[phpBT-dev] CVS: phpbt attachment.php,1.2,1.3 bug.php,1.22,1.23 include.php,1.26,1.27 strings-en.php,1.14,1.15

[Benjamin C. <bc...@us...>]

Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv30042

Modified Files:
	attachment.php bug.php include.php strings-en.php 
Log Message:
Attachments should be working now

Index: attachment.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/attachment.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- attachment.php	2001/08/10 23:21:13	1.2
+++ attachment.php	2001/08/11 17:09:24	1.3
@@ -23,30 +23,39 @@
 
 include 'include.php';
 
-function show_attachment($attachid) {
+function del_attachment($attachid) {
 	global $q;
 	
+	if (list($filename, $mimetype) = grab_attachment($attachid)) {
+		$q->query("delete from Attachment where AttachmentID = $attachid");
+		unlink($filename);
+		header("Location: bug.php?op=show&bugid=$attachid");
+	}
+}
+
+function grab_attachment($attachid) {
+	global $q, $STRING;
+	
 	if (!is_numeric($attachid)) {
 		show_text($STRING['bad_attachment'], true);
-		return;
+		return false;
 	}
 	$ainfo = $q->grab("select a.BugID, FileName, MimeType, Project from Attachment a, Bug b where AttachmentID = $attachid and a.BugID = b.BugID");
 	if ($q->num_rows() != 1) {
 		show_text($STRING['bad_attachment'], true);
-		return;
+		return false;
 	}
 	$filename = join('/',array(INSTALLPATH, ATTACHMENT_PATH, 
 		$ainfo['Project'], "{$ainfo['BugID']}-{$ainfo['FileName']}"));
 	if (!is_readable($filename)) {
 		show_text($STRING['bad_attachment'], true);
-		return;
+		return false;
 	}
-	header("Content-type: {$ainfo['MimeType']}");
-	@readfile($filename);
+	return array($filename, $ainfo['MimeType']);
 }
 
-function add_attachment($projectid, $bugid, $description) {
-	global $q, $HTTP_POST_FILES, $now, $u, $STRING;
+function add_attachment($bugid, $description) {
+	global $q, $HTTP_POST_FILES, $now, $u, $STRING, $t;
 	
 	if (!isset($HTTP_POST_FILES['attachment']) || 
 		$HTTP_POST_FILES['attachment']['tmp_name'] == 'none') {
@@ -54,6 +63,28 @@
 		return;
 	}
 
+	// Check the upload size.  If the size was greater than the max in
+	// php.ini, the file won't even be set and will fail at the check above
+	if ($HTTP_POST_FILES['attachment']['size'] > ATTACHMENT_MAX_SIZE) {
+		show_attachment_form($bugid, $STRING['attachment_too_large']);
+		return;
+	}
+	
+	$projectid = $q->grab_field("select Project from Bug where BugID = $bugid");
+	if (!$projectid) {
+		show_text($STRING['nobug'], true);
+		return;
+	}
+
+	// Check for a previously-uploaded attachment with the same name, bug, and project
+	$q->query("select a.BugID, Project from Attachment a, Bug b where FileName = '{$HTTP_POST_FILES['attachment']['name']}' and a.BugID = b.BugID");
+	while ($ainfo = $q->grab()) {
+		if ($bugid == $ainfo['BugID'] && $projectid == $ainfo['Project']) {
+			show_attachment_form($bugid, $STRING['dupe_attachment']);
+			return;
+		}
+	}
+	
 	$filepath = INSTALLPATH.'/'.ATTACHMENT_PATH;
 	$tmpfilename = $HTTP_POST_FILES['attachment']['tmp_name'];
 	$filename = "$bugid-{$HTTP_POST_FILES['attachment']['name']}";
@@ -85,27 +116,50 @@
 }
 
 function show_attachment_form($bugid, $error = '') {
-	global $q, $t;
+	global $q, $t, $STRING;
 	
 	$t->set_file('content', 'bugattachmentform.html');
-	if (!is_numeric($bugid) || !$projectid = $q->grab_field("select Project from Bug where BugID = $bugid")) {
+	if (!is_numeric($bugid)) { 
 		show_text($STRING['nobug'], true);
 		return;
 	}
+	
+	$bugexists = $q->grab_field("select count(*) from Bug where BugID = $bugid");
+	if (!$bugexists) { 
+		show_text($STRING['nobug'], true);
+		return;
+	}
+	
 	$t->set_var(array(
 		'error' => $error,
 		'bugid' => $bugid,
-		'projectid' => $projectid
-		'description' => stripslashes($description),
+		'projectid' => $projectid,
+		'description' => htmlspecialchars(stripslashes($description)),
+		'max_size' => ini_get('upload_max_filesize') < ATTACHMENT_MAX_SIZE 
+			? number_format(ini_get('upload_max_filesize'))
+			: number_format(ATTACHMENT_MAX_SIZE)
 		));
 }		
 
 $t->set_file('wrap','wrap.html');
-
-if (isset($HTTP_POST_FILES)) add_attachment($_pv['projectid'], $_pv['bugid'],
-	$_pv['description']);
-elseif (isset($_gv['attachid'])) show_attachment($_gv['attachid']);
-else function show_attachment_form($_gv['bugid']);
+if (isset($_gv['del'])) {
+	if (!$perm->have_perm('Administrator')) {
+		show_text($STRING['bad_permission']);
+	} else {
+		del_attachment($_gv['del']);
+	}
+} elseif (isset($HTTP_POST_FILES['attachment'])) {
+	$perm->check('User');
+	add_attachment($_pv['bugid'],	$_pv['description']);
+} elseif (isset($_gv['attachid'])) {
+	if (list($filename, $mimetype) = grab_attachment($_gv['attachid'])) {
+		header("Content-type: $mimetype");
+		@readfile($filename);
+	}
+} else {
+	$perm->check('User');
+	show_attachment_form($_gv['bugid']);
+}
 
