsoletes = $_POST['obsoletes'];
 127         array_walk($obsoletes, 'intval');
 128         $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]");
 129
 130         log_action($bug['bugid'], 'log_mark_obsoletes', array($attachmentid, $FILE['name'], implode(', ', $obsoletes)));
 131
 132         // handle comment stuff
 133         if (can_perform('canpostcomments') AND trim($bugsys->in['comment']))
 134         {
 135                 $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
 136
 137                 if (!$bugsys->options['allowhtml'])
 138                 {
 139                         $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
 140                 }
 141
 142                 $db->query("
 143                         INSERT INTO " . TABLE_PREFIX . "comment
 144                                 (bugid, userid, dateline, comment, comment_parsed)
 145                         VALUES
 146                                 ($bug[bugid], " . $bugsys->userinfo['userid'] . ",
 147                                 $time, '" . $bugsys->in['comment'] . "',
 148                                 '" . nl2br($bugsys->in['comment_parsed']) . "'
 149                         )"
 150                 );
 151
 152                 $commentid = $db->insert_id();
 153
 154                 log_action($bug['bugid'], 'log_new_attachment_comment', array($attachmentid, $commentid));
 155         }
 156
 157         // update the last post data
 158         $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]");
 159
 160         echo "<a href=\"showreport.php?bugid=$bug[bugid]\">attachment added</a>";
 161 }
 162
 163 // ###################################################################
 164
 165 if ($_REQUEST['do'] == 'add')
 166 {
 167         if (!can_perform('canputattach'))
 168         {
 169                 echo 'alert: no permission';
 170                 exit;
 171         }
 172
 173         $MAXFILESIZE = $funct->fetch_max_attachment_size();
 174
 175         $show['addcomment'] = ((can_perform('canpostcomments')) ? true : false);
 176         $show['obsoletes'] = false;
 177
 178         $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete");
 179         $obsoletes = '';
 180         while ($obsolete = $db->fetch_array($obsoletes_fetch))
 181         {
 182                 $show['obsoletes'] = true;
 183                 $obsoletes .= "<div><input name=\"obsoletes[]\" type=\"checkbox\" value=\"$obsolete[attachmentid]\" /> $obsolete[filename] [$obsolete[description]]</div>\n";
 184         }
 185
 186         eval('$template->flush("' . $template->fetch('newattach') . '");');
 187 }
 188
 189 // ###################################################################
 190
 191 if ($_POST['do'] == 'update')
 192 {
 193         if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
 194         {
 195                 echo 'alert: no permssion';
 196                 exit;
 197         }
 198
 199         $db->query("
 200                 UPDATE " . TABLE_PREFIX . "attachment
 201                 SET description = '" . $bugsys->in['description'] . "',
 202                         obsolete = " . intval($bugsys->in['obsolete']) . "
 203                 WHERE attachmentid = " . intval($bugsys->in['attachmentid'])
 204         );
 205
 206         $hist[1] = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]");
 207
 208         $diff[0] = array_diff_assoc($attachment, $hist[1]);
 209         $diff[1] = array_diff_assoc($hist[1], $attachment);
 210
 211         log_action($bug['bugid'], 'log_update_attachment', array($attachment['attachmentid'], intval($bugsys->in['obsolete'])));
 212
 213         echo "<a href=\"showreport.php?bugid=$bug[bugid]\">attachment updated</a>";
 214 }
 215
 216 // ###################################################################
 217
 218 if ($_REQUEST['do'] == 'edit')
 219 {
 220         if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
 221         {
 222                 echo 'alert: no permssion';
 223                 exit;
 224         }
 225
 226         $show['delete'] = ((can_perform('caneditattach')) ? true : false);
 227
 228         eval('$template->flush("' . $template->fetch('editattach') . '");');
 229 }
 230
 231 /*=====================================================================*\
 232 || ###################################################################
 233 || # $HeadURL$
 234 || # $Id$
 235 || ###################################################################
 236 \*=====================================================================*/
 237 ?>