/
report_add.php3
159 lines (145 loc) · 4.67 KB
/
report_add.php3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?
# Mantis - a php based bugtracking system
# Copyright (C) 2000 Kenzaburo Ito - kenito@300baud.org
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
?>
<? include( "core_API.php" ) ?>
<? login_cookie_check() ?>
<?
db_connect( $g_hostname, $g_db_username, $g_db_password, $g_database_name );
if ( !access_level_check_greater_or_equal( "viewer" ) ) {
# should be an access error page
header( "Location: $g_logout_page" );
exit;
}
# need access level check
### validating input
$check_failed = false;
if ( ( $f_category=="" ) ||
( $f_severity=="" ) ||
( $f_reproducibility=="" ) ||
( $f_summary=="" ) ||
( $f_description=="" ) ) {
$check_failed = true;
}
### required fields ok, proceeding
if ( !$check_failed ) {
### Get user id
$query = "SELECT id
FROM $g_mantis_user_table
WHERE cookie_string='$g_string_cookie_val'";
$result = db_query( $query );
$u_id = mysql_result( $result, 0 );
### Make strings safe for database
$f_summary = string_safe( $f_summary );
$f_description = string_safe( $f_description );
$f_additional_info = string_safe( $f_additional_info );
$f_steps_to_reproduce = string_safe( $f_steps_to_reproduce );
$f_version = string_safe( $f_version );
$f_build = string_safe( $f_build );
$f_platform = string_safe( $f_platform );
$f_os = string_safe( $f_os );
$f_osbuild = string_safe( $f_osbuild );
### if a profile was selected then let's use that information
if ( !empty( $f_id ) ) {
### Get profile data and prefix with v_
$query = "SELECT id, platform, os, os_build, default_profile
FROM $g_mantis_user_profile_table
WHERE id='$f_id'";
$result = db_query( $query );
$profile_count = mysql_num_rows( $result );
$row = mysql_fetch_array( $result );
extract( $row, EXTR_PREFIX_ALL, "v" );
$f_platform = string_unsafe( $v_platform );
$f_os = string_unsafe( $v_os );
$f_osbuild = string_unsafe( $v_os_build );
}
### Insert text information
$query = "INSERT
INTO $g_mantis_bug_text_table
( id, description, steps_to_reproduce, additional_information )
VALUES
( null, '$f_description', '$f_steps_to_reproduce',
'$f_additional_info' )";
$result = mysql_query( $query );
### Get the id of the text information we just inserted
### NOTE: this is guarranteed to be the correct one.
### The value LAST_INSERT_ID is stored on a per connection basis.
$query = "select LAST_INSERT_ID()";
$result = mysql_query( $query );
if ( $result ) {
$t_id = mysql_result( $result, 0 );
}
### Insert the rest of the data
$query = "INSERT
INTO $g_mantis_bug_table
( id, reporter_id, handler_id, duplicate_id, priority, severity,
reproducibility, status, resolution, projection, category,
date_submitted, last_updated, eta, bug_text_id, os, os_build,
platform, version, build, votes, profile_id, summary )
VALUES
( null, '$u_id', '0000000', '0000000', 'normal', '$f_severity',
'$f_reproducibility', 'new', 'open', 'minor fix', '$f_category',
NOW(), NOW(), NOW(), '$t_id', '$f_os', '$f_osbuild',
'$f_platform', '$f_version', '$f_build',
1, '$f_profile_id', '$f_summary' )";
$result = mysql_query( $query );
}
?>
<? print_html_top() ?>
<? print_head_top() ?>
<? print_title( $g_window_title ) ?>
<? print_css( $g_css_include_file ) ?>
<?
if ( $result ) {
print_meta_redirect( $g_view_bug_all_page, $g_wait_time );
}
?>
<? include( $g_meta_include_file ) ?>
<? print_head_bottom() ?>
<? print_body_top() ?>
<? print_header( $g_page_title ) ?>
<p>
<? print_menu( $g_menu_include_file ) ?>
<p>
<div align=center>
<?
### FORM ERROR
### required fields not entered
if ( $check_failed ) {
PRINT "<b>$s_report_add_error</b><br>";
if ( $f_category=="" ) {
PRINT "You must select a category<br>";
}
if ( $f_severity=="" ) {
PRINT "You must select a severity<br>";
}
if ( $f_reproducibility=="" ) {
PRINT "You must select a reproducibility<br>";
}
if ( $f_summary=="" ) {
PRINT "You must enter a summary<br>";
}
if ( $f_description=="" ) {
PRINT "You must enter a description<br>";
}
PRINT "<p>";
PRINT "$s_hit_back";
}
### MYSQL ERROR
else if ( !$result ) {
PRINT "$s_sql_error_detected <a href=\"<? echo $g_administrator_email ?>\">administrator</a><p>";
PRINT $query;
}
### OK!!!
else {
PRINT "$s_submission_thanks<p>";
}
?>
<p>
<a href="<? echo $g_view_bug_all_page ?>"><? echo $s_proceed ?></a>
</div>
<? print_footer(__FILE__) ?>
<? print_body_bottom() ?>
<? print_html_bottom() ?>