From: <nuc...@us...> - 2008-10-03 15:23:55
|
Revision: 5627 http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5627&view=rev Author: nuclear_eclipse Date: 2008-10-03 15:23:41 +0000 (Fri, 03 Oct 2008) Log Message: ----------- Last move to using form security purging. Modified Paths: -------------- branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php Modified: branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php =================================================================== --- branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php 2008-10-03 15:23:32 UTC (rev 5626) +++ branches/BRANCH_1_1_0/mantisbt/bug_actiongroup.php 2008-10-03 15:23:41 UTC (rev 5627) @@ -36,6 +36,9 @@ $f_custom_field_id = gpc_get_int( 'custom_field_id', 0 ); $f_bug_arr = gpc_get_int_array( 'bug_arr', array() ); + $t_form_name = 'bug_actiongroup_' . $f_action; + form_security_validate( $t_form_name ); + $t_custom_group_actions = config_get( 'custom_group_actions' ); foreach( $t_custom_group_actions as $t_custom_group_action ) { @@ -51,8 +54,6 @@ $t_custom_field_def = custom_field_get_definition( $f_custom_field_id ); } - $t_first_issue = true; - foreach( $f_bug_arr as $t_bug_id ) { bug_ensure_exists( $t_bug_id ); $t_bug = bug_get( $t_bug_id, true ); @@ -70,10 +71,6 @@ switch ( $f_action ) { case 'CLOSE': - if ( $t_first_issue ) { - form_security_validate( 'bug_close' ); - } - if ( access_can_close_bug( $t_bug_id ) && ( $t_status < CLOSED ) && bug_check_workflow($t_status, CLOSED) ) { @@ -91,10 +88,6 @@ break; case 'DELETE': - if ( $t_first_issue ) { - form_security_validate( 'bug_delete' ); - } - if ( access_has_bug_level( config_get( 'delete_bug_threshold' ), $t_bug_id ) ) { bug_delete( $t_bug_id ); } else { @@ -103,10 +96,6 @@ break; case 'MOVE': - if ( $t_first_issue ) { - form_security_validate( 'bug_move' ); - } - if ( access_has_bug_level( config_get( 'move_bug_threshold' ), $t_bug_id ) ) { # @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); $f_project_id = gpc_get_int( 'project_id' ); @@ -118,10 +107,6 @@ break; case 'COPY': - if ( $t_first_issue ) { - form_security_validate( 'bug_copy' ); - } - $f_project_id = gpc_get_int( 'project_id' ); if ( access_has_project_level( config_get( 'report_bug_threshold' ), $f_project_id ) ) { @@ -132,10 +117,6 @@ break; case 'ASSIGN': - if ( $t_first_issue ) { - form_security_validate( 'bug_assign' ); - } - $f_assign = gpc_get_int( 'assign' ); if ( ON == config_get( 'auto_set_status_to_assigned' ) ) { $t_assign_status = config_get( 'bug_assigned_status' ); @@ -161,10 +142,6 @@ break; case 'RESOLVE': - if ( $t_first_issue ) { - form_security_validate( 'bug_resolve' ); - } - $t_resolved_status = config_get( 'bug_resolved_status_threshold' ); if ( access_has_bug_level( access_get_status_threshold( $t_resolved_status, bug_get_field( $t_bug_id, 'project_id' ) ), $t_bug_id ) && ( $t_status < $t_resolved_status ) && @@ -185,10 +162,6 @@ break; case 'UP_PRIOR': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_priority' ); - } - if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) { $f_priority = gpc_get_int( 'priority' ); # @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); @@ -200,10 +173,6 @@ break; case 'UP_STATUS': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_status' ); - } - $f_status = gpc_get_int( 'status' ); $t_project = bug_get_field( $t_bug_id, 'project_id' ); if ( access_has_bug_level( access_get_status_threshold( $f_status, $t_project ), $t_bug_id ) ) { @@ -220,12 +189,9 @@ break; case 'UP_CATEGORY': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_category' ); - } - $f_category = gpc_get_string( 'category' ); $t_project = bug_get_field( $t_bug_id, 'project_id' ); + if ( access_has_bug_level( config_get( 'update_bug_threshold' ), $t_bug_id ) ) { if ( category_exists( $t_project, $f_category ) ) { # @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); @@ -240,10 +206,6 @@ break; case 'UP_FIXED_IN_VERSION': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_fixed_in_version' ); - } - $f_fixed_in_version = gpc_get_string( 'fixed_in_version' ); $t_project_id = bug_get_field( $t_bug_id, 'project_id' ); $t_success = false; @@ -263,10 +225,6 @@ break; case 'UP_TARGET_VERSION': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_target_version' ); - } - $f_target_version = gpc_get_string( 'target_version' ); $t_project_id = bug_get_field( $t_bug_id, 'project_id' ); $t_success = false; @@ -286,10 +244,6 @@ break; case 'VIEW_STATUS': - if ( $t_first_issue ) { - form_security_validate( 'bug_update_view_status' ); - } - if ( access_has_bug_level( config_get( 