Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1eaaeff
Choose a base ref
...
head repository: mantisbt/mantisbt
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 55f0779
Choose a head ref
  • 2 commits
  • 6 files changed
  • 1 contributor

Commits on Apr 25, 2012

  1. Use BugData object as function param for several functions 

    Commit 0ec4563 introduced an undefined
variable warning, due to removal of a call to bug_get_field function to
retrieve the project_id. This could actually cause the incorrect status
to be retrieved in html_button_bug_reopen() and html_button_bug_close(),
potentially allowing users to close or reopen issues when they are not
entitled to.

Instead of adding the function call back as it was, the code was
modified to use a BugData object instead of a bug id as parameter for
several functions in access_api.php and html_api.php, resulting in
simpler and more efficient code thanks to fewer calls to bug_get() and
bug_get_field().

Fixes #14191, Affects #14156
    @dregad
    dregad committed Apr 25, 2012
    Copy the full SHA
    a8e5b81 View commit details

  2. Update the bug's Last Update timestamp when editing a bugnote 

    Fixes #7633
    @dregad
    dregad committed Apr 25, 2012
    Copy the full SHA
    55f0779 View commit details
Showing with 71 additions and 77 deletions.
  1. +1 −1 bug_actiongroup.php
  2. +2 −2 bug_change_status_page.php
  3. +1 −1 bug_update_advanced_page.php
  4. +24 −28 core/access_api.php
  5. +1 −0 core/bugnote_api.php
  6. +42 −45 core/html_api.php
2 changes: 1 addition & 1 deletion bug_actiongroup.php
View file
Original file line number Diff line number Diff line change
@@ -72,7 +72,7 @@

case 'CLOSE':
$t_closed = config_get( 'bug_closed_status_threshold' );
if ( access_can_close_bug( $t_bug_id ) ) {
if ( access_can_close_bug( $t_bug ) ) {
if( ( $t_status < $t_closed ) &&
bug_check_workflow( $t_status, $t_closed ) ) {

4 changes: 2 additions & 2 deletions bug_change_status_page.php
View file
Original file line number Diff line number Diff line change
@@ -59,10 +59,10 @@

# Ensure user has proper access level before proceeding
if( $f_new_status == $t_reopen && $f_reopen_flag ) {
access_ensure_can_reopen_bug( $f_bug_id, $t_current_user_id );
access_ensure_can_reopen_bug( $t_bug, $t_current_user_id );
}
else if( $f_new_status == $t_closed ) {
access_ensure_can_close_bug( $f_bug_id, $t_current_user_id );
access_ensure_can_close_bug( $t_bug, $t_current_user_id );
}
else if ( bug_is_readonly( $f_bug_id )
|| !access_has_bug_level( access_get_status_threshold( $f_new_status, $t_bug->project_id ), $f_bug_id, $t_current_user_id ) ) {
2 changes: 1 addition & 1 deletion bug_update_advanced_page.php
View file
Original file line number Diff line number Diff line change
@@ -356,7 +356,7 @@
echo '<td class="category">', lang_get( 'status' ), '</td>';
echo '<td bgcolor="', get_status_color( $tpl_bug->status ), '">';
print_status_option_list( 'status', $tpl_bug->status,
access_can_close_bug( $tpl_bug->id ),
access_can_close_bug( $tpl_bug ),
$tpl_bug->project_id
);
echo '</td>';
52 changes: 24 additions & 28 deletions core/access_api.php
View file
Original file line number Diff line number Diff line change
@@ -488,21 +488,21 @@ function access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id =
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @access public
*/
function access_ensure_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id = null ) {
function access_ensure_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id = null ) {
if( !access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id ) ) {
access_denied();
}
}

/**
* Check if the specified bug can be closed
* @param int $p_bug_id integer representing bug id to check access against
* @param BugData $p_bug Bug to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool true if user can close the bug
* @access public
*/
function access_can_close_bug( $p_bug_id, $p_user_id = null ) {
if( bug_is_closed( $p_bug_id ) ) {
function access_can_close_bug( $p_bug, $p_user_id = null ) {
if( bug_is_closed( $p_bug->id ) ) {
# Can't close a bug that's already closed
return false;
}
@@ -511,44 +511,42 @@ function access_can_close_bug( $p_bug_id, $p_user_id = null ) {
$p_user_id = auth_get_current_user_id();
}

$t_bug = bug_get( $p_bug_id );

