From 172d9d65f4cf0cdc6a27d4a4b38a7540d909a442 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Fri, 13 May 2005 23:59:04 +0000 Subject: [PATCH] r122: Initial code for attachment system. Currently it handles file uploads, obsolete marking, and comment creation --- attachment.php | 224 ++++++++++++++++++++++++++++++++ docs/schema_changes.sql | 16 ++- templates/default/newattach.tpl | 26 ++++ 3 files changed, 265 insertions(+), 1 deletion(-) create mode 100755 attachment.php create mode 100644 templates/default/newattach.tpl diff --git a/attachment.php b/attachment.php new file mode 100755 index 0000000..d5539db --- /dev/null +++ b/attachment.php @@ -0,0 +1,224 @@ +in['attachmentid'])) +{ + $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); + if (!$attachment) + { + echo 'alert: bad attachment'; + exit; + } +} + +// ################################################################### + +if (empty($_REQUEST['do'])) +{ + $_REQUEST['do'] = 'modify'; +} +else +{ + $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid'])); + if (!$bug) + { + echo 'alert: bad bug'; + exit; + } +} + +// ################################################################### + +if ($_REQUEST['do'] == 'kill') +{ + // run code to remove item in database +} + +// ################################################################### + +if ($_REQUEST['do'] == 'delete') +{ + // display delete confirmation message +} + +// ################################################################### + +if ($_POST['do'] == 'insert') +{ + if (!can_perform('canputattach')) + { + echo 'alert: no permission'; + exit; + } + + // create alias + $FILE =& $_FILES['attachment']; + + // PHP errors + switch ($FILE['error']) + { + case 0: break; + case 1: echo 'PHP said the file you uploaded was too big.'; exit; break; + case 2: echo 'The file exceeds the allowed upload size.'; exit; break; + case 3: echo 'The file was only partially uploaded.'; exit; break; + case 4: echo 'The file was not uploaded at all.'; exit; break; + case 6: echo 'PHP could not find the /tmp directory.'; exit; break; + } + + // did it upload? + if (!is_uploaded_file($FILE['tmp_name'])) + { + echo 'The file you specified did not upload.'; + exit; + } + + // put some MIME-type validation here + + if (!$bugsys->in['description']) + { + echo 'you need a file description!'; + exit; + } + + $filedata = $bugsys->escape(file_get_contents($FILE['tmp_name']), true, true); + $time = time(); + + // insert an attachment + $db->query(" + INSERT INTO attachment + (bugid, filename, mimetype, filesize, + attachment, description, dateline, userid) + VALUES + ($bug[bugid], '" . $bugsys->escape($FILE['name']) . "', + '" . $bugsys->escape($FILE['type']) . "', " . intval($FILE['size']) . ", + '$filedata', '" . $bugsys->in['description'] . "', $time, + " . $bugsys->userinfo['userid'] . " + )" + ); + + // mark obsoletes + $obsoletes = $_POST['obsoletes']; + array_walk($obsoletes, 'intval'); + $db->query("UPDATE " . TABLE_PREFIX . "attachment SET obsolete = 1 WHERE attachmentid IN (" . implode(',', $obsoletes) . ") AND !obsolete AND bugid = $bug[bugid]"); + + // handle comment stuff + if (can_perform('canpostcomments') AND trim($bugsys->in['comment'])) + { + $bugsys->in['comment_parsed'] = $bugsys->in['comment']; + + if (!$bugsys->options['allowhtml']) + { + $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); + } + + $db->query(" + INSERT INTO " . TABLE_PREFIX . "comment + (bugid, userid, dateline, comment, comment_parsed) + VALUES + ($bug[bugid], " . $bugsys->userinfo['userid'] . ", + $time, '" . $bugsys->in['comment'] . "', + '" . nl2br($bugsys->in['comment_parsed']) . "' + )" + ); + } + + // update the last post data + $db->query("UPDATE " . TABLE_PREFIX . "bug SET lastposttime = $time, lastpostby = " . $bugsys->userinfo['userid'] . " WHERE bugid = $bug[bugid]"); + + echo "attachment added"; + +} + +// ################################################################### + +if ($_REQUEST['do'] == 'add') +{ + if (!can_perform('canputattach')) + { + echo 'alert: no permission'; + exit; + } + + $MAXFILESIZE = $funct->fetch_max_attachment_size(); + + $show['addcomment'] = ((can_perform('canpostcomments')) ? true : false); + $show['obsoletes'] = false; + + $obsoletes_fetch = $db->query("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE bugid = $bug[bugid] AND !obsolete"); + $obsoletes = ''; + while ($obsolete = $db->fetch_array($obsoletes_fetch)) + { + $show['obsoletes'] = true; + $obsoletes .= "
$obsolete[filename] [$obsolete[description]]
\n"; + } + + eval('$template->flush("' . $template->fetch('newattach') . '");'); +} + +// ################################################################### + +if ($_POST['do'] == 'update') +{ + // run code to update item in database +} + +// ################################################################### + +if ($_REQUEST['do'] == 'edit') +{ + // display form to edit item +} + +// ################################################################### + +if ($_REQUEST['do'] == 'modify') +{ + if (!can_perform('cangetattach')) + { + echo 'alert: no permission'; + exit; + } + + ob_clean(); + ob_end_clean(); + + if ($funct->fetch_extension($attachment['filename']) != 'txt') + { + header("Content-Disposition: inline; filename=$attachment[filename]"); + header("Content-transfer-encoding: binary"); + } + else + { + header("Content-Disposition: attachment; filename=$attachment[filename]"); + } + header("Content-Length: " . strlen($attachment['attachment'])); + header("Content-Type: $attachment[mimetype]"); + + print($attachment['attachment']); +} + +/*=====================================================================*\ +|| ################################################################### +|| # $HeadURL$ +|| # $Id$ +|| ################################################################### +\*=====================================================================*/ +?> \ No newline at end of file diff --git a/docs/schema_changes.sql b/docs/schema_changes.sql index 4c9689a..181a88c 100644 --- a/docs/schema_changes.sql +++ b/docs/schema_changes.sql @@ -1,3 +1,17 @@ ## SVN $Id$ -ALTER TABLE `status` ADD `color` VARCHAR(10) NOT NULL; \ No newline at end of file +ALTER TABLE `status` ADD `color` VARCHAR(10) NOT NULL; + +CREATE TABLE `attachment` ( + `attachmentid` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT, + `bugid` INT(10) UNSIGNED NOT NULL, + `filename` VARCHAR(255) NOT NULL, + `mimetype` VARCHAR(255) NOT NULL, + `filesize` INT(20) UNSIGNED NOT NULL, + `attachment` MEDIUMTEXT NOT NULL, + `description` VARCHAR(255) NOT NULL, + `dateline` INT(20) UNSIGNED NOT NULL, + `userid` INT(10) UNSIGNED NOT NULL, + `obsolete` INT(1) UNSIGNED NOT NULL, + PRIMARY KEY (`attachmentid`) +); \ No newline at end of file diff --git a/templates/default/newattach.tpl b/templates/default/newattach.tpl new file mode 100644 index 0000000..0bff692 --- /dev/null +++ b/templates/default/newattach.tpl @@ -0,0 +1,26 @@ +
+ + + + + +
Description:
+ + +
Mark the Following Attachments Obsolete: + $obsoletes +
+ + + +
Add Comment: +
+ +
+
+ + + + + +
\ No newline at end of file -- 2.22.5