From: Christopher S. <che...@ya...> - 2003-01-28 19:52:59
|
While using Mantis at work, on my managers noticed that uploading project level documents did not work. Upon investigation, I found that I needed to make some changes to the file for the uploads to work correctly. Forgive me, I'm at work right now, and I cannont perform a diff against the current CVS tree (bloody firewall...), so I'll try and communicate these changes as clearly as possible. To be honest, I'm not sure if I found a logic error, or if this is just a by-product of our setup (Mandrake 8.2, I think.) Let me know what you think: Lines 29-42: In CVS now: --------------------------- if ( !file_type_check( $f_file_name ) ) { $disallowed = 1; } else if ( is_uploaded_file( $f_file ) ) { $good_upload = 1; # grab the file path $t_file_path = project_get_field( helper_get_current_project(), 'file_path' ); # prepare variables for insertion $f_title = db_prepare_string( $f_title ); $f_description = db_prepare_string( $f_description ); $f_file_name = $g_project_cookie_val.'-'.$f_file_name; $t_file_size = filesize( $f_file ); ---------------------------- Should be: ---------------------------- if ( !file_type_check( $f_name ) ) { $disallowed = 1; } else if ( is_uploaded_file( $f_tmp_name ) ) { $good_upload = 1; # grab the file path $t_file_path = project_get_field( helper_get_current_project(), 'file_path' ); # prepare variables for insertion $f_title = db_prepare_string( $f_title ); $f_description = db_prepare_string( $f_description ); $f_file_name = $g_project_cookie_val.'-'.$f_name; $t_file_size = $f_size; ---------------------------- My changes where on lines 29,31,41, and 42. And now for the explanations: Line 29 -------- changed $f_file_name to $f_name. Looks like someone just got carried away with prepending everythign with 'file' ;). For most of the Values in the $HTTP_POST_FILES array, the variables are named right, but for the name of the file, they were wrong... It was causing the upload to fail at file_type_check(). Line 31 --------- changed $f_file to $f_tmp_name. $f_tmp_name includes the path, and according to the PHP manual, is_uploaded_file() checks to see if the file in question was uploaded through HTTP Post method. Line 41 -------- see my comments about line 29 Line 42 -------- For convience, the $HTTP_POST_FILES array contains a size value. Just took adavantage of that. Like I said, these changes made project level uploads possilbe on our server. Not sure if this is a Mantis problem, or our problem, but I thought someone could tell me. Do project level uploads work 'out of the box' for anyone? Let me know. If this looks alright to everyone, I can submit a diff tonight, once I get out from behind this firewall.. Thanks, Chris Shaffer __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
From: Julian F. <ju...@be...> - 2003-01-29 02:53:54
|
Christopher Shaffer wrote: > Like I said, these changes made project level uploads possilbe on our server. Not sure if this is > a Mantis problem, or our problem, but I thought someone could tell me. Do project level uploads > work 'out of the box' for anyone? > > Let me know. If this looks alright to everyone, I can submit a diff tonight, once I get out from > behind this firewall.. I think this is just old code that I haven't had a chance to update yet. LAst time I had time to work on mantis I was just starting the manage_* pages so I don't think I'm up to that one yet. If you can submit a patch it would certainly speed things along :) (I assume this is CVS code you are testing?) Julian -- ju...@be... Beta4 Productions (http://www.beta4.com) |
From: Christopher S. <che...@ya...> - 2003-01-29 11:31:05
|
Not sure which type of diff the team prefers, so here is a context diff for the changes I made to proj_doc_add.php (Julian, yes, my changes where tested against CVS.): Let me know if this needs to be in another format. Chris ------------------------------------------------------------------------- Index: proj_doc_add.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_add.php,v retrieving revision 1.24 diff -c -r1.24 proj_doc_add.php *** proj_doc_add.php 25 Jan 2003 21:13:19 -0000 1.24 --- proj_doc_add.php 29 Jan 2003 11:27:34 -0000 *************** *** 26,34 **** $disallowed = 0; extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); ! if ( !file_type_check( $f_file_name ) ) { $disallowed = 1; ! } else if ( is_uploaded_file( $f_file ) ) { $good_upload = 1; # grab the file path --- 26,34 ---- $disallowed = 0; extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); ! if ( !file_type_check( $f_name ) ) { $disallowed = 1; ! } else if ( is_uploaded_file( $f_tmp_name ) ) { $good_upload = 1; # grab the file path *************** *** 38,45 **** $f_title = db_prepare_string( $f_title ); $f_description = db_prepare_string( $f_description ); ! $f_file_name = $g_project_cookie_val.'-'.$f_file_name; ! $t_file_size = filesize( $f_file ); switch ( $g_file_upload_method ) { case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) { --- 38,45 ---- $f_title = db_prepare_string( $f_title ); $f_description = db_prepare_string( $f_description ); ! $f_file_name = $g_project_cookie_val.'-'.$f_name; ! $t_file_size = $f_size; switch ( $g_file_upload_method ) { case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) { ------------------------------------------------------------------------- --- Julian Fitzell <ju...@be...> wrote: > Christopher Shaffer wrote: > > > Like I said, these changes made project level uploads possilbe on our server. Not sure if > this is > > a Mantis problem, or our problem, but I thought someone could tell me. Do project level > uploads > > work 'out of the box' for anyone? > > > > Let me know. If this looks alright to everyone, I can submit a diff tonight, once I get out > from > > behind this firewall.. > > I think this is just old code that I haven't had a chance to update yet. > LAst time I had time to work on mantis I was just starting the > manage_* pages so I don't think I'm up to that one yet. If you can > submit a patch it would certainly speed things along :) > > (I assume this is CVS code you are testing?) > > Julian > > > > > -- > ju...@be... > Beta4 Productions (http://www.beta4.com) > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Mantisbt-dev mailing list > Man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
From: Victor B. <vb...@op...> - 2003-01-29 11:46:29
|
Hi Chris, We generally use "cvs diff -u" > -----Original Message----- > From: man...@li... > [mailto:man...@li...]On Behalf Of > Christopher Shaffer > Sent: Wednesday, 29 January 2003 10:31 PM > To: man...@li... > Subject: Re: [Mantisbt-dev] Bug in proj_doc_add.php? > > > Not sure which type of diff the team prefers, so here is a > context diff for the changes I made to > proj_doc_add.php (Julian, yes, my changes where tested against CVS.): > > Let me know if this needs to be in another format. > > Chris > > ------------------------------------------------------------------------- > Index: proj_doc_add.php > =================================================================== > RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_add.php,v > retrieving revision 1.24 > diff -c -r1.24 proj_doc_add.php > *** proj_doc_add.php 25 Jan 2003 21:13:19 -0000 1.24 > --- proj_doc_add.php 29 Jan 2003 11:27:34 -0000 > *************** > *** 26,34 **** > $disallowed = 0; > extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); > > ! if ( !file_type_check( $f_file_name ) ) { > $disallowed = 1; > ! } else if ( is_uploaded_file( $f_file ) ) { > $good_upload = 1; > > # grab the file path > --- 26,34 ---- > $disallowed = 0; > extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); > > ! if ( !file_type_check( $f_name ) ) { > $disallowed = 1; > ! } else if ( is_uploaded_file( $f_tmp_name ) ) { > $good_upload = 1; > > # grab the file path > *************** > *** 38,45 **** > $f_title = db_prepare_string( $f_title ); > $f_description = db_prepare_string( $f_description ); > > ! $f_file_name = $g_project_cookie_val.'-'.$f_file_name; > ! $t_file_size = filesize( $f_file ); > > switch ( $g_file_upload_method ) { > case DISK: if ( !file_exists( > $t_file_path.$f_file_name ) ) { > --- 38,45 ---- > $f_title = db_prepare_string( $f_title ); > $f_description = db_prepare_string( $f_description ); > > ! $f_file_name = $g_project_cookie_val.'-'.$f_name; > ! $t_file_size = $f_size; > > switch ( $g_file_upload_method ) { > case DISK: if ( !file_exists( > $t_file_path.$f_file_name ) ) { > ------------------------------------------------------------------------- > > > --- Julian Fitzell <ju...@be...> wrote: > > Christopher Shaffer wrote: > > > > > Like I said, these changes made project level uploads > possilbe on our server. Not sure if > > this is > > > a Mantis problem, or our problem, but I thought someone could > tell me. Do project level > > uploads > > > work 'out of the box' for anyone? > > > > > > Let me know. If this looks alright to everyone, I can submit > a diff tonight, once I get out > > from > > > behind this firewall.. > > > > I think this is just old code that I haven't had a chance to > update yet. > > LAst time I had time to work on mantis I was just starting the > > manage_* pages so I don't think I'm up to that one yet. If you can > > submit a patch it would certainly speed things along :) > > > > (I assume this is CVS code you are testing?) > > > > Julian > > > > > > > > > > -- > > ju...@be... > > Beta4 Productions (http://www.beta4.com) > > > > > > > > ------------------------------------------------------- > > This SF.NET email is sponsored by: > > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > > http://www.vasoftware.com > > _______________________________________________ > > Mantisbt-dev mailing list > > Man...@li... > > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Mantisbt-dev mailing list > Man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > |
From: Michael K. <mic...@ch...> - 2003-01-29 11:54:17
|
Victor Boctor wrote: > Hi Chris, > > We generally use "cvs diff -u" and we generally avoid full quotings *scnr* -- Michael Kunze http://www.smrealms.de |
From: Christopher S. <che...@ya...> - 2003-01-29 13:23:54
|
I may be a little slow... Is this a joke? > > and we generally avoid full quotings *scnr* And if not, what is '*scnr'? And what does a 'diff' -u do? Thanks, Chris --- Michael Kunze <mic...@ch...> wrote: > Victor Boctor wrote: > > Hi Chris, > > > > We generally use "cvs diff -u" > > and we generally avoid full quotings *scnr* > > -- > Michael Kunze > http://www.smrealms.de > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Mantisbt-dev mailing list > Man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
From: Lele G. <le...@se...> - 2003-01-29 13:37:23
|
>>>>> On Wed, 29 Jan 2003 05:23:49 -0800 (PST), Christopher Shaffer <cher= oke...@ya...> said: Christopher> I may be a little slow... Is this a joke? >> > and we generally avoid full quotings *scnr* Dunno about "*scnr*", but he's simply saying that there is no reason to include the full text of the mail one is answering, adding a single line. If the answer does not need a context, *do* *not* include it, neither at the to, nor at the bottom, as you did. Christopher> And what does a 'diff' -u do? With -u option diff emits a more compact report than with "-c", and is the preferred choice for the "patch" tool. bye, lele. --=20 nickname: Lele Gaifax | Quando vivr=F2 di quello che ho pensato ieri real: Emanuele Gaifas | comincer=F2 ad aver paura di chi mi copia. email: le...@se... | -- Fortunato Depero, 1929. |
From: Michael K. <mr...@da...> - 2003-01-29 15:05:48
|
Lele Gaifax wrote: > Dunno about "*scnr*", but he's simply saying that there is no reason > to include the full text of the mail one is answering, adding a single > line. If the answer does not need a context, *do* *not* include it, > neither at the to, nor at the bottom, as you did. scnr = sorry could not resist best regards, michael |
From: Scott H. <ha...@ne...> - 2003-01-29 19:04:34
|
All comments about quoting and funny acronyms aside, even with the patch it seems that project doc uploading is still broken. No file type is saved to the DB, and the blob is empty (or no file is saved, if saving as a file). I'll try to track it down, but I thought I mentioned it in case someone is faster than I am. Scott |
From: Christopher S. <che...@ya...> - 2003-01-29 19:28:58
|
Like I said, those changes I made fixed the problem for my setup. We are storing our files to the disk, so the blob should be empty, in that case... As for the file_type field not being populated, the problem is on lines 51 and 61. $f_file_type should be $f_type. I am seeing the file being saved to the disk. Chris Shaffer --- Scott Hanson <ha...@ne...> wrote: > All comments about quoting and funny acronyms aside, even with the > patch it seems that project doc uploading is still broken. No file > type is saved to the DB, and the blob is empty (or no file is saved, > if saving as a file). > > I'll try to track it down, but I thought I mentioned it in case someone > is faster than I am. > > Scott > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Mantisbt-dev mailing list > Man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
From: Julian F. <ju...@be...> - 2003-02-09 01:33:34
|
I see this already got applied. Looking at it though, I think the reason it used to work was that it was relying on register_globals still (at least partially). Probably whoever last worked on it didn't have register_globals turned off and you do. But anyway, the code should all work without it now, so thanks for catching it. Julian Christopher Shaffer wrote: > Not sure which type of diff the team prefers, so here is a context diff for the changes I made to > proj_doc_add.php (Julian, yes, my changes where tested against CVS.): > > Let me know if this needs to be in another format. > > Chris > > ------------------------------------------------------------------------- > Index: proj_doc_add.php > =================================================================== > RCS file: /cvsroot/mantisbt/mantisbt/proj_doc_add.php,v > retrieving revision 1.24 > diff -c -r1.24 proj_doc_add.php > *** proj_doc_add.php 25 Jan 2003 21:13:19 -0000 1.24 > --- proj_doc_add.php 29 Jan 2003 11:27:34 -0000 > *************** > *** 26,34 **** > $disallowed = 0; > extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); > > ! if ( !file_type_check( $f_file_name ) ) { > $disallowed = 1; > ! } else if ( is_uploaded_file( $f_file ) ) { > $good_upload = 1; > > # grab the file path > --- 26,34 ---- > $disallowed = 0; > extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' ); > > ! if ( !file_type_check( $f_name ) ) { > $disallowed = 1; > ! } else if ( is_uploaded_file( $f_tmp_name ) ) { > $good_upload = 1; > > # grab the file path > *************** > *** 38,45 **** > $f_title = db_prepare_string( $f_title ); > $f_description = db_prepare_string( $f_description ); > > ! $f_file_name = $g_project_cookie_val.'-'.$f_file_name; > ! $t_file_size = filesize( $f_file ); > > switch ( $g_file_upload_method ) { > case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) { > --- 38,45 ---- > $f_title = db_prepare_string( $f_title ); > $f_description = db_prepare_string( $f_description ); > > ! $f_file_name = $g_project_cookie_val.'-'.$f_name; > ! $t_file_size = $f_size; > > switch ( $g_file_upload_method ) { > case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) { > ------------------------------------------------------------------------- > > > --- Julian Fitzell <ju...@be...> wrote: > >>Christopher Shaffer wrote: >> >> >>>Like I said, these changes made project level uploads possilbe on our server. Not sure if >> >>this is >> >>>a Mantis problem, or our problem, but I thought someone could tell me. Do project level >> >>uploads >> >>>work 'out of the box' for anyone? >>> >>>Let me know. If this looks alright to everyone, I can submit a diff tonight, once I get out >> >>from >> >>>behind this firewall.. >> >>I think this is just old code that I haven't had a chance to update yet. >> LAst time I had time to work on mantis I was just starting the >>manage_* pages so I don't think I'm up to that one yet. If you can >>submit a patch it would certainly speed things along :) >> >>(I assume this is CVS code you are testing?) >> >>Julian >> >> >> >> >>-- >>ju...@be... >>Beta4 Productions (http://www.beta4.com) >> >> >> >>------------------------------------------------------- >>This SF.NET email is sponsored by: >>SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! >>http://www.vasoftware.com >>_______________________________________________ >>Mantisbt-dev mailing list >>Man...@li... >>https://lists.sourceforge.net/lists/listinfo/mantisbt-dev > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Mantisbt-dev mailing list > Man...@li... > https://lists.sourceforge.net/lists/listinfo/mantisbt-dev -- ju...@be... Beta4 Productions (http://www.beta4.com) |