# If allow_reporter_close is enabled, then reporters can close their own bugs
# if they are in resolved status
if( ON == config_get( 'allow_reporter_close', null, null, $t_bug->project_id )
&& bug_is_user_reporter( $p_bug_id, $p_user_id )
&& bug_is_resolved( $p_bug_id )
if( ON == config_get( 'allow_reporter_close', null, null, $p_bug->project_id )
&& bug_is_user_reporter( $p_bug->id, $p_user_id )
&& bug_is_resolved( $p_bug->id )
) {
return true;
}

$t_closed_status = config_get( 'bug_closed_status_threshold', null, null, $t_bug->project_id );
$t_closed_status_threshold = access_get_status_threshold( $t_closed_status, $t_bug->project_id );
return access_has_bug_level( $t_closed_status_threshold, $p_bug_id, $p_user_id );
$t_closed_status = config_get( 'bug_closed_status_threshold', null, null, $p_bug->project_id );
$t_closed_status_threshold = access_get_status_threshold( $t_closed_status, $p_bug->project_id );
return access_has_bug_level( $t_closed_status_threshold, $p_bug->id, $p_user_id );
}

/**
* Make sure that the user can close the specified bug
* @see access_can_close_bug
* @param int $p_bug_id integer representing bug id to check access against
* @param BugData $p_bug Bug to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @access public
*/
function access_ensure_can_close_bug( $p_bug_id, $p_user_id = null ) {
if( !access_can_close_bug( $p_bug_id, $p_user_id ) ) {
function access_ensure_can_close_bug( $p_bug, $p_user_id = null ) {
if( !access_can_close_bug( $p_bug, $p_user_id ) ) {
access_denied();
}
}

/**
* Check if the specified bug can be reopened
* @param int $p_bug_id integer representing bug id to check access against
* @param BugData $p_bug Bug to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @return bool whether user has access to reopen bugs
* @access public
*/
function access_can_reopen_bug( $p_bug_id, $p_user_id = null ) {
if( !bug_is_resolved( $p_bug_id ) ) {
function access_can_reopen_bug( $p_bug, $p_user_id = null ) {
if( !bug_is_resolved( $p_bug->id ) ) {
# Can't reopen a bug that's not resolved
return false;
}
@@ -557,31 +555,29 @@ function access_can_reopen_bug( $p_bug_id, $p_user_id = null ) {
$p_user_id = auth_get_current_user_id();
}

$t_bug = bug_get( $p_bug_id );

# If allow_reporter_reopen is enabled, then reporters can always reopen their own bugs
if( ON == config_get( 'allow_reporter_reopen', null, null, $t_bug->project_id )
&& bug_is_user_reporter( $p_bug_id, $p_user_id )
if( ON == config_get( 'allow_reporter_reopen', null, null, $p_bug->project_id )
&& bug_is_user_reporter( $p_bug->id, $p_user_id )
) {
return true;
}

$t_reopen_status = config_get( 'reopen_bug_threshold', null, null, $t_bug->project_id );
$t_reopen_status_threshold = access_get_status_threshold( $t_reopen_status, $t_bug->project_id );
$t_reopen_status = config_get( 'reopen_bug_threshold', null, null, $p_bug->project_id );
$t_reopen_status_threshold = access_get_status_threshold( $t_reopen_status, $p_bug->project_id );

return access_has_bug_level( $t_reopen_status_threshold, $p_bug_id, $p_user_id );
return access_has_bug_level( $t_reopen_status_threshold, $p_bug->id, $p_user_id );
}

/**
* Make sure that the user can reopen the specified bug.
* Calls access_denied if user has no access to terminate script
* @see access_can_reopen_bug
* @param int $p_bug_id integer representing bug id to check access against
* @param BugData $p_bug Bug to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @access public
*/
function access_ensure_can_reopen_bug( $p_bug_id, $p_user_id = null ) {
if( !access_can_reopen_bug( $p_bug_id, $p_user_id ) ) {
function access_ensure_can_reopen_bug( $p_bug, $p_user_id = null ) {
if( !access_can_reopen_bug( $p_bug, $p_user_id ) ) {
access_denied();
}
}
1 change: 1 addition & 0 deletions core/bugnote_api.php
View file
Original file line number Diff line number Diff line change
@@ -528,6 +528,7 @@ function bugnote_set_text( $p_bugnote_id, $p_bugnote_text ) {

# updated the last_updated date
bugnote_date_update( $p_bugnote_id );
bug_update_date( $t_bug_id );

# insert a new revision
$t_user_id = auth_get_current_user_id();
87 changes: 42 additions & 45 deletions core/html_api.php
View file
Original file line number Diff line number Diff line change
@@ -1365,20 +1365,18 @@ function html_button_bug_update( $p_bug_id ) {
* This code is similar to print_status_option_list except
* there is no masking, except for the current state
*
* @param int $p_bug_id
* @param BugData $p_bug Bug object
* @return null
*/
function html_button_bug_change_status( $p_bug_id ) {
$t_bug_project_id = bug_get_field( $p_bug_id, 'project_id' );
$t_bug_current_state = bug_get_field( $p_bug_id, 'status' );
$t_current_access = access_get_project_level( $t_bug_project_id );
function html_button_bug_change_status( $p_bug ) {
$t_current_access = access_get_project_level( $p_bug->project_id );

$t_enum_list = get_status_option_list(
$t_current_access,
$t_bug_current_state,
$p_bug->status,
false,
bug_is_user_reporter( $p_bug_id, auth_get_current_user_id() ) && ( ON == config_get( 'allow_reporter_close' ) ),
$t_bug_project_id );
bug_is_user_reporter( $p_bug->id, auth_get_current_user_id() ) && ( ON == config_get( 'allow_reporter_close' ) ),
$p_bug->project_id );

if( count( $t_enum_list ) > 0 ) {

@@ -1404,7 +1402,7 @@ function html_button_bug_change_status( $p_bug_id ) {
}
echo '</select>';

$t_bug_id = string_attribute( $p_bug_id );
$t_bug_id = string_attribute( $p_bug->id );
echo "<input type=\"hidden\" name=\"id\" value=\"$t_bug_id\" />\n";

echo "</form>\n";
@@ -1413,51 +1411,50 @@ function html_button_bug_change_status( $p_bug_id ) {

/**
* Print Assign To: combo box of possible handlers
* @param int $p_bug_id
* @param BugData $p_bug Bug object
* @return null
*/
function html_button_bug_assign_to( $p_bug_id ) {
function html_button_bug_assign_to( $p_bug ) {

# make sure status is allowed of assign would cause auto-set-status
$t_status = bug_get_field( $p_bug_id, 'status' );

# workflow implementation

if( ON == config_get( 'auto_set_status_to_assigned' ) && !bug_check_workflow( $t_status, config_get( 'bug_assigned_status' ) ) ) {

# workflow
if( ON == config_get( 'auto_set_status_to_assigned' )
&& !bug_check_workflow( $p_bug->status, config_get( 'bug_assigned_status' ) )
) {
return;
}

# make sure current user has access to modify bugs.
if( !access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $p_bug_id ) ) {
if( !access_has_bug_level( config_get( 'update_bug_assign_threshold', config_get( 'update_bug_threshold' ) ), $p_bug->id ) ) {
return;
}

$t_reporter_id = bug_get_field( $p_bug_id, 'reporter_id' );
$t_handler_id = bug_get_field( $p_bug_id, 'handler_id' );
$t_current_user_id = auth_get_current_user_id();
$t_new_status = ( ON == config_get( 'auto_set_status_to_assigned' ) ) ? config_get( 'bug_assigned_status' ) : $t_status;

$t_new_status = ( ON == config_get( 'auto_set_status_to_assigned' ) ) ? config_get( 'bug_assigned_status' ) : $p_bug->status;
$t_options = array();
$t_default_assign_to = null;

if(( $t_handler_id != $t_current_user_id ) && ( access_has_bug_level( config_get( 'handle_bug_threshold' ), $p_bug_id, $t_current_user_id ) ) ) {
if( ( $p_bug->handler_id != $t_current_user_id )
&& access_has_bug_level( config_get( 'handle_bug_threshold' ), $p_bug->id, $t_current_user_id )
) {
$t_options[] = array(
$t_current_user_id,
'[' . lang_get( 'myself' ) . ']',
);
$t_default_assign_to = $t_current_user_id;
}

if(( $t_handler_id != $t_reporter_id ) && user_exists( $t_reporter_id ) && ( access_has_bug_level( config_get( 'handle_bug_threshold' ), $p_bug_id, $t_reporter_id ) ) ) {
if( ( $p_bug->handler_id != $p_bug->reporter_id )
&& user_exists( $p_bug->reporter_id )
&& access_has_bug_level( config_get( 'handle_bug_threshold' ), $p_bug->id, $p_bug->reporter_id )
) {
$t_options[] = array(
$t_reporter_id,
$p_bug->reporter_id,
'[' . lang_get( 'reporter' ) . ']',
);

if( $t_default_assign_to === null ) {
$t_default_assign_to = $t_reporter_id;
$t_default_assign_to = $p_bug->reporter_id;
}
}

@@ -1494,17 +1491,15 @@ function html_button_bug_assign_to( $p_bug_id ) {
}

# allow un-assigning if already assigned.
if( $t_handler_id != 0 ) {
if( $p_bug->handler_id != 0 ) {
echo "<option value=\"0\"></option>";
}

$t_project_id = bug_get_field( $p_bug_id, 'project_id' );

# 0 means currently selected
print_assign_to_option_list( 0, $t_project_id );
print_assign_to_option_list( 0, $p_bug->project_id );
echo "</select>";

$t_bug_id = string_attribute( $p_bug_id );
$t_bug_id = string_attribute( $p_bug->id );
echo "<input type=\"hidden\" name=\"bug_id\" value=\"$t_bug_id\" />\n";

echo "</form>\n";
@@ -1534,32 +1529,32 @@ function html_button_bug_create_child( $p_bug_id ) {

/**
* Print a button to reopen the given bug
* @param int $p_bug_id
* @param BugData $p_bug Bug object
* @return null
*/
function html_button_bug_reopen( $p_bug_id ) {
if( access_can_reopen_bug( $p_bug_id ) ) {
$t_reopen_status = config_get( 'bug_reopen_status', null, null, $t_project );
function html_button_bug_reopen( $p_bug ) {
if( access_can_reopen_bug( $p_bug ) ) {
$t_reopen_status = config_get( 'bug_reopen_status', null, null, $p_bug->project_id );
html_button(
'bug_change_status_page.php',
lang_get( 'reopen_bug_button' ),
array( 'id' => $p_bug_id, 'new_status' => $t_reopen_status, 'reopen_flag' => ON )
array( 'id' => $p_bug->id, 'new_status' => $t_reopen_status, 'reopen_flag' => ON )
);
}
}

/**
* Print a button to close the given bug
* @param int $p_bug_id
* @param BugData $p_bug Bug object
* @return null
*/
function html_button_bug_close( $p_bug_id ) {
if( access_can_close_bug( $p_bug_id ) ) {
$t_closed_status = config_get( 'bug_closed_status_threshold', null, null, $t_project );
function html_button_bug_close( $p_bug ) {
if( access_can_close_bug( $p_bug ) ) {
$t_closed_status = config_get( 'bug_closed_status_threshold', null, null, $p_bug->project_id );
html_button(
'bug_change_status_page.php',
lang_get( 'close_bug_button' ),
array( 'id' => $p_bug_id, 'new_status' => $t_closed_status )
array( 'id' => $p_bug->id, 'new_status' => $t_closed_status )
);
}
}
@@ -1643,6 +1638,8 @@ function html_buttons_view_bug_page( $p_bug_id ) {
$t_readonly = bug_is_readonly( $p_bug_id );
$t_sticky = config_get( 'set_bug_sticky_threshold' );

$t_bug = bug_get( $p_bug_id );

echo '<table><tr class="vcenter">';
if( !$t_readonly ) {
# UPDATE button
@@ -1652,14 +1649,14 @@ function html_buttons_view_bug_page( $p_bug_id ) {

# ASSIGN button
echo '<td class="center">';
html_button_bug_assign_to( $p_bug_id );
html_button_bug_assign_to( $t_bug );
echo '</td>';
}

# Change status button/dropdown
if ( !$t_readonly ) {
echo '<td class="center">';
html_button_bug_change_status( $p_bug_id );
html_button_bug_change_status( $t_bug );
echo '</td>';
}

@@ -1694,12 +1691,12 @@ function html_buttons_view_bug_page( $p_bug_id ) {

# REOPEN button
echo '<td class="center">';
html_button_bug_reopen( $p_bug_id );
html_button_bug_reopen( $t_bug );
echo '</td>';

# CLOSE button
echo '<td class="center">';
html_button_bug_close( $p_bug_id );
html_button_bug_close( $t_bug );
echo '</td>';