From: <pri...@us...> - 2008-10-10 20:49:15
|
Revision: 5654 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5654&view=rev Author: prichards Date: 2008-10-10 20:49:04 +0000 (Fri, 10 Oct 2008) Log Message: ----------- comment commits + sanitize url fix Modified Paths: -------------- trunk/mantisbt/core/access_api.php trunk/mantisbt/core/bug_api.php trunk/mantisbt/core/bug_group_action_api.php trunk/mantisbt/core/string_api.php Modified: trunk/mantisbt/core/access_api.php =================================================================== --- trunk/mantisbt/core/access_api.php 2008-10-10 19:40:26 UTC (rev 5653) +++ trunk/mantisbt/core/access_api.php 2008-10-10 20:49:04 UTC (rev 5654) @@ -1,7 +1,6 @@ <?php # Mantis - a php based bugtracking system -# Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... -# Copyright (C) 2002 - 2008 Mantis Team - man...@li... + # Mantis is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or @@ -20,6 +19,9 @@ # -------------------------------------------------------- /** + * @version $Id$ + * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... + * @copyright Copyright (C) 2002 - 2008 Mantis Team - man...@li... * @package CoreAPI * @subpackage AccessAPI */ Modified: trunk/mantisbt/core/bug_api.php =================================================================== --- trunk/mantisbt/core/bug_api.php 2008-10-10 19:40:26 UTC (rev 5653) +++ trunk/mantisbt/core/bug_api.php 2008-10-10 20:49:04 UTC (rev 5654) @@ -1,7 +1,6 @@ <?php # Mantis - a php based bugtracking system -# Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... -# Copyright (C) 2002 - 2008 Mantis Team - man...@li... + # Mantis is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or @@ -20,9 +19,13 @@ # -------------------------------------------------------- /** + * @version $Id$ + * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... + * @copyright Copyright (C) 2002 - 2008 Mantis Team - man...@li... * @package CoreAPI * @subpackage BugAPI */ + $t_core_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR; require_once( $t_core_dir . 'history_api.php' ); Modified: trunk/mantisbt/core/bug_group_action_api.php =================================================================== --- trunk/mantisbt/core/bug_group_action_api.php 2008-10-10 19:40:26 UTC (rev 5653) +++ trunk/mantisbt/core/bug_group_action_api.php 2008-10-10 20:49:04 UTC (rev 5654) @@ -1,7 +1,6 @@ <?php # Mantis - a php based bugtracking system -# Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... -# Copyright (C) 2002 - 2008 Mantis Team - man...@li... + # Mantis is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or @@ -20,8 +19,11 @@ # -------------------------------------------------------- /** - * @package CoreAPI - * @subpackage BugGroupActionAPI + * @version $Id$ + * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - ke...@30... + * @copyright Copyright (C) 2002 - 2008 Mantis Team - man...@li... + * @package CoreAPI + * @subpackage BugGroupActionAPI */ /** @@ -89,9 +91,6 @@ } } -# ##### -# Call-Outs for EXT_* custom group actions -# ##### /** * Prints the list of fields in the custom action form. These are the user inputs * and the submit button. This ends up calling action_<action>_print_fields() @@ -118,14 +117,13 @@ } /** - * Validates the combination of an action and a bug. This ends up calling - * action_<action>_validate() from bug_actiongroup_<action>_inc.php + * Validates the combination of an action and a bug. This ends up calling + * action_<action>_validate() from bug_actiongroup_<action>_inc.php * * @param $p_action The custom action name without the "EXT_" prefix. * @param $p_bug_id The id of the bug to validate the action on. - * - * @returns true Action can be applied. - * @returns array( bug_id => reason for failure to validate ) + * + * @returns true|array true if action can be applied or array of ( bug_id => reason for failure to validate ) */ function bug_group_action_validate( $p_action, $p_bug_id ) { require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' ); @@ -133,6 +131,7 @@ return $t_function_name( $p_bug_id ); } + /** * Executes an action on a bug. This ends up calling * action_<action>_process() from bug_actiongroup_<action>_inc.php Modified: trunk/mantisbt/core/string_api.php =================================================================== --- trunk/mantisbt/core/string_api.php 2008-10-10 19:40:26 UTC (rev 5653) +++ trunk/mantisbt/core/string_api.php 2008-10-10 20:49:04 UTC (rev 5654) @@ -198,40 +198,22 @@ function string_sanitize_url( $p_url, $return_absolute = false ) { $t_url = strip_tags( urldecode( $p_url ) ); if( preg_match( '?http(s)*://?', $t_url ) > 0 ) { - /* url string contains http(s) */ if( preg_match( '?