'change_view_status_threshold' ), $t_bug_id ) ) { $f_view_status = gpc_get_int( 'view_status' ); # @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); @@ -301,10 +255,6 @@ break; case 'SET_STICKY': - if ( $t_first_issue ) { - form_security_validate( 'bug_set_sticky' ); - } - if ( access_has_bug_level( config_get( 'set_bug_sticky_threshold' ), $t_bug_id ) ) { $f_sticky = bug_get_field( $t_bug_id, 'sticky' ); // The new value is the inverted old value @@ -321,10 +271,6 @@ trigger_error( ERROR_GENERIC, ERROR ); } - if ( $t_first_issue ) { - form_security_validate( 'bug_update_custom_field_' . $f_custom_field_id ); - } - # @@@ we need to issue a helper_call_custom_function( 'issue_update_validate', array( $t_bug_id, $t_bug_data, $f_bugnote_text ) ); $t_form_var = "custom_field_$f_custom_field_id"; $t_custom_field_value = gpc_get_custom_field( $t_form_var, $t_custom_field_def['type'], null ); @@ -335,10 +281,10 @@ default: trigger_error( ERROR_GENERIC, ERROR ); } - - $t_first_issue = false; } + form_security_purge( $t_form_name ); + $t_redirect_url = 'view_all_bug_page.php'; if ( count( $t_failed_ids ) > 0 ) { Modified: branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php =================================================================== --- branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php 2008-10-03 15:23:32 UTC (rev 5626) +++ branches/BRANCH_1_1_0/mantisbt/bug_actiongroup_page.php 2008-10-03 15:23:41 UTC (rev 5627) @@ -87,27 +87,27 @@ $f_action = 'CUSTOM'; } + # Form name + $t_form_name = 'bug_actiongroup_' . $f_action; + switch ( $f_action ) { # Use a simple confirmation page, if close or delete... case 'CLOSE' : $t_finished = true; $t_question_title = lang_get( 'close_bugs_conf_msg' ); $t_button_title = lang_get( 'close_group_bugs_button' ); - $t_form_name = 'bug_close'; break; case 'DELETE' : $t_finished = true; $t_question_title = lang_get( 'delete_bugs_conf_msg' ); $t_button_title = lang_get( 'delete_group_bugs_button' ); - $t_form_name = 'bug_delete'; break; case 'SET_STICKY' : $t_finished = true; $t_question_title = lang_get( 'set_sticky_bugs_conf_msg' ); $t_button_title = lang_get( 'set_sticky_group_bugs_button' ); - $t_form_name = 'bug_set_sticky'; break; # ...else we define the variables used in the form @@ -115,21 +115,18 @@ $t_question_title = lang_get( 'move_bugs_conf_msg' ); $t_button_title = lang_get( 'move_group_bugs_button' ); $t_form = 'project_id'; - $t_form_name = 'bug_move'; break; case 'COPY' : $t_question_title = lang_get( 'copy_bugs_conf_msg' ); $t_button_title = lang_get( 'copy_group_bugs_button' ); $t_form = 'project_id'; - $t_form_name = 'bug_copy'; break; case 'ASSIGN' : $t_question_title = lang_get( 'assign_bugs_conf_msg' ); $t_button_title = lang_get( 'assign_group_bugs_button' ); $t_form = 'assign'; - $t_form_name = 'bug_assign'; break; case 'RESOLVE' : @@ -141,7 +138,6 @@ $t_question_title2 = lang_get( 'fixed_in_version' ); $t_form2 = 'fixed_in_version'; } - $t_form_name = 'bug_resolve'; break; case 'UP_PRIOR' : @@ -149,7 +145,6 @@ $t_button_title = lang_get( 'priority_group_bugs_button' ); $t_form = 'priority'; $t_request = 'priority'; - $t_form_name = 'bug_update_priority'; break; case 'UP_STATUS' : @@ -157,35 +152,30 @@ $t_button_title = lang_get( 'status_group_bugs_button' ); $t_form = 'status'; $t_request = 'status'; - $t_form_name = 'bug_update_status'; break; case 'UP_CATEGORY' : $t_question_title = lang_get( 'category_bugs_conf_msg' ); $t_button_title = lang_get( 'category_group_bugs_button' ); $t_form = 'category'; - $t_form_name = 'bug_update_category'; break; case 'VIEW_STATUS' : $t_question_title = lang_get( 'view_status_bugs_conf_msg' ); $t_button_title = lang_get( 'view_status_group_bugs_button' ); $t_form = 'view_status'; - $t_form_name = 'bug_update_view_status'; break; case 'UP_FIXED_IN_VERSION': $t_question_title = lang_get( 'fixed_in_version_bugs_conf_msg' ); $t_button_title = lang_get( 'fixed_in_version_group_bugs_button' ); $t_form = 'fixed_in_version'; - $t_form_name = 'bug_update_fixed_in_version'; break; case 'UP_TARGET_VERSION': $t_question_title = lang_get( 'target_version_bugs_conf_msg' ); $t_button_title = lang_get( 'target_version_group_bugs_button' ); $t_form = 'target_version'; - $t_form_name = 'bug_update_target_version'; break; case 'CUSTOM' : @@ -193,7 +183,6 @@ $t_question_title = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) ); $t_button_title = $t_question_title; $t_form = "custom_field_$t_custom_field_id"; - $t_form_name = 'bug_update_custom_field_' . $t_custom_field_id; break; default: This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |