Menu
▾
▴
[mantisbt-cvs] SF.net SVN: mantisbt: [5326] branches/BRANCH_1_1_0/mantisbt
|
From: <vb...@us...> - 2008-06-05 06:29:12
|
Revision: 5326
http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5326&view=rev
Author: vboctor
Date: 2008-06-04 23:29:11 -0700 (Wed, 04 Jun 2008)
Log Message:
-----------
- Fixed #7764: APPLICATION WARNING #100: Configuration option 'category_enum_string' not found.
- Remove helper_ensure_post() from tag_detach.php since it is no longer needed.
- Add form security tokens for bug group actions.
Modified Paths:
--------------
branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php
branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php
branches/BRANCH_1_1_0/mantisbt/tag_detach.php
Modified: branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php
===================================================================
--- branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php 2008-06-04 19:23:36 UTC (rev 5325)
+++ branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php 2008-06-05 06:29:11 UTC (rev 5326)
@@ -53,6 +53,8 @@
$t_custom_field_def = custom_field_get_definition( $f_custom_field_id );
}
+ $t_first_issue = true;
+
foreach( $f_bug_arr as $t_bug_id ) {
bug_ensure_exists( $t_bug_id );
$t_bug = bug_get( $t_bug_id, true );
@@ -70,6 +72,10 @@
switch ( $f_action ) {
case 'CLOSE':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_close' );
+ }
+
if ( access_can_close_bug( $t_bug_id ) &&
( $t_status < CLOSED ) &&
bug_check_workflow($t_status, CLOSED) ) {
@@ -87,6 +93,10 @@
break;
case 'DELETE':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_delete' );
+ }
+
if ( access_has_bug_level( config_get( 'delete_bug_threshold' ), $t_bug_id ) ) {
bug_delete( $t_bug_id );
} else {
@@ -95,6 +105,10 @@
break;
case 'MOVE':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_move' );
+ }
+
if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) {
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
$f_project_id = gpc_get_int( 'project_id' );
@@ -106,6 +120,10 @@
break;
case 'COPY':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_copy' );
+ }
+
$f_project_id = gpc_get_int( 'project_id' );
if ( access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) {
@@ -116,6 +134,10 @@
break;
case 'ASSIGN':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_assign' );
+ }
+
$f_assign = gpc_get_int( 'assign' );
if ( ON == config_get( 'auto_set_status_to_assigned' ) ) {
$t_assign_status = config_get( 'bug_assigned_status' );
@@ -141,6 +163,10 @@
break;
case 'RESOLVE':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_resolve' );
+ }
+
$t_resolved_status = config_get( 'bug_resolved_status_threshold' );
if ( access_has_bug_level( access_get_status_threshold( $t_resolved_status, bug_get_field( $t_bug_id, 'project_id' ) ), $t_bug_id ) &&
( $t_status < $t_resolved_status ) &&
@@ -161,6 +187,10 @@
break;
case 'UP_PRIOR':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_priority' );
+ }
+
if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
$f_priority = gpc_get_int( 'priority' );
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -172,6 +202,10 @@
break;
case 'UP_STATUS':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_status' );
+ }
+
$f_status = gpc_get_int( 'status' );
$t_project = bug_get_field( $t_bug_id, 'project_id' );
if ( access_has_bug_level( access_get_status_threshold( $f_status, $t_project ), $t_bug_id ) ) {
@@ -188,6 +222,10 @@
break;
case 'UP_CATEGORY':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_category' );
+ }
+
$f_category = gpc_get_string( 'category' );
$t_project = bug_get_field( $t_bug_id, 'project_id' );
if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) {
@@ -204,6 +242,10 @@
break;
case 'UP_FIXED_IN_VERSION':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_fixed_in_version' );
+ }
+
$f_fixed_in_version = gpc_get_string( 'fixed_in_version' );
$t_project_id = bug_get_field( $t_bug_id, 'project_id' );
$t_success = false;
@@ -223,6 +265,10 @@
break;
case 'UP_TARGET_VERSION':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_target_version' );
+ }
+
$f_target_version = gpc_get_string( 'target_version' );
$t_project_id = bug_get_field( $t_bug_id, 'project_id' );
$t_success = false;
@@ -242,6 +288,10 @@
break;
case 'VIEW_STATUS':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_view_status' );
+ }
+
if ( access_has_bug_level( config_get( 'change_view_status_threshold' ), $t_bug_id ) ) {
$f_view_status = gpc_get_int( 'view_status' );
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
@@ -253,6 +303,10 @@
break;
case 'SET_STICKY':
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_set_sticky' );
+ }
+
if ( access_has_bug_level( config_get( 'set_bug_sticky_threshold' ), $t_bug_id ) ) {
$f_sticky = bug_get_field( $t_bug_id, 'sticky' );
