Skip to content

Commit

Permalink
Merge commit 'release-1.2.8' into oracle
Browse files Browse the repository at this point in the history 
Conflicts:
	config_defaults_inc.php
  • Loading branch information
@dregad
dregad committed Sep 12, 2011
2 parents 45172b7 + e679a1c commit 0858282
Show file tree
Hide file tree
Showing 43 changed files with 685 additions and 231 deletions.
2 changes: 1 addition & 1 deletion billing_inc.php
View file
Expand Up @@ -75,7 +75,7 @@
# CSRF protection not required here - form does not result in modifications
?>

<form method="post" action="<?php echo form_action_self() ?>">
<form method="post" action="<?php echo string_attribute( form_action_self() ) ?>">
<input type="hidden" name="id" value="<?php echo isset( $f_bug_id ) ? $f_bug_id : 0 ?>" />
<table border="0" class="width100" cellspacing="0">
<tr>
Expand Down
3 changes: 1 addition & 2 deletions bug_actiongroup_ext.php
View file
Expand Up @@ -35,12 +35,11 @@
$f_action = gpc_get_string( 'action' );
$f_bug_arr = gpc_get_int_array( 'bug_arr', array() );

$t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
$t_form_name = 'bug_actiongroup_' . $f_action;

form_security_validate( $t_form_name );

require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
bug_group_action_init( $f_action );

# group bugs by project
$t_projects_bugs = array();
Expand Down
25 changes: 3 additions & 22 deletions bug_actiongroup_ext_page.php
View file
Expand Up @@ -20,34 +20,15 @@
* @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once( 'core.php' );

require_once( 'core.php' );
require_once( 'bug_group_action_api.php' );

auth_ensure_user_authenticated();

$f_action = gpc_get_string( 'action' );
$f_bug_arr = gpc_get_int_array( 'bug_arr', array() );

# redirect to view issues if nothing is selected
if ( is_blank( $f_action ) || ( 0 == count( $f_bug_arr ) ) ) {
print_header_redirect( 'view_all_bug_page.php' );
}

# redirect to view issues page if action doesn't have ext_* prefix.
# This should only occur if this page is called directly.
$t_external_action_prefix = 'EXT_';
if ( strpos( $f_action, $t_external_action_prefix ) !== 0 ) {
print_header_redirect( 'view_all_bug_page.php' );
}

$t_external_action = utf8_strtolower( utf8_substr( $f_action, utf8_strlen( $t_external_action_prefix ) ) );
$t_form_fields_page = 'bug_actiongroup_' . $t_external_action . '_inc.php';
$t_form_name = 'bug_actiongroup_' . $t_external_action;

bug_group_action_init( $t_external_action );

bug_group_action_print_top();
?>

Expand Down
3 changes: 3 additions & 0 deletions bug_actiongroup_page.php
View file
Expand Up @@ -42,6 +42,7 @@
# run through the issues to see if they are all from one project
$t_project_id = ALL_PROJECTS;
$t_multiple_projects = false;
$t_projects = array();

bug_cache_array_rows( $f_bug_arr );

Expand All @@ -52,11 +53,13 @@
$t_multiple_projects = true;
} else {
$t_project_id = $t_bug->project_id;
$t_projects[$t_project_id] = $t_project_id;
}
}
}
if ( $t_multiple_projects ) {
$t_project_id = ALL_PROJECTS;
$t_projects[ALL_PROJECTS] = ALL_PROJECTS;
}
# override the project if necessary
if( $t_project_id != helper_get_current_project() ) {
Expand Down
23 changes: 22 additions & 1 deletion bug_report.php
View file
Expand Up @@ -34,6 +34,27 @@

form_security_validate( 'bug_report' );

$t_project_id = null;
$f_master_bug_id = gpc_get_int( 'm_id', 0 );
if ( $f_master_bug_id > 0 ) {
bug_ensure_exists( $f_master_bug_id );
if ( bug_is_readonly( $f_master_bug_id ) ) {
error_parameters( $f_master_bug_id );
trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
}
$t_master_bug = bug_get( $f_master_bug_id, true );
project_ensure_exists( $t_master_bug->project_id );
access_ensure_bug_level( config_get( 'update_bug_threshold', null, null, $t_master_bug->project_id ), $f_master_bug_id );
$t_project_id = $t_master_bug->project_id;
} else {
$f_project_id = gpc_get_int( 'project_id' );
project_ensure_exists( $f_project_id );
$t_project_id = $f_project_id;
}
if ( $t_project_id != helper_get_current_project() ) {
$g_project_override = $t_project_id;
}

access_ensure_project_level( config_get('report_bug_threshold' ) );

$t_bug_data = new BugData;
Expand Down Expand Up @@ -71,7 +92,7 @@
$f_copy_notes_from_parent = gpc_get_bool( 'copy_notes_from_parent', false);
$f_copy_attachments_from_parent = gpc_get_bool( 'copy_attachments_from_parent', false);

$t_bug_data->project_id = gpc_get_int( 'project_id' );
$t_bug_data->project_id = $t_project_id;

$t_bug_data->reporter_id = auth_get_current_user_id();

Expand Down
8 changes: 4 additions & 4 deletions bug_report_page.php
View file
Expand Up @@ -56,7 +56,7 @@
$t_bug = bug_get( $f_master_bug_id, true );