 $t->pparse('main',array('content','wrap','main'));
 

Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- bug.php	2001/08/10 13:50:53	1.22
+++ bug.php	2001/08/11 17:09:24	1.23
@@ -343,7 +343,7 @@
 }
 
 function show_bug($bugid = 0, $error = '') {
-	global $q, $me, $t, $project, $STRING, $u; 
+	global $q, $me, $t, $project, $STRING, $u, $perm; 
 	
 	if (!ereg('^[0-9]+$',$bugid) or !$row = $q->grab("select BugID, Title, Reporter.Email as Reporter, Owner.Email as Owner, Project, Version, Severity, Bug.CreatedDate, Bug.LastModifiedDate, Status.Name as Status, Priority, Bug.Description, Resolution.Name as Resolution, URL, Component, OS from Bug, Severity, Status left join User Owner on Bug.AssignedTo = Owner.UserID left join User Reporter on Bug.CreatedBy = Reporter.UserID left join Resolution on Resolution = ResolutionID where BugID = '$bugid' and Severity = SeverityID and Status = StatusID")) {
 		show_text($STRING['bugbadnum'],true);
@@ -356,6 +356,7 @@
 	$t->set_block('content','rerow','reopenrow');
 	$t->set_block('content','vrow','verifyrow');
 	$t->set_block('content','crow','closerow');
+	$t->set_block('content','attrow','attrows');
 	$t->set_unknowns('remove');
 	$t->set_var(array(
 		'statuserr' => $error['status'] ? $error['status'].'<br><br>' : '',
@@ -406,6 +407,36 @@
 		case 'Closed' :
 			$t->parse('reopenrow','rerow',true);
 			break;
+	}
+	
+	// Show the attachments
+	$q->query("select * from Attachment where BugID = $bugid");
+	if (!$q->num_rows()) {
+		$t->set_var('attrows', '<tr><td colspan="5" align="center">No attachments</td></tr>');
+	} else {
+		while ($att = $q->grab()) {
+			if (is_readable(INSTALLPATH.'/'.ATTACHMENT_PATH."/{$row['Project']}/$bugid-{$att['FileName']}")) {
+				$action = "<a href='attachment.php?attachid={$att['AttachmentID']}'>View</a>";
+				if ($perm->have_perm('Administrator')) {
+					$action .= " | <a href='attachment.php?del={$att['AttachmentID']}'>Delete</a>";
+				}
+				$t->set_var(array(
+					'bgcolor' => (++$j % 2 == 0) ? '#dddddd' : '#ffffff',
+					'attid' => $att['AttachmentID'],
+					'attname' => stripslashes($att['FileName']),
+					'attdesc' => stripslashes($att['Description']),
+					'attsize' => number_format($att['FileSize']).'k',
+					'atttype' => $att['MimeType'],
+					'attdate' => date(DATEFORMAT, $att['CreatedDate']),
+					'attaction' => $action
+					));
+				$t->parse('attrows', 'attrow', true);
+			}
+		}
+		// If there were attachments in the db but not on disk...
+		if (!$j) {
+			$t->set_var('attrows', '<tr><td colspan="5" align="center">No attachments</td></tr>');
+		}
 	}
 			
 	$q->query("select Text, Comment.CreatedDate, Email from Comment, User where BugID = $bugid and CreatedBy = UserID order by CreatedDate");

Index: include.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/include.php,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- include.php	2001/08/10 13:51:17	1.26
+++ include.php	2001/08/11 17:09:24	1.27
@@ -37,6 +37,10 @@
 define ('HIDE_EMAIL', 1); // Should email addresses be hidden for those not logged in?
 // Sub-dir of the INSTALLPATH - Needs to be writeable by the web process
 define ('ATTACHMENT_PATH', 'attachments'); 
+// Maximum size (in bytes) of an attachment
+// This will not override the settings in php.ini if php.ini has a lower limit
+define ('ATTACHMENT_MAX_SIZE', 2097152); 
+
 require PHPLIBPATH.'db_mysql.inc';
 require PHPLIBPATH.'ct_sql.inc';
 require PHPLIBPATH.'session.inc';

Index: strings-en.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/strings-en.php,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- strings-en.php	2001/08/10 23:21:13	1.14
+++ strings-en.php	2001/08/11 17:09:24	1.15
@@ -51,11 +51,14 @@
 	'passwordmatch' => 'Those passwords don\'t match -- please try again',
 	'nobughistory' => 'There is no history for that bug',
 	'logintomodify' => 'You must be logged in to modify this bug',
+	'dupe_attachment' => 'That attachment already exists for this bug',
 	'give_attachment' => 'Please specify a file to upload',
 	'no_attachment_save_path' => 'Couldn\'t find where to save the file!',
 	'attachment_path_not_writeable' => 'Couldn\'t create a file in the save path',
 	'attachment_move_error' => 'There was an error moving the uploaded file',
-	'bad_attachment' => 'That attachment does not exist'
+	'bad_attachment' => 'That attachment does not exist',
+	'attachment_too_large' => 'The file you specified is larger than '.number_format(ATTACHMENT_MAX_SIZE).' bytes',
+	'bad_permission' => 'You do not have the permissions required for that function'
 	);
 	
 // Page titles