2
# Description: LFI and XSS via group actions 1
3
# Implements checking to see which options are available
4
# to the user for the issues which are currently shown on
5
# view bug pages. Options are only displayed in the
6
# dropdown list if the user is able to use the option on at
7
# least one of the bugs displayed.
8
# Author: David Hicks <d@hx.id.au>
9
# Bug: http://www.mantisbt.org/bugs/view.php?id=13281
10
# Last-Update: 2011-09-05
12
Index: mantis/core/columns_api.php
13
===================================================================
14
--- mantis.orig/core/columns_api.php 2011-09-06 07:43:27.409465292 +0200
15
+++ mantis/core/columns_api.php 2011-09-06 07:43:59.402065926 +0200
17
# $p_columns_target: see COLUMNS_TARGET_* in constant_inc.php
18
function print_column_selection( $p_row, $p_columns_target = COLUMNS_TARGET_VIEW_PAGE ) {
19
if ( $p_columns_target != COLUMNS_TARGET_CSV_PAGE ) {
20
- global $t_checkboxes_exist, $t_update_bug_threshold;
22
+ global $g_checkboxes_exist;
24
- if ( access_has_bug_level( $t_update_bug_threshold, $p_row['id'] ) ) {
25
- $t_checkboxes_exist = true;
26
+ if( access_has_any_project( config_get( 'report_bug_threshold', null, null, $p_bug->project_id ) ) ||
27
+ # !TODO: check if any other projects actually exist for the bug to be moved to
28
+ access_has_project_level( config_get( 'move_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
29
+ # !TODO: factor in $g_auto_set_status_to_assigned == ON
30
+ access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
31
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
32
+ access_has_project_level( config_get( 'delete_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
33
+ # !TODO: check to see if the bug actually has any different selectable workflow states
34
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
35
+ access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
36
+ access_has_project_level( config_get( 'change_view_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
37
+ access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
38
+ access_has_project_level( config_get( 'tag_attach_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
39
+ access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ) {
40
+ $g_checkboxes_exist = true;
41
printf( "<input type=\"checkbox\" name=\"bug_arr[]\" value=\"%d\" />" , $p_row['id'] );
44
Index: mantis/core/print_api.php
45
===================================================================
46
--- mantis.orig/core/print_api.php 2011-09-06 07:43:59.330064579 +0200
47
+++ mantis/core/print_api.php 2011-09-06 07:43:59.406066005 +0200
49
require_once( $t_core_dir . 'prepare_api.php' );
50
require_once( $t_core_dir . 'profile_api.php' );
51
require_once( $t_core_dir . 'last_visited_api.php' );
52
+ require_once( $t_core_dir . 'bug_group_action_api.php' );
56
@@ -1001,67 +1002,20 @@
59
# --------------------
60
- # @@@ preliminary support for multiple bug actions.
61
- function print_all_bug_action_option_list() {
62
- $commands = array( 'MOVE' => lang_get('actiongroup_menu_move'),
63
- 'COPY' => lang_get('actiongroup_menu_copy'),
64
- 'ASSIGN' => lang_get('actiongroup_menu_assign'),
65
- 'CLOSE' => lang_get('actiongroup_menu_close'),
66
- 'DELETE' => lang_get('actiongroup_menu_delete'),
67
- 'RESOLVE' => lang_get('actiongroup_menu_resolve'),
68
- 'SET_STICKY' => lang_get( 'actiongroup_menu_set_sticky' ),
69
- 'UP_PRIOR' => lang_get('actiongroup_menu_update_priority'),
70
- 'UP_STATUS' => lang_get('actiongroup_menu_update_status'),
71
- 'UP_CATEGORY' => lang_get('actiongroup_menu_update_category'),
72
- 'VIEW_STATUS' => lang_get( 'actiongroup_menu_update_view_status' ),
73
- 'EXT_ADD_NOTE' => lang_get( 'actiongroup_menu_add_note' ),
74
- 'EXT_ATTACH_TAGS' => lang_get( 'actiongroup_menu_attach_tags' ),
77
- $t_project_id = helper_get_current_project();
79
- if ( ALL_PROJECTS != $t_project_id ) {
80
- $t_user_id = auth_get_current_user_id();
82
- if ( access_has_project_level( config_get( 'update_bug_threshold' ), $t_project_id ) ) {
83
- $commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
86
- if ( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_project_id ) ) {
87
- $commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
90
- $t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
92
- foreach( $t_custom_field_ids as $t_custom_field_id ) {
93
- # if user has not access right to modify the field, then there is no
94
- # point in showing it.