# the user can at least update the master bug (needed to add the relationship)...
access_ensure_bug_level( config_get( 'update_bug_threshold', null, $t_bug->project_id ), $f_master_bug_id );
access_ensure_bug_level( config_get( 'update_bug_threshold', null, null, $t_bug->project_id ), $f_master_bug_id );

#@@@ (thraxisp) Note that the master bug is cloned into the same project as the master, independent of
# what the current project is set to.
Expand Down Expand Up @@ -291,7 +291,7 @@
</select>
<?php
} else {
projax_autocomplete( 'platform_get_with_prefix', 'platform', array( 'value' => $f_platform, 'size' => '32', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'platform_get_with_prefix', 'platform', array( 'value' => string_attribute( $f_platform ), 'size' => '32', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
}
?>
</td>
Expand All @@ -308,7 +308,7 @@
</select>
<?php
} else {
projax_autocomplete( 'os_get_with_prefix', 'os', array( 'value' => $f_os, 'size' => '32', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'os_get_with_prefix', 'os', array( 'value' => string_attribute( $f_os ), 'size' => '32', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
}
?>
</td>
Expand All @@ -327,7 +327,7 @@
</select>
<?php
} else {
projax_autocomplete( 'os_build_get_with_prefix', 'os_build', array( 'value' => $f_os_build, 'size' => '16', 'maxlength' => '16', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'os_build_get_with_prefix', 'os_build', array( 'value' => string_attribute( $f_os_build ), 'size' => '16', 'maxlength' => '16', 'tabindex' => helper_get_tab_index_value() ) );
}
?>
</td>
Expand Down
6 changes: 3 additions & 3 deletions bug_update_advanced_page.php
View file
Expand Up @@ -438,7 +438,7 @@
print_platform_option_list( $tpl_bug->platform );
echo '</select>';
} else {
projax_autocomplete( 'platform_get_with_prefix', 'platform', array( 'value' => $tpl_bug->platform, 'size' => '16', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'platform_get_with_prefix', 'platform', array( 'value' => string_attribute( $tpl_bug->platform ), 'size' => '16', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
}

echo '</td>';
Expand All @@ -456,7 +456,7 @@
print_os_option_list( $tpl_bug->os );
echo '</select>';
} else {
projax_autocomplete( 'os_get_with_prefix', 'os', array( 'value' => $tpl_bug->os, 'size' => '16', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'os_get_with_prefix', 'os', array( 'value' => string_attribute( $tpl_bug->os ), 'size' => '16', 'maxlength' => '32', 'tabindex' => helper_get_tab_index_value() ) );
}

echo '</td>';
Expand All @@ -474,7 +474,7 @@
print_os_build_option_list( $tpl_bug->os_build );
echo '</select>';
} else {
projax_autocomplete( 'os_build_get_with_prefix', 'os_build', array( 'value' => $tpl_bug->os_build, 'size' => '16', 'maxlength' => '16', 'tabindex' => helper_get_tab_index_value() ) );
projax_autocomplete( 'os_build_get_with_prefix', 'os_build', array( 'value' => string_attribute( $tpl_bug->os_build ), 'size' => '16', 'maxlength' => '16', 'tabindex' => helper_get_tab_index_value() ) );
}

echo '</td>';
Expand Down
2 changes: 1 addition & 1 deletion bugnote_stats_inc.php
View file
Expand Up @@ -65,7 +65,7 @@
# CSRF protection not required here - form does not result in modifications
?>

<form method="post" action="<?php echo form_action_self() . '#bugnotestats' ?>">
<form method="post" action="<?php echo string_attribute( form_action_self() . '#bugnotestats' ) ?>">
<input type="hidden" name="id" value="<?php echo $f_bug_id ?>" />
<table border=0 class="width100" cellspacing="0">
<tr>
Expand Down
9 changes: 7 additions & 2 deletions config_defaults_inc.php
View file
Expand Up @@ -112,10 +112,15 @@
$t_host = 'localhost';
}

$t_path = str_replace( basename( $_SERVER['PHP_SELF'] ), '', $_SERVER['PHP_SELF'] );
$t_self = $_SERVER['SCRIPT_NAME'];
$t_self = trim( str_replace( "\0", '', $t_self ) );
$t_path = str_replace( basename( $t_self ), '', $t_self );
$t_path = basename( $t_path ) == "admin" ? dirname( $t_path ) . '/' : $t_path;
$t_path = basename( $t_path ) == "soap" ? dirname( dirname( $t_path ) ) . '/' : $t_path;

if ( strpos( $t_path, '&#' ) ) {
echo 'Can not safely determine $g_path. Please set $g_path manually in config_inc.php';
die;
}

$t_url = $t_protocol . '://' . $t_host . $t_path;

Expand Down
2 changes: 1 addition & 1 deletion core/authentication_api.php
View file
Expand Up @@ -694,7 +694,7 @@ function auth_reauthenticate_page( $p_user_id, $p_username ) {
}
?>
</p>
<form name="reauth_form" method="post" action="<?php echo form_action_self();?>">
<form name="reauth_form" method="post" action="<?php echo string_attribute( form_action_self() ) ?>">
<?php
# CSRF protection not required here - user needs to enter password
# (confirmation step) before the form is accepted.
Expand Down

0 comments on commit 0858282

Please sign in to comment.