Permalink
Browse files

Merge branch 'master' of github.com:mantisbt/mantisbt

Conflicts:
	core/file_api.php
  • Loading branch information...
2 parents 8fb46a2 + af23393 commit 009109ceb9670ca00dde98d624ff6f303c342732 @grangeway grangeway committed Mar 28, 2014
Showing with 1,526 additions and 22,458 deletions.
  1. +6 −0 .gitmodules
  2. +0 −4 .travis.yml
  3. +14 −4 account_page.php
  4. +15 −7 account_update.php
  5. +8 −4 adm_config_report.php
  6. +1 −1 adm_config_set.php
  7. +35 −15 admin/check/check_api.php
  8. +231 −38 admin/check/check_database_inc.php
  9. +47 −0 admin/check/check_display_inc.php
  10. +34 −13 admin/check/index.php
  11. +1 −1 admin/db_stats.php
  12. +22 −14 admin/index.php
  13. +140 −64 admin/install.php
  14. +2 −2 api/soap/mantisconnect.php
  15. +8 −29 api/soap/mc_file_api.php
  16. +171 −171 api/soap/mc_project_api.php
  17. +12 −3 bug_actiongroup.php
  18. +1 −1 bug_actiongroup_page.php
  19. +3 −3 bug_file_upload_inc.php
  20. +26 −20 bug_report.php
  21. +19 −16 bug_report_page.php
  22. +7 −6 bugnote_view_inc.php
  23. +6 −24 config_defaults_inc.php
  24. +5 −4 core/bug_api.php
  25. +3 −3 core/bugnote_api.php
  26. +3 −3 core/category_api.php
  27. +2 −2 core/columns_api.php
  28. +7 −3 core/config_api.php
  29. +9 −2 core/constant_inc.php
  30. +10 −8 core/custom_field_api.php
  31. +67 −61 core/database_api.php
  32. +7 −3 core/email_api.php
  33. +8 −125 core/file_api.php
  34. +47 −32 core/filter_api.php
  35. +1 −1 core/helper_api.php
  36. +4 −0 core/history_api.php
  37. +9 −4 core/html_api.php
  38. +59 −0 core/install_helper_functions_api.php
  39. +7 −5 core/news_api.php
  40. +5 −1 core/obsolete.php
  41. +33 −40 core/print_api.php
  42. +1 −1 core/profile_api.php
  43. +24 −7 core/project_api.php
  44. +8 −8 core/summary_api.php
  45. +10 −6 core/user_api.php
  46. +4 −4 core/user_pref_api.php
  47. +2 −2 core/version_api.php
  48. +6 −4 css/default.css
  49. +5 −2 css/status_config.php
  50. +9 −35 docbook/Admin_Guide/en-US/Configuration.xml
  51. +2 −2 docbook/Admin_Guide/en-US/Installation.xml
  52. +2 −3 docbook/Admin_Guide/en-US/Page_Descriptions.xml
  53. +4 −24 file_download.php
  54. +8 −5 lang/strings_english.txt
  55. +1 −0 lang/strings_qqq.txt
  56. +1 −1 library/adodb
  57. +0 −25 library/disposable/changelog.txt
  58. +0 −453 library/disposable/disposable.php
  59. 0 library/disposable/index.html
  60. +0 −502 library/disposable/license.txt
  61. +0 −88 library/disposable/readme.txt
  62. +0 −13 library/disposable/readme_mantis.txt
  63. BIN library/securimage/AHGBold.ttf
  64. +0 −25 library/securimage/LICENSE.txt
  65. +0 −12 library/securimage/README.FONT.txt
  66. +0 −181 library/securimage/README.txt
  67. +0 −1,864 library/securimage/WavFile.php
  68. BIN library/securimage/audio/en/0.wav
  69. BIN library/securimage/audio/en/1.wav
  70. BIN library/securimage/audio/en/10.wav
  71. BIN library/securimage/audio/en/11.wav
  72. BIN library/securimage/audio/en/12.wav
  73. BIN library/securimage/audio/en/13.wav
  74. BIN library/securimage/audio/en/14.wav
  75. BIN library/securimage/audio/en/15.wav
  76. BIN library/securimage/audio/en/16.wav
  77. BIN library/securimage/audio/en/17.wav
  78. BIN library/securimage/audio/en/18.wav
  79. BIN library/securimage/audio/en/19.wav
  80. BIN library/securimage/audio/en/2.wav
  81. BIN library/securimage/audio/en/20.wav
  82. BIN library/securimage/audio/en/3.wav
  83. BIN library/securimage/audio/en/4.wav
  84. BIN library/securimage/audio/en/5.wav
  85. BIN library/securimage/audio/en/6.wav
  86. BIN library/securimage/audio/en/7.wav
  87. BIN library/securimage/audio/en/8.wav
  88. BIN library/securimage/audio/en/9.wav
  89. BIN library/securimage/audio/en/A.wav
  90. BIN library/securimage/audio/en/B.wav
  91. BIN library/securimage/audio/en/C.wav
  92. BIN library/securimage/audio/en/D.wav
  93. BIN library/securimage/audio/en/E.wav
  94. BIN library/securimage/audio/en/F.wav
  95. BIN library/securimage/audio/en/G.wav
  96. BIN library/securimage/audio/en/H.wav
  97. BIN library/securimage/audio/en/I.wav
  98. BIN library/securimage/audio/en/J.wav
  99. BIN library/securimage/audio/en/K.wav
  100. BIN library/securimage/audio/en/L.wav
  101. BIN library/securimage/audio/en/M.wav
  102. BIN library/securimage/audio/en/MINUS.wav
  103. BIN library/securimage/audio/en/N.wav
  104. BIN library/securimage/audio/en/O.wav
  105. BIN library/securimage/audio/en/P.wav
  106. BIN library/securimage/audio/en/PLUS.wav
  107. BIN library/securimage/audio/en/Q.wav
  108. BIN library/securimage/audio/en/R.wav
  109. BIN library/securimage/audio/en/S.wav
  110. BIN library/securimage/audio/en/T.wav
  111. BIN library/securimage/audio/en/TIMES.wav
  112. BIN library/securimage/audio/en/U.wav
  113. BIN library/securimage/audio/en/V.wav
  114. BIN library/securimage/audio/en/W.wav
  115. BIN library/securimage/audio/en/X.wav
  116. BIN library/securimage/audio/en/Y.wav
  117. BIN library/securimage/audio/en/Z.wav
  118. BIN library/securimage/audio/en/error.wav
  119. BIN library/securimage/audio/noise/check-point-1.wav
  120. BIN library/securimage/audio/noise/crowd-talking-1.wav
  121. BIN library/securimage/audio/noise/crowd-talking-6.wav
  122. BIN library/securimage/audio/noise/crowd-talking-7.wav
  123. BIN library/securimage/audio/noise/kids-playing-1.wav
  124. BIN library/securimage/backgrounds/bg3.jpg
  125. BIN library/securimage/backgrounds/bg4.jpg
  126. BIN library/securimage/backgrounds/bg5.jpg
  127. BIN library/securimage/backgrounds/bg6.png
  128. +0 −13 library/securimage/captcha.html
  129. +0 −1 library/securimage/database/.htaccess
  130. +0 −1 library/securimage/database/index.html
  131. BIN library/securimage/database/securimage.sq3
  132. +0 −207 library/securimage/example_form.ajax.php
  133. +0 −192 library/securimage/example_form.php
  134. BIN library/securimage/images/audio_icon.png
  135. BIN library/securimage/images/refresh.png
  136. +0 −2,212 library/securimage/securimage.php
  137. +0 −47 library/securimage/securimage_play.php
  138. BIN library/securimage/securimage_play.swf
  139. +0 −77 library/securimage/securimage_show.php
  140. +0 −33 library/securimage/web.config
  141. +0 −15,457 library/securimage/words/words.txt
  142. +1 −13 manage_proj_update.php
  143. +5 −0 plugin.php
  144. +23 −15 plugins/MantisGraph/core/graph_api.php
  145. +2 −2 plugins/MantisGraph/pages/bug_graph_bycategory.php
  146. +2 −2 plugins/MantisGraph/pages/bug_graph_bystatus.php
  147. +3 −3 proj_doc_add_page.php
  148. +3 −3 proj_doc_edit_page.php
  149. +6 −6 proj_doc_page.php
  150. +0 −7 proj_doc_update.php
  151. +3 −2 scripts/travis_before_script.sh
  152. +14 −15 signup.php
  153. +50 −1 tests/bootstrap.php.sample
  154. +28 −28 tests/soap/AllTests.php
  155. +46 −8 tests/soap/ProjectTest.php
  156. +77 −44 tests/soap/SoapBase.php
  157. +2 −1 verify.php
  158. +79 −64 view_filters_page.php
View
@@ -4,3 +4,9 @@
[submodule "library/phpmailer"]
path = library/phpmailer
url = https://github.com/mantisbt/PHPMailer
+[submodule "library/disposable"]
+ path = library/disposable
+ url = https://github.com/mantisbt/disposable_email_checker
+[submodule "library/securimage"]
+ path = library/securimage
+ url = https://github.com/mantisbt/securimage.git
View
@@ -27,18 +27,14 @@ branches:
- master-2.0.x
matrix:
- # Until #14398 is fixed, PostgreSQL should not cause entire build to fail
allow_failures:
- - env: DB=pgsql
# Notifications
notifications:
email:
on_success: change
on_failure: always
- recipients:
- - mantisbt-cvs@lists.sourceforge.net
irc:
on_success: change
View
@@ -73,10 +73,14 @@
require_api( 'user_api.php' );
require_api( 'utility_api.php' );
+$t_account_verification = defined( 'ACCOUNT_VERIFICATION_INC' );
+
#============ Permissions ============
auth_ensure_user_authenticated();
-auth_reauthenticate();
+if( !$t_account_verification ) {
+ auth_reauthenticate();
+}
current_user_ensure_unprotected();
@@ -153,12 +157,18 @@
<span class="display-label"><span><?php echo lang_get( 'username' ) ?></span></span>
<span class="input"><span class="field-value"><?php echo string_display_line( $u_username ) ?></span></span>
<span class="label-style"></span>
- </div>
+ </div><?php
+ # When verifying account, set a token and don't display current password
+ if( $t_account_verification ) {
+ token_set( TOKEN_ACCOUNT_VERIFY, true, TOKEN_EXPIRY_AUTHENTICATED, $u_id );
+ } else {
+ ?>
<div class="field-container">
<label for="password" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'current_password' ) ?></span></label>
<span class="input"><input id="password-current" type="password" name="password_current" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" /></span>
<span class="label-style"></span>
- </div>
+ </div><?php
+ } ?>
<div class="field-container">
<label for="password" <?php if ( $t_force_pw_reset ) { ?> class="required" <?php } ?>><span><?php echo lang_get( 'password' ) ?></span></label>
<span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?>" /></span>
@@ -227,7 +237,7 @@
$t_access_level = get_enum_element( 'access_levels', $t_access_level );
$t_view_state = get_enum_element( 'project_view_state', $t_view_state );
- echo '<li><span class="project-name">' . $t_project_name . '</span> <span class="access-level">' . $t_access_level . '</span> <span class="view-state">' . $t_view_state . '</span></li>';
+ echo '<li><span class="project-name">' . $t_project_name . '</span> <span class="access-level">' . $t_access_level . '</span> <span class="view-state">' . $t_view_state . '</span></li>';
}
echo '</ul>';
echo '</div>';
View
@@ -55,10 +55,17 @@
require_api( 'user_api.php' );
require_api( 'utility_api.php' );
-auth_reauthenticate();
-
form_security_validate('account_update');
+$t_user_id = auth_get_current_user_id();
+
+# If token is set, it's a password reset request from verify.php, and if
+# not we need to reauthenticate the user
+$t_account_verification = token_get_value( TOKEN_ACCOUNT_VERIFY, $t_user_id );
+if( !$t_account_verification ) {
+ auth_reauthenticate();
+}
+
auth_ensure_user_authenticated();
current_user_ensure_unprotected();
@@ -69,10 +76,6 @@
$f_password = gpc_get_string( 'password', '' );
$f_password_confirm = gpc_get_string( 'password_confirm', '' );
-// get the user id once, so that if we decide in the future to enable this for
-// admins / managers to change details of other users.
-$t_user_id = auth_get_current_user_id();
-
$t_redirect_url = 'index.php';
/** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
@@ -111,7 +114,7 @@
if ( $f_password != $f_password_confirm ) {
trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
} else {
- if ( !auth_does_password_match( $t_user_id, $f_password_current ) ) {
+ if ( !$t_account_verification && !auth_does_password_match( $t_user_id, $f_password_current ) ) {
trigger_error( ERROR_USER_CURRENT_PASSWORD_MISMATCH, ERROR );
}
@@ -124,6 +127,11 @@
form_security_purge('account_update');
+# Clear the verification token
+if( $t_account_verification ) {
+ token_delete( TOKEN_ACCOUNT_VERIFY, $t_user_id );
+}
+
html_page_top( null, $t_redirect_url );
$t_message = '';
View
@@ -245,14 +245,18 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
# Build filter's where clause
$t_where = '';
+$t_param = array();
if( $t_filter_user_value != META_FILTER_NONE ) {
- $t_where .= " AND user_id = $t_filter_user_value ";
+ $t_where .= " AND user_id = " . db_param();
+ $t_param[] = $t_filter_user_value;
}
if( $t_filter_project_value != META_FILTER_NONE ) {
- $t_where .= " AND project_id = $t_filter_project_value ";
+ $t_where .= " AND project_id = " . db_param();
+ $t_param[] = $t_filter_project_value;
}
if( $t_filter_config_value != META_FILTER_NONE ) {
- $t_where .= " AND config_id = '$t_filter_config_value' ";
+ $t_where .= " AND config_id = " . db_param();
+ $t_param[] = $t_filter_config_value;
}
if( $t_where != '' ) {
$t_where = " WHERE 1=1 " . $t_where;
@@ -262,7 +266,7 @@ function print_option_list_from_array( $p_array, $p_filter_value ) {
FROM $t_config_table
$t_where
ORDER BY user_id, project_id, config_id ";
-$result = db_query_bound( $query );
+$result = db_query_bound( $query, $t_param );
?>
<!-- FILTER FORM -->
View
@@ -142,7 +142,7 @@ function process_complex_value( $p_value, $p_trimquotes = false ) {
# Parsing regex initialization
if( is_null( $s_regex_array ) ) {
- $s_regex_array = '^array[\s]*\((.*)\)$';
+ $s_regex_array = '^array[\s]*\((.*)\)[;]*$';
$s_regex_string =
# unquoted string (word)
'[\w]+' . '|' .
