logo       
<prev   next>

mantisbt proj_doc_add.php,1.45,1.46 proj_doc_add_page.php,1.28,1.29 proj_do: msg#00035

Subject: mantisbt proj_doc_add.php,1.45,1.46 proj_doc_add_page.php,1.28,1.29 proj_doc_delete.php,1.21,1.22 proj_doc_page.php,1.41,1.42 proj_doc_update.php,1.22,1.23 
Update of /cvsroot/mantisbt/mantisbt
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25740

Modified Files:
        proj_doc_add.php proj_doc_add_page.php proj_doc_delete.php 
        proj_doc_page.php proj_doc_update.php 
Log Message:
fix for  0004675: If you upload a file (using 'edit' on a exisiting document) 
  the filename will not be obfuscated
fixed all proj_doc* pages to use config upload_project_file_threshold instead of
  hardcoded constant
replaced file will re-use obfuscated name from database (although content may 
change)


Index: proj_doc_add_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_add_page.php,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- proj_doc_add_page.php       12 Apr 2004 21:04:36 -0000      1.28
+++ proj_doc_add_page.php       8 Oct 2004 19:57:46 -0000       1.29
@@ -26,6 +26,8 @@
        if ( ! file_allow_project_upload() ) {
                access_denied();
        }
+
+       access_ensure_project_level( config_get( 
'upload_project_file_threshold' ) );
 ?>
 <?php html_page_top1() ?>
 <?php html_page_top2() ?>

Index: proj_doc_update.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_update.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- proj_doc_update.php 5 Aug 2004 17:34:16 -0000       1.22
+++ proj_doc_update.php 8 Oct 2004 19:57:46 -0000       1.23
@@ -19,9 +19,8 @@
        if ( OFF == config_get( 'enable_project_documentation' ) ) {
                access_denied();
        }
-
-       # @@@ Need to obtain the project_id from the file once we have an API 
for that  
-       access_ensure_project_level( MANAGER );
+       
+       access_ensure_project_level( config_get( 
'upload_project_file_threshold' ) );
 
        $f_file_id              = gpc_get_int( 'file_id' );
        $f_title                = gpc_get_string( 'title' );
@@ -36,56 +35,62 @@
        $c_description  = db_prepare_string( $f_description );
 
        $f_file         = gpc_get_file( 'file' );
-       
-       $result = 0;
-       $good_upload = 0;
-       $disallowed = 0;
+       $t_project_file_table = config_get( 'mantis_project_file_table' );
+
+       #@@@ (thraxisp) this code should probably be integrated into file_api 
to share
+       #  methods used to store files
 
        extract( $f_file, EXTR_PREFIX_ALL, 'v' );
 
-       if ( !file_type_check( $v_name ) )
-       {
-               $disallowed = 1;
+       if ( !file_type_check( $v_name ) ) {
+               trigger_error( ERROR_FILE_NOT_ALLOWED, ERROR );
+       }  
+
+       if ( !is_readable( $v_tmp_name ) && DISK != config_get( 
'file_upload_method' ) ) {
+               trigger_error( ERROR_UPLOAD_FAILURE, ERROR );
        }
-       else if ( is_uploaded_file( $v_tmp_name ) )
-       {
-               $good_upload = 1;
 
+       if ( is_uploaded_file( $v_tmp_name ) ) {
                $t_project_id = helper_get_current_project();
 
-               # grab the file path and name
-               $t_file_path = project_get_field( $t_project_id, 'file_path' );
-               $t_prefix = config_get( 'document_files_prefix' );
-               if ( !is_blank( $t_prefix ) ) {
-                       $t_prefix .= '-';
-               }
-               $t_file_name = $t_prefix . project_format_id ( $t_project_id ) 
. '-' . $v_name;
+               # grab the original file path and name
+               $t_disk_file_name = file_get_field( $f_file_id, 'diskfile', 
'project' );
+               $t_file_path =  dirname( $t_disk_file_name );
 
                # prepare variables for insertion
                $c_title = db_prepare_string( $f_title );
                $c_description = db_prepare_string( $f_description );
-               $c_file_path = db_prepare_string( $t_file_path );
-               $c_file_name = db_prepare_string( $t_file_name );
+               $c_file_name = db_prepare_string( $v_name );
                $c_file_type = db_prepare_string( $v_type );
-               $c_file_size = db_prepare_int( $v_size );
+               if ( is_readable ( $v_tmp_name ) ) { 
+                       $t_file_size = filesize( $v_tmp_name );
+               } else {
+                               //try to get filesize from 'post' data
+                               //@@@ fixme - this should support >1 file ? 
+                       global $HTTP_POST_FILES;
+                       $t_file_size = $HTTP_POST_FILES['file']['size'];
+               }
+               $c_file_size = db_prepare_int( $t_file_size );
 
                $t_method = config_get( 'file_upload_method' );         
                switch ( $t_method ) {
                        case FTP:
-                       case DISK:      file_ensure_valid_upload_path( 
$t_file_path );
+                       case DISK:
+                                               file_ensure_valid_upload_path( 
$t_file_path );
 
-                                               if ( !file_exists( 
$t_file_path.$t_file_name ) ) {
-                                                       if ( FTP == $t_method ) 
{
-                                                               $conn_id = 
file_ftp_connect();
-                                                               file_ftp_put ( 
$conn_id, $t_file_name, $v_tmp_name );
-                                                               
file_ftp_disconnect ( $conn_id );
-                                                       }
-                                                       umask( 0333 );  # make 
read only
-                                                       copy( $v_tmp_name, 
$t_file_path . $t_file_name );
-                                                       $c_content = '';
-                                               } else {
-                                                       trigger_error( 
ERROR_DUPLICATE_FILE, ERROR );
+                                               if ( FTP == $t_method ) {
+                                                       $conn_id = 
file_ftp_connect();
+                                                       file_ftp_delete ( 
$conn_id, $t_disk_file_name );
+                                                       file_ftp_put ( 
$conn_id, $t_disk_file_name, $v_tmp_name );
+                                                       file_ftp_disconnect ( 
$conn_id );
+                                               }
+                                               if ( file_exists( 
$t_disk_file_name ) ) {
+                                                       file_delete_local( 
$t_disk_file_name );
                                                }
+                                               umask( 0333 );  # make read only
+                                               move_uploaded_file( 
$v_tmp_name, $t_disk_file_name );
+
+                                               $c_content = '';
                                                break;
                        case DATABASE:
                                                $c_content = db_prepare_string( 
fread ( fopen( $v_tmp_name, 'rb' ), $v_size ) );
@@ -94,21 +99,12 @@
                                # @@@ Such errors should be checked in the 
admin checks
                                trigger_error( ERROR_GENERIC, ERROR );
                }
-
-                       
-       }
-       
-       $t_project_file_table = config_get( 'mantis_project_file_table' );
-       if ( 1 == $good_upload )
-       {
-               # New file
+               $t_now = db_now();
                $query = "UPDATE $t_project_file_table
-                       SET title='$c_title', description='$c_description', 
diskfile='$c_file_path$c_file_name',
-                       filename='$c_file_name', folder='$c_file_path', 
filesize=$c_file_size, file_type='$c_file_type', content='$c_content'
-                       WHERE id='$c_file_id'"; 
-       }
-       else
-       {
+                       SET title='$c_title', description='$c_description', 
date_added=$t_now,
+                               filename='$c_file_name', filesize=$c_file_size, 
file_type='$c_file_type', content='$c_content'
+                               WHERE id='$c_file_id'"; 
+       }else{
                $query = "UPDATE $t_project_file_table
                                SET title='$c_title', 
description='$c_description'
                                WHERE id='$c_file_id'";
@@ -119,6 +115,6 @@
        if ( $result ) {
                print_header_redirect( $t_redirect_url );
        } else {
-               print_mantis_error( ERROR_GENERIC );
+               trigger_error( ERROR_GENERIC, ERROR  );
        }
 ?>

Index: proj_doc_add.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_add.php,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- proj_doc_add.php    5 Oct 2004 14:59:08 -0000       1.45
+++ proj_doc_add.php    8 Oct 2004 19:57:46 -0000       1.46
@@ -26,6 +26,9 @@
        if ( ! file_allow_project_upload() ) {
                access_denied();
        }
+       
+       access_ensure_project_level( config_get( 
'upload_project_file_threshold' ) );
+
        # @@@@ (thraxisp) this needs a filter for project_id == ALL_PROJECTS
        #  it fails later when it tries to find the 'filepath' to store the 
document
        #  see #4664
@@ -38,7 +41,7 @@
        $f_description  = gpc_get_string( 'description' );
        $f_file         = gpc_get_file( 'file' );
 
-               if ( !is_uploaded_file( $f_file['tmp_name'] ) || 0 == 
$f_file['size'] ) {
+       if ( !is_uploaded_file( $f_file['tmp_name'] ) || 0 == $f_file['size'] ) 
{
                trigger_error( ERROR_UPLOAD_FAILURE, ERROR );
        }
 

Index: proj_doc_delete.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_delete.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- proj_doc_delete.php 5 Oct 2004 14:59:08 -0000       1.21
+++ proj_doc_delete.php 8 Oct 2004 19:57:46 -0000       1.22
@@ -16,8 +16,7 @@
                access_denied();
        }
 
-       # @@@ Need to obtain the project_id from the file once we have an API 
for that  
-       access_ensure_project_level( MANAGER );
+       access_ensure_project_level( config_get( 
'upload_project_file_threshold' ) );
 
        $f_file_id = gpc_get_int( 'file_id' );
 

Index: proj_doc_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_page.php,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- proj_doc_page.php   20 Jul 2004 15:51:50 -0000      1.41
+++ proj_doc_page.php   8 Oct 2004 19:57:46 -0000       1.42
@@ -27,7 +27,7 @@
        $t_project_id = helper_get_current_project();
 
        # Select project files
-       $query = "SELECT *, date_added
+       $query = "SELECT *
                        FROM $g_mantis_project_file_table
                        WHERE project_id='$t_project_id'
                        ORDER BY title ASC";



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  mantisbt bug_assign.php,1.38,1.39 bug_change_status_page.php,1.9,1.10 bug_update.php,1.75,1.76, Glenn Henshaw
Next by Date:  mantisbt/admin check.php,1.14,1.15, masc
Previous by Thread:  mantisbt bug_assign.php,1.38,1.39 bug_change_status_page.php,1.9,1.10 bug_update.php,1.75,1.76, Glenn Henshaw
Next by Thread:  mantisbt/admin check.php,1.14,1.15, masc
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
audio.irate.dev...    yellowdog.gener...    ietf.ips/2002-0...    xfree86.fonts/2...    busybox/2003-07...    emacs.jdee/2004...    linux.mandrake....    hardware.microc...    user-groups.lin...    science.analysi...    version-control...    db.filemaker.de...    cluster.openmos...    mail.eyebrowse....    text.xml.xerces...    kde.devel.kwrit...    finance.moneyda...    gcc.regression/...    network.routing...    os.freebsd.deve...    recreation.radi...    qnx.openqnx.dev...    python.xml/2002...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe