Update of /cvsroot/mantisbt/mantisbt/core
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3676/core
Modified Files:
file_api.php
Log Message:
fix for 0004992: Use of is_uploaded_file() in file_add() prevents use in
importer PHP script.
Index: file_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/file_api.php,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -d -r1.60 -r1.61
--- file_api.php 17 Oct 2004 01:58:57 -0000 1.60
+++ file_api.php 17 Dec 2004 01:44:51 -0000 1.61
@@ -509,83 +509,81 @@
trigger_error( ERROR_DUPLICATE_FILE, ERROR );
}
- if ( is_uploaded_file( $p_tmp_file ) ) {
- if ( 'bug' == $p_table ) {
- $t_project_id = bug_get_field( $p_bug_id,
'project_id' );
- $t_bug_id = bug_format_id(
$p_bug_id );
- }else{
- $t_project_id = helper_get_current_project();
- $t_bug_id = 0;
- }
+ if ( 'bug' == $p_table ) {
+ $t_project_id = bug_get_field( $p_bug_id,
'project_id' );
+ $t_bug_id = bug_format_id( $p_bug_id );
+ }else{
+ $t_project_id = helper_get_current_project();
+ $t_bug_id = 0;
+ }
- # prepare variables for insertion
- $c_bug_id = db_prepare_int( $p_bug_id );
- $c_project_id = db_prepare_int( $t_project_id
);
- $c_file_type = db_prepare_string( $p_file_type );
- $c_title = db_prepare_string( $p_title );
- $c_desc = db_prepare_string( $p_desc );
- $t_file_path = project_get_field( $t_project_id,
'file_path' );
- $c_file_path = db_prepare_string( $t_file_path );
- $c_new_file_name = db_prepare_string( $p_file_name );
+ # prepare variables for insertion
+ $c_bug_id = db_prepare_int( $p_bug_id );
+ $c_project_id = db_prepare_int( $t_project_id );
+ $c_file_type = db_prepare_string( $p_file_type );
+ $c_title = db_prepare_string( $p_title );
+ $c_desc = db_prepare_string( $p_desc );
+ $t_file_path = project_get_field( $t_project_id, 'file_path' );
+ $c_file_path = db_prepare_string( $t_file_path );
+ $c_new_file_name = db_prepare_string( $p_file_name );
- $t_file_hash = ( 'bug' == $p_table ) ? $t_bug_id :
config_get( 'document_files_prefix' ) . '-' . $t_project_id;
- $t_disk_file_name = $t_file_path .
file_generate_unique_name( $t_file_hash . '-' . $p_file_name, $t_file_path );
- $c_disk_file_name = db_prepare_string(
$t_disk_file_name );
+ $t_file_hash = ( 'bug' == $p_table ) ? $t_bug_id : config_get(
'document_files_prefix' ) . '-' . $t_project_id;
+ $t_disk_file_name = $t_file_path . file_generate_unique_name(
$t_file_hash . '-' . $p_file_name, $t_file_path );
+ $c_disk_file_name = db_prepare_string( $t_disk_file_name );
- if ( is_readable ( $p_tmp_file ) ) {
- $t_file_size = filesize( $p_tmp_file );
- } else {
- //try to get filesize from 'post' data
- //@@@ fixme - this should support >1 file ?
- global $HTTP_POST_FILES;
- $t_file_size = $HTTP_POST_FILES['file']['size'];
- }
- $c_file_size = db_prepare_int( $t_file_size );
+ if ( is_readable ( $p_tmp_file ) ) {
+ $t_file_size = filesize( $p_tmp_file );
+ } else {
+ //try to get filesize from 'post' data
+ //@@@ fixme - this should support >1 file ?
+ global $HTTP_POST_FILES;
+ $t_file_size = $HTTP_POST_FILES['file']['size'];
+ }
+ $c_file_size = db_prepare_int( $t_file_size );
- $t_method = config_get(
'file_upload_method' );
+ $t_method = config_get(
'file_upload_method' );
- switch ( $t_method ) {
- case FTP:
- case DISK:
- file_ensure_valid_upload_path(
$t_file_path );
+ switch ( $t_method ) {
+ case FTP:
+ case DISK:
+ file_ensure_valid_upload_path( $t_file_path );
- if ( !file_exists( $t_disk_file_name )
) {
- if ( FTP == $t_method ) {
- $conn_id =
file_ftp_connect();
- file_ftp_put (
$conn_id, $t_disk_file_name, $p_tmp_file );
- file_ftp_disconnect (
$conn_id );
- }
+ if ( !file_exists( $t_disk_file_name ) ) {
+ if ( FTP == $t_method ) {
+ $conn_id = file_ftp_connect();
+ file_ftp_put ( $conn_id,
$t_disk_file_name, $p_tmp_file );
+ file_ftp_disconnect ( $conn_id
);
+ }
- move_uploaded_file(
$p_tmp_file, $t_disk_file_name );
- chmod( $t_disk_file_name, 0400
);
+ move_uploaded_file( $p_tmp_file,
$t_disk_file_name );
+ chmod( $t_disk_file_name, 0400 );
- $c_content = '';
- } else {
- trigger_error(
ERROR_FILE_DUPLICATE, ERROR );
- }
- break;
- case DATABASE:
- $c_content = db_prepare_string( fread (
fopen( $p_tmp_file, 'rb' ), $t_file_size ) );
- break;
- default:
- trigger_error( ERROR_GENERIC, ERROR );
- }
+ $c_content = '';
+ } else {
+ trigger_error( ERROR_FILE_DUPLICATE,
ERROR );
+ }
+ break;
+ case DATABASE:
+ $c_content = db_prepare_string( fread ( fopen(
$p_tmp_file, 'rb' ), $t_file_size ) );
+ break;
+ default:
+ trigger_error( ERROR_GENERIC, ERROR );
+ }
- $t_file_table = config_get( 'mantis_' . $p_table .
'_file_table' );
- $c_id = ( 'bug' == $p_table ) ? $c_bug_id :
$c_project_id;
- $query = "INSERT INTO $t_file_table
+ $t_file_table = config_get( 'mantis_' . $p_table .
'_file_table' );
+ $c_id = ( 'bug' == $p_table ) ? $c_bug_id : $c_project_id;
+ $query = "INSERT INTO $t_file_table
(" . $p_table . "_id, title,
description, diskfile, filename, folder, filesize, file_type, date_added,
content)
VALUES
($c_id, '$c_title', '$c_desc',
'$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size,
'$c_file_type', " . db_now() .", '$c_content')";
- db_query( $query );
+ db_query( $query );
- if ( 'bug' == $p_table ) {
- # updated the last_updated date
- $result = bug_update_date( $p_bug_id );
+ if ( 'bug' == $p_table ) {
+ # updated the last_updated date
+ $result = bug_update_date( $p_bug_id );
- # log new bug
- history_log_event_special( $p_bug_id,
FILE_ADDED, $p_file_name );
- }
+ # log new bug
+ history_log_event_special( $p_bug_id, FILE_ADDED,
$p_file_name );
}
}
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
|
