https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r367: Only allow quick comment insert if we don't have permission to edit; hackish...
[bugdar.git] / editreport.php
1 <?php
2 /*=====================================================================*\
3 || ################################################################### ||
4 || # BugStrike [#]version[#]
5 || # --------------------------------------------------------------- # ||
6 || # All parts of this file are ©2002-[#]year[#] Iris Studios, Inc. No # ||
7 || # part of this file may be reproduced in any way: part or whole. # ||
8 || # --------------------------------------------------------------- # ||
9 || # ©2002 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com # ||
10 || ################################################################### ||
11 \*=====================================================================*/
12
13 define('SVN', '$Id$');
14
15 $focus['showreport'] = 'focus';
16
17 require_once('./global.php');
18
19 $bug = $db->query_first("
20 SELECT bugvaluefill.*, bug.*, user.email, user.displayname, user.showemail
21 FROM " . TABLE_PREFIX . "bug AS bug
22 LEFT JOIN " . TABLE_PREFIX . "user AS user
23 ON (bug.userid = user.userid)
24 LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugvaluefill
25 ON (bug.bugid = bugvaluefill.bugid)
26 WHERE bug.bugid = " . intval($bugsys->in['bugid'])
27 );
28
29 if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')) AND !can_perform('canpostcomments'))
30 {
31 $message->error_permission();
32 }
33
34 if (!$bug)
35 {
36 $message->error('alert: bad bug');
37 }
38
39 if ($bug['hidden'] AND !can_perform('canviewhidden'))
40 {
41 $message->error_permission();
42 }
43
44 // setup logging
45 require_once('./includes/class_history.php');
46 $log = new History();
47 $log->bugid = $bug['bugid'];
48
49 // ###################################################################
50
51 if ($_POST['do'] == 'update')
52 {
53 // -------------------------------------------------------------------
54 // process comment stuff
55 if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')))
56 {
57 $hascomment = (!empty($bugsys->in['comment'])) ? true : false;
58
59 if ($hascomment OR $autoaction['comment'])
60 {
61 if ($hascomment AND $autoaction['comment'])
62 {
63 $bugsys->in['comment'] .= "\n\n--------------- AUTOMATIC RESPONSE ---------------\n" . $autoaction['comment'];
64 }
65 else if (!$hascomment AND $autoaction['comment'])
66 {
67 $bugsys->in['comment'] = $autoaction['comment'];
68 }
69
70 $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
71
72 if (!$bugsys->options['allowhtml'])
73 {
74 $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
75 }
76
77 $time = TIMENOW;
78
79 $db->query("
80 INSERT INTO " . TABLE_PREFIX . "comment
81 (bugid, userid, dateline, comment, comment_parsed)
82 VALUES
83 (" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ",
84 $time, '" . $bugsys->in['comment'] . "',
85 '" . nl2br($bugsys->in['comment_parsed']) . "'
86 )"
87 );
88
89 $commentid = $db->insert_id();
90
91 $db->query("
92 UPDATE " . TABLE_PREFIX . "bug
93 SET lastposttime = $time,
94 lastpostby = " . $bugsys->userinfo['userid'] . ",
95 hiddenlastposttime = $time,
96 hiddenlastpostby = " . $bugsys->userinfo['userid'] . "
97 WHERE bugid = " . intval($bugsys->in['bugid'])
98 );
99
100 if ($hascomment)
101 {
102 $log->language = 'log_new_comment';
103 $log->arguments = array($commentid);
104 $log->log();
105 }
106 }
107 }
108
109 if (!(((can_perform('caneditown') AND $bugsys->userinfo['userid'] == $comment['userid']) OR can_perform('caneditothers')) AND can_perform('caneditinfo')))
110 {
111 $message->redirect('inserted comment', "showreport.php?bugid=$bug[bugid]");
112 }
113
114 // -------------------------------------------------------------------
115 // do update stuff
116 $pcv = parse_pcv_select($bugsys->in['pcv_select'], true);
117
118 if (!$bugsys->in['summary'])
119 {
120 $message->error('you need to enter a summary');
121 }
122 if (!$pcv)
123 {
124 $message->error('invalid product/component/version');
125 }
126
127 $hist[0] = (array)$db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $bug[bugid]");
128 $hist2[0] = (array)$temp = $noinitialcustom = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugvaluefill WHERE bugid = $bug[bugid]");
129
130 // -------------------------------------------------------------------
131 // start updates
132
133 // auto action
134 $autoaction = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . intval($bugsys->in['autoaction']));
135 if ($autoaction)
136 {
137 $autoaction['fields'] = unserialize($autoaction['fieldchanges']);
138
139 foreach ($autoaction['fields']['builtin'] AS $field => $value)
140 {
141 $bugsys->in["$field"] = $value;
142 }
143
144 foreach ($autoaction['fields']['custom'] AS $field => $value)
145 {
146 $bugsys->in["field$field"] = $value;
147 }
148 }
149
150 process_custom_fields($bug['bugid']);
151
152 $dependencies = preg_split('#([^0-9].*?)#', $bugsys->in['dependency'], -1, PREG_SPLIT_NO_EMPTY);
153 $dependencies = ((count($dependencies) < 1) ? '' : implode(', ', $dependencies));