// The new value is the inverted old value
@@ -269,6 +323,10 @@
trigger_error( ERROR_GENERIC, ERROR );
}
+ if ( $t_first_issue ) {
+ form_security_validate( 'bug_update_custom_field_' . $f_custom_field_id );
+ }
+
# @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) );
$t_form_var = "custom_field_$f_custom_field_id";
$t_custom_field_value = gpc_get_custom_field( $t_form_var, $t_custom_field_def['type'], null );
@@ -279,6 +337,8 @@
default:
trigger_error( ERROR_GENERIC, ERROR );
}
+
+ $t_first_issue = false;
}
$t_redirect_url = 'view_all_bug_page.php';
Modified: branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php
===================================================================
--- branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php 2008-06-04 19:23:36 UTC (rev 5325)
+++ branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php 2008-06-05 06:29:11 UTC (rev 5326)
@@ -93,18 +93,21 @@
$t_finished = true;
$t_question_title = lang_get( 'close_bugs_conf_msg' );
$t_button_title = lang_get( 'close_group_bugs_button' );
+ $t_form_name = 'bug_close';
break;
case 'DELETE' :
$t_finished = true;
$t_question_title = lang_get( 'delete_bugs_conf_msg' );
$t_button_title = lang_get( 'delete_group_bugs_button' );
+ $t_form_name = 'bug_delete';
break;
case 'SET_STICKY' :
$t_finished = true;
$t_question_title = lang_get( 'set_sticky_bugs_conf_msg' );
$t_button_title = lang_get( 'set_sticky_group_bugs_button' );
+ $t_form_name = 'bug_set_sticky';
break;
# ...else we define the variables used in the form
@@ -112,18 +115,21 @@
$t_question_title = lang_get( 'move_bugs_conf_msg' );
$t_button_title = lang_get( 'move_group_bugs_button' );
$t_form = 'project_id';
+ $t_form_name = 'bug_move';
break;
case 'COPY' :
$t_question_title = lang_get( 'copy_bugs_conf_msg' );
$t_button_title = lang_get( 'copy_group_bugs_button' );
$t_form = 'project_id';
+ $t_form_name = 'bug_copy';
break;
case 'ASSIGN' :
$t_question_title = lang_get( 'assign_bugs_conf_msg' );
$t_button_title = lang_get( 'assign_group_bugs_button' );
$t_form = 'assign';
+ $t_form_name = 'bug_assign';
break;
case 'RESOLVE' :
@@ -135,6 +141,7 @@
$t_question_title2 = lang_get( 'fixed_in_version' );
$t_form2 = 'fixed_in_version';
}
+ $t_form_name = 'bug_resolve';
break;
case 'UP_PRIOR' :
@@ -142,6 +149,7 @@
$t_button_title = lang_get( 'priority_group_bugs_button' );
$t_form = 'priority';
$t_request = 'priority';
+ $t_form_name = 'bug_update_priority';
break;
case 'UP_STATUS' :
@@ -149,34 +157,35 @@
$t_button_title = lang_get( 'status_group_bugs_button' );
$t_form = 'status';
$t_request = 'status';
+ $t_form_name = 'bug_update_status';
break;
case 'UP_CATEGORY' :
$t_question_title = lang_get( 'category_bugs_conf_msg' );
$t_button_title = lang_get( 'category_group_bugs_button' );
$t_form = 'category';
- $t_request = 'category';
+ $t_form_name = 'bug_update_category';
break;
case 'VIEW_STATUS' :
$t_question_title = lang_get( 'view_status_bugs_conf_msg' );
$t_button_title = lang_get( 'view_status_group_bugs_button' );
- $t_form = 'view_status';
- $t_request = 'view_status';
+ $t_form = 'view_status';
+ $t_form_name = 'bug_update_view_status';
break;
case 'UP_FIXED_IN_VERSION':
$t_question_title = lang_get( 'fixed_in_version_bugs_conf_msg' );
$t_button_title = lang_get( 'fixed_in_version_group_bugs_button' );
$t_form = 'fixed_in_version';
- $t_request = 'fixed_in_version';
+ $t_form_name = 'bug_update_fixed_in_version';
break;
case 'UP_TARGET_VERSION':
$t_question_title = lang_get( 'target_version_bugs_conf_msg' );
$t_button_title = lang_get( 'target_version_group_bugs_button' );
$t_form = 'target_version';
- $t_request = 'target_version';
+ $t_form_name = 'bug_update_target_version';
break;
case 'CUSTOM' :
@@ -184,6 +193,7 @@
$t_question_title = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
$t_button_title = $t_question_title;
$t_form = "custom_field_$t_custom_field_id";
+ $t_form_name = 'bug_update_custom_field_' . $t_custom_field_id;
break;
default:
@@ -201,6 +211,11 @@
<div align="center">
<form method="post" action="bug_actiongroup.php">
+<?php
+if ( !is_blank( $t_form_name ) ) {
+ echo form_security_field( $t_form_name );
+}
+?>
<input type="hidden" name="action" value="<?php echo string_attribute( $f_action ) ?>" />
<?php
bug_group_action_print_hidden_fields( $f_bug_arr );
Modified: branches/BRANCH_1_1_0/mantisbt/tag_detach.php
===================================================================
--- branches/BRANCH_1_1_0/mantisbt/tag_detach.php 2008-06-04 19:23:36 UTC (rev 5325)
+++ branches/BRANCH_1_1_0/mantisbt/tag_detach.php 2008-06-05 06:29:11 UTC (rev 5326)
@@ -27,8 +27,6 @@
require_once( $t_core_path . 'tag_api.php' );
- helper_ensure_post();
-
$f_tag_id = gpc_get_int( 'tag_id' );
$f_bug_id = gpc_get_int( 'bug_id' );
$t_user_id = auth_get_current_user_id();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|