~ubuntu-branches/ubuntu/natty/mantis/natty-security

« back to all changes in this revision

Viewing changes to .pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/core/bug_group_action_api.php

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2011-09-15 08:13:36 UTC
Revision ID: package-import@ubuntu.com-20110915081336-vyi8dvujbfimq0jh

Tags: 1.1.8+dfsg-10squeeze1build0.11.04.1

fake sync from Debian

files added:
.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff

.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/core

.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/core/bug_group_action_api.php

.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/core/columns_api.php

.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/core/print_api.php

.pc/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff/view_all_inc.php

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/bug_actiongroup_ext.php

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/bug_actiongroup_ext_page.php

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/bug_actiongroup_page.php

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/core

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/core/bug_group_action_api.php

debian/patches/11-Fix-640297-LFI-XSS-injection-bug-action-group-0.diff

debian/patches/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff

files modified:
.pc/applied-patches

bug_actiongroup_ext.php

bug_actiongroup_ext_page.php

bug_actiongroup_page.php

core/bug_group_action_api.php

core/columns_api.php

core/print_api.php

debian/changelog

debian/patches/series

view_all_inc.php

Show diffs side-by-side

added added

removed removed

.pc/12-Fix-640297-LFI-XSS-injection-bug-action-group-1.diff/core/bug_group_action_api.php

<?php

# Mantis - a php based bugtracking system

# Mantis is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 2 of the License, or

# (at your option) any later version.

# Mantis is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with Mantis. If not, see <http://www.gnu.org/licenses/>.

# --------------------------------------------------------

# $Id: bug_group_action_api.php,v 1.2.2.1 2007-10-13 22:35:14 giallu Exp $

# --------------------------------------------------------

<?php

/**

* Print the top part for the bug action group page.

function bug_group_action_print_top() {

html_page_top1();

html_page_top2();

}

/**

* Print the bottom part for the bug action group page.

function bug_group_action_print_bottom() {

html_page_bottom1( __FILE__ );

}

/**

* Print the list of selected issues and the legend for the status colors.

* @param $p_bug_ids_array An array of issue ids.

function bug_group_action_print_bug_list( $p_bug_ids_array ) {

$t_legend_position = config_get( 'status_legend_position' );

if ( STATUS_LEGEND_POSITION_TOP == $t_legend_position ) {

html_status_legend();

echo '<br />';

}

echo '<div align="center">';

echo '<table class="width75" cellspacing="1">';

echo '<tr class="row-1">';

echo '<td class="category" colspan="2">';

echo lang_get( 'actiongroup_bugs' );

echo '</td>';

echo '</tr>';

$t_i = 1;

foreach( $p_bug_ids_array as $t_bug_id ) {

$t_class = sprintf( "row-%d", ($t_i++ % 2) + 1 );

echo sprintf( "<tr bgcolor=\"%s\"> <td>%s</td> <td>%s</td> </tr>\n",

get_status_color( bug_get_field( $t_bug_id, 'status' ) ),

string_get_bug_view_link( $t_bug_id ),

string_attribute( bug_get_field( $t_bug_id, 'summary' ) )

);

}

echo '</table>';

echo '</form>';

echo '</div>';

if ( STATUS_LEGEND_POSITION_BOTTOM == $t_legend_position ) {

echo '<br />';

html_status_legend();

}

/**

* Print the array of issue ids via hidden fields in the form to be passed on to

* the bug action group action page.

* @param $p_bug_ids_array An array of issue ids.

function bug_group_action_print_hidden_fields( $p_bug_ids_array ) {

foreach( $p_bug_ids_array as $t_bug_id ) {

echo '<input type="hidden" name="bug_arr[]" value="' . $t_bug_id . '" />' . "\n";

}

######

# Call-Outs for EXT_* custom group actions

######

/**

* Prints the list of fields in the custom action form. These are the user inputs

100

* and the submit button. This ends up calling action_<action>_print_fields()

101

* from bug_actiongroup_<action>_inc.php

102

103

* @param $p_action The custom action name without the "EXT_" prefix.

104

105

function bug_group_action_print_action_fields( $p_action ) {

106

require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );

107

$t_function_name = 'action_' . $p_action . '_print_fields';

108

$t_function_name();

109

}

110

111

/**

112

* Prints some title text for the custom action page. This ends up calling

113

* action_<action>_print_title() from bug_actiongroup_<action>_inc.php

114

115

* @param $p_action The custom action name without the "EXT_" prefix.

116

117

function bug_group_action_print_title( $p_action ) {

118

require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );

119

$t_function_name = 'action_' . $p_action . '_print_title';

120

$t_function_name();

121

}

122

123

/**

124

* Validates the combination of an action and a bug. This ends up calling

125

* action_<action>_validate() from bug_actiongroup_<action>_inc.php

126

127

* @param $p_action The custom action name without the "EXT_" prefix.

128

* @param $p_bug_id The id of the bug to validate the action on.

129

130

* @returns true Action can be applied.

131

* @returns array( bug_id => reason for failure to validate )

132

133

function bug_group_action_validate( $p_action, $p_bug_id ) {

134

require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );

135

$t_function_name = 'action_' . $p_action . '_validate';

136

return $t_function_name( $p_bug_id );

137

}

138

139

/**

140

* Executes an action on a bug. This ends up calling

141

* action_<action>_process() from bug_actiongroup_<action>_inc.php

142

143

* @param $p_action The custom action name without the "EXT_" prefix.

144

* @param $p_bug_id The id of the bug to validate the action on.

145

146

* @returns true Action can be applied.

147

* @returns array( bug_id => reason for failure to process )

148

149

function bug_group_action_process( $p_action, $p_bug_id ) {

150

require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );

151

$t_function_name = 'action_' . $p_action . '_process';

152

return $t_function_name( $p_bug_id );

153

}

154

155

/**

156

* Get a list of bug group actions available to the current user for one or

157

* more projects.

158

* @param array $p_projects An array containing one or more project IDs

159

* @return null

160

161

function bug_group_action_get_commands( $p_project_ids = null ) {

162

if ( $p_project_ids === null || count( $p_project_ids ) == 0 ) {

163

$p_project_ids = array( ALL_PROJECTS );

164

}

165

166

$t_commands = array();

167

foreach( $p_project_ids as $t_project_id ) {

168

169

if( !isset( $t_commands['MOVE'] ) &&

170

access_has_project_level( config_get( 'move_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {

171

$t_commands['MOVE'] = lang_get( 'actiongroup_menu_move' );

172

}

173

174

if( !isset( $t_commands['COPY'] ) &&

175

access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {

176

$t_commands['COPY'] = lang_get( 'actiongroup_menu_copy' );

177

}

178

179

if( !isset( $t_commands['ASSIGN'] ) &&

180

access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $t_project_id ), $t_project_id ) ) {

181

if( ON == config_get( 'auto_set_status_to_assigned', null, null, $t_project_id ) &&

182

access_has_project_level( access_get_status_threshold( config_get( 'bug_assigned_status', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {

183

$t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );

184

} else {

185

$t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );

186

}

187

}

188

189

if( !isset( $t_commands['CLOSE'] ) &&

190

access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&

191

access_has_project_level( config_get( 'allow_reporter_close', null, null, $t_project_id ), $t_project_id ) ) {

192

$t_commands['CLOSE'] = lang_get( 'actiongroup_menu_close' );

193

}

194

195

if( !isset( $t_commands['DELETE'] ) &&

196

access_has_project_level( config_get( 'delete_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {

197

$t_commands['DELETE'] = lang_get( 'actiongroup_menu_delete' );

198

}

199

200

if( !isset( $t_commands['RESOLVE'] ) &&

201

access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&

202

access_has_project_level( access_get_status_threshold( config_get( 'bug_resolved_status_threshold', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {

203

$t_commands['RESOLVE'] = lang_get( 'actiongroup_menu_resolve' );

204

}

205

206

if( !isset( $t_commands['SET_STICKY'] ) &&

207

access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $t_project_id ), $t_project_id ) ) {

208

$t_commands['SET_STICKY'] = lang_get( 'actiongroup_menu_set_sticky' );

209

}

210

211

if( !isset( $t_commands['UP_PRIOR'] ) &&

212

access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {

213

$t_commands['UP_PRIOR'] = lang_get( 'actiongroup_menu_update_priority' );

214

}

215

216

if( !isset( $t_commands['UP_STATUS'] ) &&

217

access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {

218

$t_commands['UP_STATUS'] = lang_get( 'actiongroup_menu_update_status' );

219

}

220

221

if( !isset( $t_commands['UP_CATEGORY'] ) &&

222

access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {

223

$t_commands['UP_CATEGORY'] = lang_get( 'actiongroup_menu_update_category' );

224

}

225

226

if( !isset( $t_commands['VIEW_STATUS'] ) &&

227

access_has_project_level( config_get( 'change_view_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {

228

$t_commands['VIEW_STATUS'] = lang_get( 'actiongroup_menu_update_view_status' );

229

}

230

231

if( !isset( $t_commands['EXT_ADD_NOTE'] ) &&

232

access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $t_project_id ), $t_project_id ) ) {

233

$t_commands['EXT_ADD_NOTE'] = lang_get( 'actiongroup_menu_add_note' );

234

}

235

236

if( !isset( $t_commands['EXT_ATTACH_TAGS'] ) &&

237

access_has_project_level( config_get( 'tag_attach_threshold', null, null, $t_project_id ), $t_project_id ) ) {

238

$t_commands['EXT_ATTACH_TAGS'] = lang_get( 'actiongroup_menu_attach_tags' );

239

}

240

241

if( !isset( $t_commands['UP_FIXED_IN_VERSION'] ) &&

242

access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {

243

$t_commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );

244

}

245

246

if( !isset( $t_commands['UP_TARGET_VERSION'] ) &&

247

access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $t_project_id ), $t_project_id ) ) {

248

$t_commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );

249

}

250

251

$t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );

252

foreach( $t_custom_field_ids as $t_custom_field_id ) {

253

if( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id ) ) {

254

continue;

255

}

256

$t_custom_field_def = custom_field_get_definition( $t_custom_field_id );

257

$t_command_id = 'custom_field_' . $t_custom_field_id;

258

$t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );

259

$t_commands[$t_command_id] = string_display( $t_command_caption );

260

}

261

}

262

263

$t_custom_group_actions = config_get( 'custom_group_actions' );

264

265

foreach( $t_custom_group_actions as $t_custom_group_action ) {

266

# use label if provided to get the localized text, otherwise fallback to action name.

267

if( isset( $t_custom_group_action['label'] ) ) {

268

$t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );

269

} else {

270

$t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );

271

}

272

}

273

274

return $t_commands;

275

}

276

Older »