View
@@ -63,11 +63,17 @@ function check_error_handler( $p_type, $p_error, $p_file, $p_line, $p_context )
/**
* Check whether any unhandled errors exist
+ * @return bool|int false if there are no unhandled errors, or the lowest
+ * unhandled {@see http://php.net/errorfunc.constants Error Type}
*/
function check_unhandled_errors_exist() {
global $g_errors_raised;
if ( count( $g_errors_raised ) > 0 ) {
- return true;
+ $t_type = E_ALL;
+ foreach( $g_errors_raised as $t_error ) {
+ $t_type = min( $t_type, $t_error['type'] );
+ }
+ return $t_type;
}
return false;
}
@@ -92,6 +98,10 @@ function check_print_error_rows() {
$t_error_type = 'SYSTEM NOTICE';
$t_error_description = htmlentities( $t_error['error'] );
break;
+ case E_DEPRECATED:
+ $t_error_type = 'DEPRECATED';
+ $t_error_description = htmlentities( $t_error['error'] );
+ break;
case E_USER_ERROR:
$t_error_type = 'APPLICATION ERROR #' . $t_error['error'];
$t_error_description = htmlentities( error_string( $t_error['error'] ) );
@@ -106,8 +116,8 @@ function check_print_error_rows() {
$t_error_description = htmlentities( $t_error['error'] );
break;
default:
- # shouldn't happen, just display the error just in case
- $t_error_type = '';
+ # shouldn't happen, display the error just in case
+ $t_error_type = 'UNHANDLED ERROR TYPE ' . $t_error['type'];
$t_error_description = htmlentities( $t_error['error'] );
}
echo "\t<tr>\n\t\t<td colspan=\"2\" class=\"error\">";
@@ -177,9 +187,11 @@ function check_print_test_result( $p_result ) {
*/
function check_print_test_row( $p_description, $p_pass, $p_info = null ) {
global $g_alternate_row, $g_show_all;
- if ( !$g_show_all && $p_pass ) {
+ $t_unhandled = check_unhandled_errors_exist();
+ if ( !$g_show_all && $p_pass && !$t_unhandled) {
return $p_pass;
}
+
echo "\t<tr>\n\t\t<td class=\"description$g_alternate_row\">$p_description";
if( $p_info !== null) {
if( is_array( $p_info ) && isset( $p_info[$p_pass] ) ) {
@@ -189,13 +201,18 @@ function check_print_test_row( $p_description, $p_pass, $p_info = null ) {
}
}
echo "</td>\n";
- if( $p_pass && !check_unhandled_errors_exist() ) {
- check_print_test_result( GOOD );
+
+ if( $p_pass && !$t_unhandled ) {
+ $t_result = GOOD;
+ } elseif( $t_unhandled == E_DEPRECATED ) {
+ $t_result = WARN;
} else {
- check_print_test_result( BAD );
+ $t_result = BAD;
}
+ check_print_test_result( $t_result );
echo "\t</tr>\n";
- if( check_unhandled_errors_exist() ) {
+
+ if( $t_unhandled ) {
check_print_error_rows();
}
$g_alternate_row = $g_alternate_row === 1 ? 2 : 1;
@@ -211,7 +228,8 @@ function check_print_test_row( $p_description, $p_pass, $p_info = null ) {
*/
function check_print_test_warn_row( $p_description, $p_pass, $p_info = null ) {
global $g_alternate_row, $g_show_all;
- if ( !$g_show_all && $p_pass ) {
+ $t_unhandled = check_unhandled_errors_exist();
+ if ( !$g_show_all && $p_pass && !$t_unhandled) {
return $p_pass;
}
echo "\t<tr>\n\t\t<td class=\"description$g_alternate_row\">$p_description";
@@ -223,15 +241,17 @@ function check_print_test_warn_row( $p_description, $p_pass, $p_info = null ) {
}
}
echo "</td>\n";
- if( $p_pass && !check_unhandled_errors_exist() ) {
- check_print_test_result( GOOD );
- } else if( !check_unhandled_errors_exist() ) {
- check_print_test_result( WARN );
+ if( $p_pass && !$t_unhandled ) {
+ $t_result = GOOD;
+ } elseif( !$t_unhandled || $t_unhandled == E_DEPRECATED ) {
+ $t_result = WARN;
} else {
- check_print_test_result( BAD );
+ $t_result = BAD;
}
+ check_print_test_result( $t_result );
echo "\t</tr>\n";
- if( check_unhandled_errors_exist() ) {
+
+ if( $t_unhandled ) {
check_print_error_rows();
}
$g_alternate_row = $g_alternate_row === 1 ? 2 : 1;
Oops, something went wrong.

0 comments on commit 009109c

Please sign in to comment.