154
155 // #*# need to put in permission checks here because we do not show the fields the user has no permission to change in the edit section so they'll be blank on update
156
157 $db->query("
158 UPDATE " . TABLE_PREFIX . "bug
159 SET summary = '" . $bugsys->in['summary'] . "',
160 priority = " . intval($bugsys->in['priority']) . ",
161 status = " . intval($bugsys->in['status']) . ",
162 severity = " . intval($bugsys->in['severity']) . ",
163 resolution = " . intval($bugsys->in['resolution']) . ",
164 assignedto = " . intval($bugsys->in['assignedto']) . ",
165 duplicateof = " . intval($bugsys->in['duplicateof']) . ",
166 dependency = '$dependencies',
167 productid = " . $pcv['product'] . ",
168 componentid = " . $pcv['component'] . ",
169 versionid = " . $pcv['version'] . ",
170 hidden = " . intval($bugsys->in['hidden']) . "
171 WHERE bugid = $bug[bugid]"
172 );
173
174 // -------------------------------------------------------------------
175 // do diff history
176
177 $hist[1] = (array)$db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = $bug[bugid]");
178 $hist2[1] = (array)$db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugvaluefill WHERE bugid = $bug[bugid]");
179
180 $diff[0] = array_diff_assoc($hist[0], $hist[1]);
181 $diff[1] = array_diff_assoc($hist[1], $hist[0]);
182
183 $lookupindex = array(
184 'status' => 'status',
185 'severity' => 'severity',
186 'priority' => 'priority',
187 'versionid' => 'version',
188 'assignedto' => 'assignto',
189 'resolution' => 'resolution',
190 'productid' => 'product',
191 'componentid' => 'product'
192 );
193
194 $log->language = 'log_update_bug';
195
196 foreach ($diff AS $num => $diffs)
197 {
198 foreach ($diffs AS $key => $value)
199 {
200 if (!isset($lookupindex["$key"]))
201 {
202 continue;
203 }
204
205 $ref = $lookupindex["$key"];
206 $temp =& $bugsys->datastore["$ref"]["$value"];
207 $thevalue = $temp["$ref"];
208 $idbit = ' (id: ' . $temp["$ref" . 'id'] . ')';
209
210 if ($key == 'assignedto')
211 {
212 $thevalue = (($temp['userid']) ? construct_user_display($temp) : '');
213 $idbit = '';
214 }
215 else if ($key == 'productid' OR $key == 'componentid')
216 {
217 $ref = 'product';
218 $thevalue = $temp['title'];
219 }
220
221 $diff["$num"]["$key"] = (($thevalue) ? $thevalue . $idbit : '');
222 }
223 }
224
225 foreach ($diff[1] AS $key => $value)
226 {
227 $log->log($log->diff($key, $diff[0]["$key"], $diff[1]["$key"]));
228 }
229
230 $diff2[0] = array_diff_assoc($hist2[0], $hist2[1]);
231 $diff2[1] = array_diff_assoc($hist2[1], $hist2[0]);
232
233 if ($noinitialcustom === false)
234 {
235 $canallowempty = true;
236 $checkbox = $db->query("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE type = 'input_checkbox'");
237 while ($box = $db->fetch_array($checkbox))
238 {
239 $boxlist[] = 'field' . $box['fieldid'];
240 }
241 }
242
243 foreach ($diff2[1] AS $key => $value)
244 {
245 if (in_array($key, $boxlist) AND $canallowempty)
246 {
247 $log->allowempty = true;
248 }
249 else
250 {
251 $log->allowempty = false;
252 }
253
254 if ($key == 'bugid')
255 {
256 continue;
257 }
258
259 $log->log($log->diff('custom_' . $key, $diff2[0]["$key"], $diff2[1]["$key"]));
260 }
261
262 $log->allowempty = false;
263
264 $hascomment = (!empty($bugsys->in['comment'])) ? true : false;
265
266 if ($hascomment OR $autoaction['comment'])
267 {
268 if ($hascomment AND $autoaction['comment'])
269 {
270 $bugsys->in['comment'] .= "\n\n--------------- AUTOMATIC RESPONSE ---------------\n" . $autoaction['comment'];
271 }
272 else if (!$hascomment AND $autoaction['comment'])
273 {
274 $bugsys->in['comment'] = $autoaction['comment'];
275 }
276
277 $bugsys->in['comment_parsed'] = $bugsys->in['comment'];
278
279 if (!$bugsys->options['allowhtml'])
280 {
281 $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
282 }
283
284 $time = TIMENOW;
285
286 $db->query("
287 INSERT INTO " . TABLE_PREFIX . "comment
288 (bugid, userid, dateline, comment, comment_parsed)
289 VALUES
290 (" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ",
291 $time, '" . $bugsys->in['comment'] . "',
292 '" . nl2br($bugsys->in['comment_parsed']) . "'
293 )"
294 );
295
296 $commentid = $db->insert_id();
297
298 $db->query("
299 UPDATE " . TABLE_PREFIX . "bug
300 SET lastposttime = $time,
301 lastpostby = " . $bugsys->userinfo['userid'] . ",
302 hiddenlastposttime = $time,
303 hiddenlastpostby = " . $bugsys->userinfo['userid'] . "
304 WHERE bugid = " . intval($bugsys->in['bugid'])
305 );
306
307 if ($hascomment)
308 {
309 $log->language = 'log_new_comment';
310 $log->arguments = array($commentid);
311 $log->log();
312 }
313 }
314
315
316 $message->redirect('done with update bug', "showreport.php?bugid=$bug[bugid]");
317 }
318
319 /*=====================================================================*\
320 || ###################################################################
321 || # $HeadURL$
322 || # $Id$
323 || ###################################################################
324 \*=====================================================================*/
325 ?>
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.