[mantisbt-cvs] SF.net SVN: mantisbt:[5654] trunk/mantisbt/core

[<pri...@us...>]

Revision: 5654
          http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5654&view=rev
Author:   prichards
Date:     2008-10-10 20:49:04 +0000 (Fri, 10 Oct 2008)

Log Message:
-----------
comment commits + sanitize url fix

Modified Paths:
--------------
    trunk/mantisbt/core/access_api.php
    trunk/mantisbt/core/bug_api.php
    trunk/mantisbt/core/bug_group_action_api.php
    trunk/mantisbt/core/string_api.php

Modified: trunk/mantisbt/core/access_api.php
===================================================================
--- trunk/mantisbt/core/access_api.php	2008-10-10 19:40:26 UTC (rev 5653)
+++ trunk/mantisbt/core/access_api.php	2008-10-10 20:49:04 UTC (rev 5654)
@@ -1,7 +1,6 @@
 <?php
 # Mantis - a php based bugtracking system
-# Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
-# Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
+
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 2 of the License, or
@@ -20,6 +19,9 @@
 # --------------------------------------------------------
 
 /**
+ * @version $Id$
+ * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
+ * @copyright Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
  * @package CoreAPI
  * @subpackage AccessAPI
  */

Modified: trunk/mantisbt/core/bug_api.php
===================================================================
--- trunk/mantisbt/core/bug_api.php	2008-10-10 19:40:26 UTC (rev 5653)
+++ trunk/mantisbt/core/bug_api.php	2008-10-10 20:49:04 UTC (rev 5654)
@@ -1,7 +1,6 @@
 <?php
 # Mantis - a php based bugtracking system
-# Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
-# Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
+
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 2 of the License, or
@@ -20,9 +19,13 @@
 # --------------------------------------------------------
 
 /**
+ * @version $Id$ 
+ * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
+ * @copyright Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
  * @package CoreAPI
  * @subpackage BugAPI
  */
+
 $t_core_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR;
 
 require_once( $t_core_dir . 'history_api.php' );

Modified: trunk/mantisbt/core/bug_group_action_api.php
===================================================================
--- trunk/mantisbt/core/bug_group_action_api.php	2008-10-10 19:40:26 UTC (rev 5653)
+++ trunk/mantisbt/core/bug_group_action_api.php	2008-10-10 20:49:04 UTC (rev 5654)
@@ -1,7 +1,6 @@
 <?php
 # Mantis - a php based bugtracking system
-# Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
-# Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
+
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 2 of the License, or
@@ -20,8 +19,11 @@
 # --------------------------------------------------------
 
 /**
- * @package CoreAPI
- * @subpackage BugGroupActionAPI
+ * @version $Id$
+ * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - ke...@30...
+ * @copyright Copyright (C) 2002 - 2008  Mantis Team   - man...@li...
+ *	@package CoreAPI
+ *	@subpackage BugGroupActionAPI
  */
 
 /**
@@ -89,9 +91,6 @@
 	}
 }
 
-# #####
-# Call-Outs for EXT_* custom group actions
-# #####
 /**
  * Prints the list of fields in the custom action form.  These are the user inputs
  * and the submit button.  This ends up calling action_<action>_print_fields()
@@ -118,14 +117,13 @@
 }
 
 /**
- * Validates the combination of an action and a bug.  This ends up calling
- * action_<action>_validate() from bug_actiongroup_<action>_inc.php
+ * Validates the combination of an action and a bug.  This ends up calling 
+ * action_<action>_validate() from bug_actiongroup_<action>_inc.php	 
  *
  * @param $p_action   The custom action name without the "EXT_" prefix.
  * @param $p_bug_id   The id of the bug to validate the action on.
- *
- * @returns true      Action can be applied.
- * @returns array( bug_id => reason for failure to validate )
+ * 
+ * @returns true|array true if action can be applied or array of ( bug_id => reason for failure to validate )
  */
 function bug_group_action_validate( $p_action, $p_bug_id ) {
 	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
@@ -133,6 +131,7 @@
 	return $t_function_name( $p_bug_id );
 }
 
+
 /**
  * Executes an action on a bug.  This ends up calling
  * action_<action>_process() from bug_actiongroup_<action>_inc.php

Modified: trunk/mantisbt/core/string_api.php
===================================================================
--- trunk/mantisbt/core/string_api.php	2008-10-10 19:40:26 UTC (rev 5653)
+++ trunk/mantisbt/core/string_api.php	2008-10-10 20:49:04 UTC (rev 5654)
@@ -198,40 +198,22 @@
 function string_sanitize_url( $p_url, $return_absolute = false ) {
 	$t_url = strip_tags( urldecode( $p_url ) );
 	if( preg_match( '?http(s)*://?', $t_url ) > 0 ) {
-
 		/* url string contains http(s) */
 		if( preg_match( '?^' . config_get( 'path' ) . '?', $t_url ) == 0 ) {
-
 			/* url string does not begin with our path, therefore, replace it with a link to index.php */
 			if( $return_absolute == true ) {
-				$t_url = config_get_global( 'path' ) . 'index.php';
+				return config_get_global( 'path' ) . 'index.php';
+			} else {
+				return 'index.php';
 			}
-			else {
-				$t_url = 'index.php';
-			}
+		} else {
+			/* url string is an absolute url to our site - strip out the absolute part we will add it later if required */
+			str_replace( config_get_global( 'path' ), '', $t_url ); 	
 		}
-		else {
-
-			/* url string is an absolute url to our site - if we need to return a relative link, strip out the absolute part */
-			if( $return_absolute == false ) {
-				str_replace( config_get_global( 'path' ), '', $t_url );
-			}
-		}
+	} else {
+		/* url string is a relative link */		
 	}
-	else {
 
