/
proj_doc_add.php
102 lines (87 loc) · 3.15 KB
/
proj_doc_add.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2003 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
?>
<?php
require_once( 'core.php' );
$t_core_path = config_get( 'core_path' );
require_once( $t_core_path.'file_api.php' );
?>
<?php auth_ensure_user_authenticated() ?>
<?php
if ( ! file_allow_project_upload() ) {
access_denied();
}
$f_title = gpc_get_string( 'title' );
if ( is_blank( $f_title ) ) {
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
$f_description = gpc_get_string( 'description' );
$result = 0;
$good_upload = 0;
$disallowed = 0;
extract( $HTTP_POST_FILES['file'], EXTR_PREFIX_ALL, 'f' );
if ( !file_type_check( $f_name ) ) {
$disallowed = 1;
} else if ( is_uploaded_file( $f_tmp_name ) ) {
$good_upload = 1;
$t_project_id = helper_get_current_project();
# grab the file path
$t_file_path = project_get_field( helper_get_current_project(), 'file_path' );
# prepare variables for insertion
$f_title = db_prepare_string( $f_title );
$f_description = db_prepare_string( $f_description );
$f_file_name = lang_get( 'document_files_prefix' ) . '-' . project_format_id ( $t_project_id ) . '-' . $f_name;
$t_file_size = $f_size;
switch ( $g_file_upload_method ) {
case DISK: if ( !file_exists( $t_file_path.$f_file_name ) ) {
umask( 0333 ); # make read only
copy($f_tmp_name, $t_file_path.$f_file_name);
$query = "INSERT INTO mantis_project_file_table
(id, project_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)
VALUES
(null, $t_project_id, '$f_title', '$f_description', '$t_file_path$f_file_name', '$f_file_name', '$t_file_path', $t_file_size, '$f_type', NOW(), '')";
} else {
trigger_error( ERROR_DUPLICATE_FILE, ERROR );
}
break;
case DATABASE:
$t_content = addslashes( fread ( fopen( $f_tmp_name, 'rb' ), $t_file_size ) );
$query = "INSERT INTO mantis_project_file_table
(id, project_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content)
VALUES
(null, $t_project_id, '$f_title', '$f_description', '$t_file_path$f_file_name', '$f_file_name', '$t_file_path', $t_file_size, '$f_type', NOW(), '$t_content')";
break;
}
$result = db_query( $query );
}
$t_redirect_url = 'proj_doc_page.php';
?>
<?php html_page_top1() ?>
<?php
if ( $result ) {
html_meta_redirect( $t_redirect_url, $g_wait_time );
}
?>
<?php html_page_top2() ?>
<br />
<div align="center">
<?php
if ( $result ) { # SUCCESS
print lang_get( 'operation_successful' ) . '<br />';
} else { # FAILURE
if ( 1 == $disallowed ) {
print error_string( ERROR_FILE_DISALLOWED ).'<br />';
} else if ( 0 == $good_upload ) {
print error_string( ERROR_NO_FILE_SPECIFIED ).'<br />';
} else if ( !$result ) {
print_sql_error( $query );
}
}
print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
?>
</div>
<?php html_page_bottom1( __FILE__ ) ?>