^' . config_get( 'path' ) . '?', $t_url ) == 0 ) { - /* url string does not begin with our path, therefore, replace it with a link to index.php */ if( $return_absolute == true ) { - $t_url = config_get_global( 'path' ) . 'index.php'; + return config_get_global( 'path' ) . 'index.php'; + } else { + return 'index.php'; } - else { - $t_url = 'index.php'; - } + } else { + /* url string is an absolute url to our site - strip out the absolute part we will add it later if required */ + str_replace( config_get_global( 'path' ), '', $t_url ); } - else { - - /* url string is an absolute url to our site - if we need to return a relative link, strip out the absolute part */ - if( $return_absolute == false ) { - str_replace( config_get_global( 'path' ), '', $t_url ); - } - } + } else { + /* url string is a relative link */ } - else { - /* url string is a relative link */ - /* if we need to return an absolute link, we append our path to the url */ - if( $return_absolute == true ) { - if( strpos( $p_url, config_get_global( 'short_path' ) ) === 0 && config_get_global( 'short_path' ) != '/' ) { - $t_url = str_replace( config_get_global( 'short_path' ), '', config_get_global( 'path' ) ) . $t_url; - } - else { - $t_url = config_get_global( 'path' ) . ltrim( $t_url, '/' ); - } - } - } - /* currently we checked for a valid host part of a url, however rest of url is unvalidated */ /* if url is blank, we just return a relative/absolute link to index.php as appropriate. * we can trust global path, therefore we can return immediately at this point without url-encoding. */ @@ -252,62 +234,52 @@ * d) path#fragment * e) path */ if( strpos( $t_url, '?' ) !== FALSE ) { - /* A / B */ list( $t_path, $t_param ) = explode( '?', $t_url, 2 ); - if( !is_blank( $t_param ) ) { - if( strpos( $t_param, '#' ) !== FALSE ) { - list( $t_query, $t_anchor ) = explode( '#', $t_param, 2 ); - } - else { - $t_query = $t_param; - $t_anchor = ''; - } - $t_vals = array( ); + if( !is_blank($t_param ) ) { + if( strpos( $t_param, '#' ) !== FALSE ) { + list( $t_query, $t_anchor ) = explode( '#', $t_param, 2 ); + } else { + $t_query = $t_param; + $t_anchor = ''; + } + $t_vals = array(); parse_str( html_entity_decode( $t_query ), $t_vals ); $t_param = ''; foreach( $t_vals as $k => $v ) { if( $t_param != '' ) { - $t_param .= '&'; + $t_param .= '&'; } - - /* urlencode any query params (A/B) */ - if( is_array( $v ) ) { - for( $i = 0, $t_size = sizeof( $v );$i < $t_size;$i++ ) { - $t_param .= $k . urlencode( '[]' ) . '=' . urlencode( strip_tags( urldecode( $v[$i] ) ) ); - $t_param .= ( $i != $t_size - 1 ) ? '&' : ''; - } - } - else { - $t_param .= "$k=" . urlencode( strip_tags( urldecode( $v ) ) ); - } } - if( !is_blank( $t_anchor ) ) { + if( !is_blank( $t_anchor ) ) { /* urlencode anchor part of url (A) */ - $t_anchor = '#' . urlencode( $t_anchor ); + $t_anchor = '#' . urlencode( $t_anchor ); } - return $t_path . '?' . $t_param . $t_anchor; - } - else { - + $t_validated_path = $t_path . '?' . $t_param . $t_anchor; + } else { /* C */ /* at this point, I believe we've got a url containing a ? that does not have any query params * therefore, urlencode the path component and re-add the trailing ? */ - return urlencode( $t_path ) . '?'; + $t_validated_path = urlencode ($t_path). '?'; } - } - else { + } else { if( strpos( $t_url, '#' ) !== FALSE ) { - /* D */ list( $t_path, $t_anchor ) = explode( '#', $t_url, 2 ); - return implode( "/", array_map( "rawurlencode", explode( "/", $t_path ) ) ) . '#' . urlencode( $t_anchor ); + $t_validated_path = implode("/", array_map("rawurlencode", explode("/", $t_path))) . '#' . urlencode( $t_anchor ); + } else { + /* E */ + $t_validated_path = implode("/", array_map("rawurlencode", explode("/", $t_url))); } - else { + } - /* E */ - return implode( "/", array_map( "rawurlencode", explode( "/", $t_url ) ) ); + /* if we need to return an absolute link, we append our path to the url */ + if( $return_absolute == true ) { + if( strpos( $p_url, config_get_global( 'short_path' ) ) === 0 && config_get_global( 'short_path' ) != '/') { + return str_replace( config_get_global( 'short_path' ), '', config_get_global( 'path' ) ) . $t_validated_path; + } else { + return config_get_global( 'path' ) . ltrim($t_validated_path, '/'); } } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |