in['attachmentid'])) { $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); if (!$attachment) { $message->error($lang->getlex('error_invalid_id')); } } $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid']))); if (!$bug) { $message->error($lang->getlex('error_invalid_id')); } // setup logging require_once('./includes/class_history.php'); $log = new History(); $log->bugid = $bug['bugid']; // ################################################################### if ($_POST['do'] == 'insert') { if (!can_perform('canputattach')) { $message->error_permission(); } // create alias $FILE =& $_FILES['attachment']; // PHP errors switch ($FILE['error']) { case 0: break; case 1: $message->error($lang->string('PHP said the file you uploaded was too big.')); break; case 2: $message->error($lang->string('The file exceeds the allowed upload size.')); break; case 3: $message->error($lang->string('The file was only partially uploaded.')); break; case 4: $message->error($lang->string('The file was not uploaded at all.')); break; case 6: $message->error($lang->string('PHP could not find the /tmp directory.')); break; } // did it upload? if (!is_uploaded_file($FILE['tmp_name'])) { $message->error($lang->string('The file you specified did not upload.')); } // #*# put some MIME-type validation here if (!$bugsys->in['description']) { $message->error($lang->string('You need to specify a file description.')); } $filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true); $time = TIMENOW; // insert an attachment $db->query(" INSERT INTO attachment (bugid, filename, mimetype, filesize, attachment, description, dateline, userid) VALUES ($bug[bugid], '" . $bugsys->escape($FILE['name']) . "', '" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ", '$filedata', '" . $bugsys->in['description'] . "', $time, " . $bugsys->userinfo['userid'] . " )" ); // mark obsoletes $obsoletes = $_POST['obsoletes']; if (count($obsoletes) > 0) { array_walk($obsoletes, 'intval'); $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]"); foreach ($obsoletes AS $attachmentid) { $log->attachmentid = $attachmentid; $log->log($log->diff('obsolete', 0, 1)); } } // handle comment stuff if (can_perform('canpostcomments') AND trim($bugsys->in['comment'])) { $bugsys->in['comment_parsed'] = $bugsys->in['comment']; if (!$bugsys->options['allowhtml']) { $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $db->query(" INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES ($bug[bugid], " . $bugsys->userinfo['userid'] . ", $time, '" . $bugsys->in['comment'] . "', '" . nl2br($bugsys->in['comment_parsed']) . "' )" ); } // update the last post data $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]"); $message->redirect($lang->string('The attachment has been added to the bug.'), "showreport.php?bugid=$bug[bugid]"); } // ################################################################### if ($_REQUEST['do'] == 'add') { if (!can_perform('canputattach')) { $message->error_permission(); } $MAXFILESIZE = $funct->fetch_max_attachment_size(); $show['addcomment'] = ((can_perform('canpostcomments')) ? true : false); $show['obsoletes'] = false; $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); $obsoletes = ''; while ($obsolete = $db->fetch_array($obsoletes_fetch)) { $show['obsoletes'] = true; $obsoletes .= "
$obsolete[filename] [$obsolete[description]]
\n"; } eval('$template->flush("' . $template->fetch('newattach') . '");'); } // ################################################################### if ($_POST['do'] == 'update') { if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach')))) { $message->error_permission(); } $db->query(" UPDATE " . TABLE_PREFIX . "attachment SET description = '" . $bugsys->in['description'] . "', obsolete = " . intval($bugsys->in['obsolete']) . " WHERE attachmentid = " . intval($bugsys->in['attachmentid']) ); $hist[1] = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]"); $diff[0] = array_diff_assoc($attachment, $hist[1]); $diff[1] = array_diff_assoc($hist[1], $attachment); $log->attachmentid = $attachment['attachmentid']; $log->log($log->diff('description', $diff[0]['description'], $diff[1]['description'])); $log->log($log->diff('obsolete', $diff[0]['obsolete'], $diff[1]['obsolete'])); $message->redirect($lang->string('The attachment was successfully modified.'), "showreport.php?bugid=$bug[bugid]"); } // ################################################################### if ($_REQUEST['do'] == 'edit') { if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach')))) { $message->error_permission(); } $show['delete'] = ((can_perform('caneditattach')) ? true : false); eval('$template->flush("' . $template->fetch('editattach') . '");'); } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>