-		/* url string is a relative link */
-		/* if we need to return an absolute link, we append our path to the url */
-		if( $return_absolute == true ) {
-			if( strpos( $p_url, config_get_global( 'short_path' ) ) === 0 && config_get_global( 'short_path' ) != '/' ) {
-				$t_url = str_replace( config_get_global( 'short_path' ), '', config_get_global( 'path' ) ) . $t_url;
-			}
-			else {
-				$t_url = config_get_global( 'path' ) . ltrim( $t_url, '/' );
-			}
-		}
-	}
-
 	/* currently we checked for a valid host part of a url, however rest of url is unvalidated */
 	/* if url is blank, we just return a relative/absolute link to index.php as appropriate.
 	 * we can trust global path, therefore we can return immediately at this point without url-encoding. */
@@ -252,62 +234,52 @@
 	 * d) path#fragment
 	 * e) path */
 	if( strpos( $t_url, '?' ) !== FALSE ) {
-
 		/* A / B */
 		list( $t_path, $t_param ) = explode( '?', $t_url, 2 );
-		if( !is_blank( $t_param ) ) {
-			if( strpos( $t_param, '#' ) !== FALSE ) {
-				list( $t_query, $t_anchor ) = explode( '#', $t_param, 2 );
-			}
-			else {
-				$t_query = $t_param;
-				$t_anchor = '';
-			}
-			$t_vals = array( );
+		if( !is_blank($t_param ) ) {
+		    if( strpos( $t_param, '#' ) !== FALSE ) {
+		        list( $t_query, $t_anchor ) = explode( '#', $t_param, 2 );
+		    } else {
+		        $t_query = $t_param;
+		        $t_anchor = '';
+		    }		    
+			$t_vals = array();
 			parse_str( html_entity_decode( $t_query ), $t_vals );
 			$t_param = '';
 			foreach( $t_vals as $k => $v ) {
 				if( $t_param != '' ) {
-					$t_param .= '&amp;';
+					$t_param .= '&amp;'; 
 				}
-
-				/* urlencode any query params (A/B) */
-				if( is_array( $v ) ) {
-					for( $i = 0, $t_size = sizeof( $v );$i < $t_size;$i++ ) {
-						$t_param .= $k . urlencode( '[]' ) . '=' . urlencode( strip_tags( urldecode( $v[$i] ) ) );
-						$t_param .= ( $i != $t_size - 1 ) ? '&amp;' : '';
-					}
-				}
-				else {
-					$t_param .= "$k=" . urlencode( strip_tags( urldecode( $v ) ) );
-				}
 			}
-			if( !is_blank( $t_anchor ) ) {
 
+			if( !is_blank( $t_anchor ) ) {
 				/* urlencode anchor part of url (A) */
-				$t_anchor = '#' . urlencode( $t_anchor );
+			    $t_anchor = '#' . urlencode( $t_anchor );
 			}
-			return $t_path . '?' . $t_param . $t_anchor;
-		}
-		else {
-
+			$t_validated_path =  $t_path . '?' . $t_param . $t_anchor;
+		} else {
 			/* C */
 			/* at this point, I believe we've got a url containing a ? that does not have any query params
 			 * therefore, urlencode the path component and re-add the trailing ? */
-			return urlencode( $t_path ) . '?';
+			$t_validated_path = urlencode ($t_path). '?';
 		}
-	}
-	else {
+	} else {
 		if( strpos( $t_url, '#' ) !== FALSE ) {
-
 			/* D */
 			list( $t_path, $t_anchor ) = explode( '#', $t_url, 2 );
-			return implode( "/", array_map( "rawurlencode", explode( "/", $t_path ) ) ) . '#' . urlencode( $t_anchor );
+			$t_validated_path = implode("/", array_map("rawurlencode", explode("/", $t_path))) . '#' . urlencode( $t_anchor );
+		} else {				
+			/* E */
+			$t_validated_path = implode("/", array_map("rawurlencode", explode("/", $t_url)));
 		}
-		else {
+	}
 
-			/* E */
-			return implode( "/", array_map( "rawurlencode", explode( "/", $t_url ) ) );
+	/* if we need to return an absolute link, we append our path to the url */
+	if( $return_absolute == true ) {
+		if( strpos( $p_url, config_get_global( 'short_path' ) ) === 0 && config_get_global( 'short_path' ) != '/') {
+			return str_replace( config_get_global( 'short_path' ), '', config_get_global( 'path' ) ) . $t_validated_path;
+		} else {
+			return config_get_global( 'path' ) . ltrim($t_validated_path, '/'); 
 		}
 	}
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.