in['attachmentid']))
{
$attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid']));
if (!$attachment)
{
$message->error(lang::p('error_invalid_id'));
}
}
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid'])));
if (!$bug)
{
$message->error(lang::p('error_invalid_id'));
}
// setup logging
require_once('./includes/class_history.php');
$log = new History();
$log->bugid = $bug['bugid'];
// ###################################################################
if ($_REQUEST['do'] == 'kill')
{
if (!can_perform('caneditattach'))
{
$message->error_permission();
}
$db->query("DELETE FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]");
$log->language = 'log_kill_attachment';
$log->arguments = array($attachment['attachmentid']);
$log->allowempty = true;
$log->log();
$message->redirect(lang::p('attachment_deleted'), "showreport.php?bugid=$bug[bugid]");
}
// ###################################################################
if ($_REQUEST['do'] == 'delete')
{
if (!can_perform('caneditattach'))
{
$message->error_permission();
}
$message->message(lang::r("are you sure you want to delete this attachment? yes"));
}
// ###################################################################
if ($_POST['do'] == 'insert')
{
if (!can_perform('canputattach'))
{
$message->error_permission();
}
// create alias
$FILE =& $_FILES['attachment'];
// PHP errors
switch ($FILE['error'])
{
case 0: break;
case 1: $message->error(lang::p('error_file_too_big_php')); break;
case 2: $message->error(lang::p('error_file_too_big')); break;
case 3: $message->error(lang::p('error_file_partial_upload')); break;
case 4: $message->error(lang::p('error_file_not_uploaded_at_all')); break;
case 6: $message->error(lang::p('error_file_not_in_tmp')); break;
}
// did it upload?
if (!is_uploaded_file($FILE['tmp_name']))
{
$message->error(lang::p('error_file_not_uploaded'));
}
// #*# put some MIME-type validation here
if (!$bugsys->in['description'])
{
$message->error(lang::p('error_need_file_description'));
}
$filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true);
$time = TIMENOW;
// insert an attachment
$db->query("
INSERT INTO attachment
(bugid, filename, mimetype, filesize,
attachment, description, dateline, userid)
VALUES
($bug[bugid], '" . $bugsys->escape($FILE['name']) . "',
'" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ",
'$filedata', '" . $bugsys->in['description'] . "', $time,
" . $bugsys->userinfo['userid'] . "
)"
);
$attachmentid = $db->insert_id();
$log->language = 'log_new_attachment';
$log->arguments = array($FILE['name'], $attachmentid);
$log->allowempty = true;
$log->log();
// mark obsoletes
$obsoletes = $_POST['obsoletes'];
if (count($obsoletes) > 0)
{
array_walk($obsoletes, 'intval');
$db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]");
$log->language = 'log_mark_obsoletes';
$log->arguments = array($attachmentid, $FILE['name'], implode(', ', $obsoletes));
$log->log($log->diff(lang::p('obsoleted_attachments'), '', implode(', ', $obsoletes)));
}
// handle comment stuff
if (can_perform('canpostcomments') AND trim($bugsys->in['comment']))
{
$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
if (!$bugsys->options['allowhtml'])
{
$bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
}
$db->query("
INSERT INTO " . TABLE_PREFIX . "comment
(bugid, userid, dateline, comment, comment_parsed)
VALUES
($bug[bugid], " . $bugsys->userinfo['userid'] . ",
$time, '" . $bugsys->in['comment'] . "',
'" . nl2br($bugsys->in['comment_parsed']) . "'
)"
);
$commentid = $db->insert_id();
$log->language = 'log_new_attachment_comment';
$log->arguments = array($attachmentid, $commentid);
$log->allowempty = true;
$log->log();
}
// update the last post data
$db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]");
$message->redirect(lang::p('attachment_added'), "showreport.php?bugid=$bug[bugid]");
}
// ###################################################################
if ($_REQUEST['do'] == 'add')
{
if (!can_perform('canputattach'))
{
$message->error_permission();
}
$MAXFILESIZE = $funct->fetch_max_attachment_size();
$show['addcomment'] = ((can_perform('canpostcomments')) ? true : false);
$show['obsoletes'] = false;
$obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete");
$obsoletes = '';
while ($obsolete = $db->fetch_array($obsoletes_fetch))
{
$show['obsoletes'] = true;
$obsoletes .= " $obsolete[filename] [$obsolete[description]]
\n";
}
eval('$template->flush("' . $template->fetch('newattach') . '");');
}
// ###################################################################
if ($_POST['do'] == 'update')
{
if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
{
$message->error_permission();
}
$db->query("
UPDATE " . TABLE_PREFIX . "attachment
SET description = '" . $bugsys->in['description'] . "',
obsolete = " . intval($bugsys->in['obsolete']) . "
WHERE attachmentid = " . intval($bugsys->in['attachmentid'])
);
$hist[1] = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]");
$diff[0] = array_diff_assoc($attachment, $hist[1]);
$diff[1] = array_diff_assoc($hist[1], $attachment);
$log->language = 'log_update_attachment';
$log->arguments = array($attachment['attachmentid']);
$log->log($log->diff('description', $diff[0]['description'], $diff[1]['description']));
$log->log($log->diff('obsolete', $diff[0]['obsolete'], $diff[1]['obsolete']));
$message->redirect(lang::p('attachment_updated'), "showreport.php?bugid=$bug[bugid]");
}
// ###################################################################
if ($_REQUEST['do'] == 'edit')
{
if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
{
$message->error_permission();
}
$show['delete'] = ((can_perform('caneditattach')) ? true : false);
eval('$template->flush("' . $template->fetch('editattach') . '");');
}
/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>