95
- if ( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id, $t_user_id ) ) {
99
- $t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
100
- $t_command_id = 'custom_field_' . $t_custom_field_id;
101
- $t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
102
- $commands[$t_command_id] = string_display( $t_command_caption );
105
+ * Print a dropdown list of all bug actions available to a user for a specified
107
+ * @param array $p_projects An array containing one or more project IDs
110
+ function print_all_bug_action_option_list( $p_project_ids = null ) {
111
+ $t_commands = bug_group_action_get_commands( $p_project_ids);
112
+ while( list( $t_action_id, $t_action_label ) = each( $t_commands ) ) {
113
+ echo '<option value="' . $t_action_id . '">' . $t_action_label . '</option>';
117
- $t_custom_group_actions = config_get( 'custom_group_actions' );
119
- foreach( $t_custom_group_actions as $t_custom_group_action ) {
120
- # use label if provided to get the localized text, otherwise fallback to action name.
121
- if ( isset( $t_custom_group_action['label'] ) ) {
122
- $commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
124
- $commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
128
- while (list ($key,$val) = each ($commands)) {
129
- PRINT "<option value=\"".$key."\">".$val."</option>";
132
# --------------------
133
# list of users that are NOT in the specified project and that are enabled
134
# if no project is specified use the current project
135
Index: mantis/core/bug_group_action_api.php
136
===================================================================
137
--- mantis.orig/core/bug_group_action_api.php 2011-09-06 07:43:27.425465594 +0200
138
+++ mantis/core/bug_group_action_api.php 2011-09-06 07:45:24.127656147 +0200
139
@@ -151,4 +151,126 @@
140
$t_function_name = 'action_' . $p_action . '_process';
141
return $t_function_name( $p_bug_id );
145
+ * Get a list of bug group actions available to the current user for one or
147
+ * @param array $p_projects An array containing one or more project IDs
150
+function bug_group_action_get_commands( $p_project_ids = null ) {
151
+ if ( $p_project_ids === null || count( $p_project_ids ) == 0 ) {
152
+ $p_project_ids = array( ALL_PROJECTS );
155
+ $t_commands = array();
156
+ foreach( $p_project_ids as $t_project_id ) {
158
+ if( !isset( $t_commands['MOVE'] ) &&
159
+ access_has_project_level( config_get( 'move_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
160
+ $t_commands['MOVE'] = lang_get( 'actiongroup_menu_move' );
163
+ if( !isset( $t_commands['COPY'] ) &&
164
+ access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {
165
+ $t_commands['COPY'] = lang_get( 'actiongroup_menu_copy' );
168
+ if( !isset( $t_commands['ASSIGN'] ) &&
169
+ access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $t_project_id ), $t_project_id ) ) {
170
+ if( ON == config_get( 'auto_set_status_to_assigned', null, null, $t_project_id ) &&
171
+ access_has_project_level( access_get_status_threshold( config_get( 'bug_assigned_status', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
172
+ $t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
174
+ $t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
178
+ if( !isset( $t_commands['CLOSE'] ) &&
179
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
180
+ access_has_project_level( config_get( 'allow_reporter_close', null, null, $t_project_id ), $t_project_id ) ) {
181
+ $t_commands['CLOSE'] = lang_get( 'actiongroup_menu_close' );
184
+ if( !isset( $t_commands['DELETE'] ) &&
185
+ access_has_project_level( config_get( 'delete_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
186
+ $t_commands['DELETE'] = lang_get( 'actiongroup_menu_delete' );
189
+ if( !isset( $t_commands['RESOLVE'] ) &&
190
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
191
+ access_has_project_level( access_get_status_threshold( config_get( 'bug_resolved_status_threshold', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
192
