in['attachmentid']))
{
$attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid']));
if (!$attachment)
{
echo 'alert: bad attachment';
exit;
}
}
$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid'])));
if (!$bug)
{
echo 'alert: bad bug';
exit;
}
// ###################################################################
if ($_REQUEST['do'] == 'kill')
{
if (!can_perform('caneditattach'))
{
echo 'alert: no permission';
exit;
}
$db->query("DELETE FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = $attachment[attachmentid]");
echo "attachment removed";
}
// ###################################################################
if ($_REQUEST['do'] == 'delete')
{
if (!can_perform('caneditattach'))
{
echo 'alert: no permission';
exit;
}
echo "are you sure you want to delete this attachment? yes";
}
// ###################################################################
if ($_POST['do'] == 'insert')
{
if (!can_perform('canputattach'))
{
echo 'alert: no permission';
exit;
}
// create alias
$FILE =& $_FILES['attachment'];
// PHP errors
switch ($FILE['error'])
{
case 0: break;
case 1: echo 'PHP said the file you uploaded was too big.'; exit; break;
case 2: echo 'The file exceeds the allowed upload size.'; exit; break;
case 3: echo 'The file was only partially uploaded.'; exit; break;
case 4: echo 'The file was not uploaded at all.'; exit; break;
case 6: echo 'PHP could not find the /tmp directory.'; exit; break;
}
// did it upload?
if (!is_uploaded_file($FILE['tmp_name']))
{
echo 'The file you specified did not upload.';
exit;
}
// #*# put some MIME-type validation here
if (!$bugsys->in['description'])
{
echo 'you need a file description!';
exit;
}
$filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true);
$time = time();
// insert an attachment
$db->query("
INSERT INTO attachment
(bugid, filename, mimetype, filesize,
attachment, description, dateline, userid)
VALUES
($bug[bugid], '" . $bugsys->escape($FILE['name']) . "',
'" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ",
'$filedata', '" . $bugsys->in['description'] . "', $time,
" . $bugsys->userinfo['userid'] . "
)"
);
// mark obsoletes
$obsoletes = $_POST['obsoletes'];
array_walk($obsoletes, 'intval');
$db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]");
// handle comment stuff
if (can_perform('canpostcomments') AND trim($bugsys->in['comment']))
{
$bugsys->in['comment_parsed'] = $bugsys->in['comment'];
if (!$bugsys->options['allowhtml'])
{
$bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
}
$db->query("
INSERT INTO " . TABLE_PREFIX . "comment
(bugid, userid, dateline, comment, comment_parsed)
VALUES
($bug[bugid], " . $bugsys->userinfo['userid'] . ",
$time, '" . $bugsys->in['comment'] . "',
'" . nl2br($bugsys->in['comment_parsed']) . "'
)"
);
}
// update the last post data
$db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]");
echo "attachment added";
}
// ###################################################################
if ($_REQUEST['do'] == 'add')
{
if (!can_perform('canputattach'))
{
echo 'alert: no permission';
exit;
}
$MAXFILESIZE = $funct->fetch_max_attachment_size();
$show['addcomment'] = ((can_perform('canpostcomments')) ? true : false);
$show['obsoletes'] = false;
$obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete");
$obsoletes = '';
while ($obsolete = $db->fetch_array($obsoletes_fetch))
{
$show['obsoletes'] = true;
$obsoletes .= " $obsolete[filename] [$obsolete[description]]
\n";
}
eval('$template->flush("' . $template->fetch('newattach') . '");');
}
// ###################################################################
if ($_POST['do'] == 'update')
{
if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
{
echo 'alert: no permssion';
exit;
}
$db->query("
UPDATE " . TABLE_PREFIX . "attachment
SET description = '" . $bugsys->in['description'] . "',
obsolete = " . intval($bugsys->in['obsolete']) . "
WHERE attachmentid = " . intval($bugsys->in['attachmentid'])
);
echo "attachment updated";
}
// ###################################################################
if ($_REQUEST['do'] == 'edit')
{
if (!(can_perform('caneditattach') OR ($attachment['userid'] == $bugsys->userinfo['userid'] AND can_perform('canputattach'))))
{
echo 'alert: no permssion';
exit;
}
$show['delete'] = ((can_perform('caneditattach')) ? true : false);
eval('$template->flush("' . $template->fetch('editattach') . '");');
}
/*=====================================================================*\
|| ###################################################################
|| # $HeadURL$
|| # $Id$
|| ###################################################################
\*=====================================================================*/
?>