+ $t_commands['RESOLVE'] = lang_get( 'actiongroup_menu_resolve' );
195
+ if( !isset( $t_commands['SET_STICKY'] ) &&
196
+ access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $t_project_id ), $t_project_id ) ) {
197
+ $t_commands['SET_STICKY'] = lang_get( 'actiongroup_menu_set_sticky' );
200
+ if( !isset( $t_commands['UP_PRIOR'] ) &&
201
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
202
+ $t_commands['UP_PRIOR'] = lang_get( 'actiongroup_menu_update_priority' );
205
+ if( !isset( $t_commands['UP_STATUS'] ) &&
206
+ access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
207
+ $t_commands['UP_STATUS'] = lang_get( 'actiongroup_menu_update_status' );
210
+ if( !isset( $t_commands['UP_CATEGORY'] ) &&
211
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
212
+ $t_commands['UP_CATEGORY'] = lang_get( 'actiongroup_menu_update_category' );
215
+ if( !isset( $t_commands['VIEW_STATUS'] ) &&
216
+ access_has_project_level( config_get( 'change_view_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
217
+ $t_commands['VIEW_STATUS'] = lang_get( 'actiongroup_menu_update_view_status' );
220
+ if( !isset( $t_commands['EXT_ADD_NOTE'] ) &&
221
+ access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $t_project_id ), $t_project_id ) ) {
222
+ $t_commands['EXT_ADD_NOTE'] = lang_get( 'actiongroup_menu_add_note' );
225
+ if( !isset( $t_commands['EXT_ATTACH_TAGS'] ) &&
226
+ access_has_project_level( config_get( 'tag_attach_threshold', null, null, $t_project_id ), $t_project_id ) ) {
227
+ $t_commands['EXT_ATTACH_TAGS'] = lang_get( 'actiongroup_menu_attach_tags' );
230
+ if( !isset( $t_commands['UP_FIXED_IN_VERSION'] ) &&
231
+ access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
232
+ $t_commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
235
+ if( !isset( $t_commands['UP_TARGET_VERSION'] ) &&
236
+ access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $t_project_id ), $t_project_id ) ) {
237
+ $t_commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
240
+ $t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
241
+ foreach( $t_custom_field_ids as $t_custom_field_id ) {
242
+ if( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id ) ) {
245
+ $t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
246
+ $t_command_id = 'custom_field_' . $t_custom_field_id;
247
+ $t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
248
+ $t_commands[$t_command_id] = string_display( $t_command_caption );
252
+ $t_custom_group_actions = config_get( 'custom_group_actions' );
254
+ foreach( $t_custom_group_actions as $t_custom_group_action ) {
255
+ # use label if provided to get the localized text, otherwise fallback to action name.
256
+ if( isset( $t_custom_group_action['label'] ) ) {
257
+ $t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
259
+ $t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
263
+ return $t_commands;
266
Index: mantis/view_all_inc.php
267
===================================================================
268
--- mantis.orig/view_all_inc.php 2011-09-06 07:43:27.437465819 +0200
269
+++ mantis/view_all_inc.php 2011-09-06 07:43:59.406066005 +0200
271
list( $t_dir, ) = split( ',', $t_filter['dir'] );
274
- $t_checkboxes_exist = false;
275
+ $g_checkboxes_exist = false;
277
$t_icon_path = config_get( 'icon_path' );
278
- $t_update_bug_threshold = config_get( 'update_bug_threshold' );
280
$t_columns = helper_get_columns_to_view( COLUMNS_TARGET_VIEW_PAGE );
282
@@ -186,11 +185,11 @@
284
<td class="left" colspan="<?php echo $col_count-2; ?>">
286
- if ( $t_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
287
+ if ( $g_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
288
echo "<input type=\"checkbox\" name=\"all_bugs\" value=\"all\" onclick=\"checkall('bug_action', this.form.all_bugs.checked)\" /><span class=\"small\">" . lang_get( 'select_all' ) . '</span>';
291
- if ( $t_checkboxes_exist ) {
292
+ if ( $g_checkboxes_exist ) {
294
<select name="action">
295
<?php print_all_bug_action_option_list() ?>