- Fixed security issues where the wrong access level was checked, or …

…an absolute one rather than a configurable threshold. - Removed check on an invalid variable ($result) in bug_delete. - Moved minimum required PHP version to core_php_API.php - Changed bug_delete() to return true/false which reflects the overall result. - Added a call to phpinfo() if user is using a version of PHP that is older than minimum required. - Restructured the core_php_API.php to reduce some code. - view_all_bug_update.php, allowed any user with UPDATER access level to move, delete, close, resolve bugs. - Added $g_delete_bugnote_threshold. - Added $g_update_bug_threshold. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1310 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Aug 23, 2002 · 1b58079 · 1b58079
1 parent e9ab25d
commit 1b58079
Show file tree

Hide file tree

Showing 20 changed files with 83 additions and 78 deletions.
diff --git a/bug_close.php b/bug_close.php
@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.20 $
-	# $Author: prescience $
-	# $Date: 2002-08-19 02:54:09 $
+	# $Revision: 1.21 $
+	# $Author: vboctor $
+	# $Date: 2002-08-23 13:16:51 $
 	#
-	# $Id: bug_close.php,v 1.20 2002-08-19 02:54:09 prescience Exp $
+	# $Id: bug_close.php,v 1.21 2002-08-23 13:16:51 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -21,7 +21,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_close_bug_threshold );
 	check_bug_exists( $f_id );
 
 	# check variables

diff --git a/bug_close_page.php b/bug_close_page.php
@@ -9,7 +9,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_close_bug_threshold );
 	check_bug_exists( $f_id );
 ?>
 <?php print_page_top1() ?>

diff --git a/bug_delete.php b/bug_delete.php
@@ -6,22 +6,17 @@
 	# See the README and LICENSE files for details
 ?>
 <?php
-	# Delete the bug, bugtext, bugnote, and bugtexts selected
-	# Redirects to view_all_bug_page.php3
+	# Deletes the bug and re-directs to view_all_bug_page.php 
 ?>
 <?php include( 'core_API.php' ) ?>
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( $g_handle_bug_threshold );
 	check_access( $g_allow_bug_delete_access_level );
 	check_bug_exists( $f_id );
 
-	bug_delete( $f_id, $f_bug_text_id );
-
-	$t_redirect_url = 'view_all_bug_page.php';
-	if ( $result ) {
-		print_header_redirect( $t_redirect_url );
+	if ( bug_delete( $f_id, $f_bug_text_id ) ) {
+		print_header_redirect( 'view_all_bug_page.php' );
 	} else {
 		print_mantis_error( ERROR_GENERIC );
 	}

diff --git a/bug_delete_page.php b/bug_delete_page.php
@@ -7,13 +7,12 @@
 ?>
 <?php
 	# Bug delete confirmation page
-	# Page contiues to bug_delete.php3
+	# Page contiues to bug_delete.php
 ?>
 <?php include( 'core_API.php' ) ?>
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( $g_handle_bug_threshold );
 	check_access( $g_allow_bug_delete_access_level );
 	check_bug_exists( $f_id );
 ?>

diff --git a/bug_reopen.php b/bug_reopen.php
@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.15 $
-	# $Author: jfitzell $
-	# $Date: 2002-08-16 10:16:25 $
+	# $Revision: 1.16 $
+	# $Author: vboctor $
+	# $Date: 2002-08-23 13:16:51 $
 	#
-	# $Id: bug_reopen.php,v 1.15 2002-08-16 10:16:25 jfitzell Exp $
+	# $Id: bug_reopen.php,v 1.16 2002-08-23 13:16:51 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -21,7 +21,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( $g_handle_bug_threshold );
+	check_access( $g_reopen_bug_threshold );
 	check_bug_exists( $f_id );
 
 	#check variables

diff --git a/bug_reopen_page.php b/bug_reopen_page.php
@@ -9,7 +9,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_reopen_bug_threshold  );
 	check_bug_exists( $f_id );
 ?>
 <?php print_page_top1() ?>

diff --git a/bug_resolve_page.php b/bug_resolve_page.php
@@ -9,7 +9,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_handle_bug_threshold );
 	check_bug_exists( $f_id );
 ?>
 <?php print_page_top1() ?>

diff --git a/bug_update.php b/bug_update.php
@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.27 $
-	# $Author: jfitzell $
-	# $Date: 2002-08-16 10:16:25 $
+	# $Revision: 1.28 $
+	# $Author: vboctor $
+	# $Date: 2002-08-23 13:16:51 $
 	#
-	# $Id: bug_update.php,v 1.27 2002-08-16 10:16:25 jfitzell Exp $
+	# $Id: bug_update.php,v 1.28 2002-08-23 13:16:51 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -20,7 +20,7 @@
 <?php login_cookie_check() ?>
 <?php
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_update_bug_threshold );
 
 	$c_id = (integer)$f_id;
 
@@ -34,6 +34,9 @@
 	$row = db_fetch_array( $result );
 	extract( $row, EXTR_PREFIX_ALL, 'h' );
 
+	# if bug is private, make sure user can view private bugs
+	# use the db view state rather than the new one to check
+	access_bug_check( $f_id, $h_view_state );
 
 	# set variable to be valid if necessary
 	check_varset( $f_duplicate_id, '' );

diff --git a/bug_update_advanced_page.php b/bug_update_advanced_page.php
@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.22 $
+	# $Revision: 1.23 $
 	# $Author: vboctor $
-	# $Date: 2002-08-17 02:46:01 $
+	# $Date: 2002-08-23 13:16:51 $
 	#
-	# $Id: bug_update_advanced_page.php,v 1.22 2002-08-17 02:46:01 vboctor Exp $
+	# $Id: bug_update_advanced_page.php,v 1.23 2002-08-23 13:16:51 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -24,7 +24,7 @@
 	}
 
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_update_bug_threshold );
 	check_bug_exists( $f_id );
 
 	$c_id = (integer)$f_id;

diff --git a/bug_update_page.php b/bug_update_page.php
@@ -6,11 +6,11 @@
 	# See the README and LICENSE files for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.22 $
+	# $Revision: 1.23 $
 	# $Author: vboctor $
-	# $Date: 2002-08-17 02:46:01 $
+	# $Date: 2002-08-23 13:16:51 $
 	#
-	# $Id: bug_update_page.php,v 1.22 2002-08-17 02:46:01 vboctor Exp $
+	# $Id: bug_update_page.php,v 1.23 2002-08-23 13:16:51 vboctor Exp $
 	# --------------------------------------------------------
 ?>
 <?php
@@ -24,7 +24,7 @@
 	}
 
 	project_access_check( $f_id );
-	check_access( UPDATER );
+	check_access( $g_update_bug_threshold );
 	check_bug_exists( $f_id );
 
 	$c_id = (integer)$f_id;

diff --git a/bugnote_delete.php b/bugnote_delete.php
@@ -15,9 +15,9 @@
 	check_bugnote_exists( $f_bugnote_id );
 	$t_bug_id = get_bugnote_field( $f_bugnote_id, 'bug_id' );
 	project_access_check( $t_bug_id );
-	check_access( REPORTER );
+	check_access( $g_delete_bugnote_threshold );
 	check_bug_exists( $t_bug_id );
-	
+
 	$result = bugnote_delete( $f_bugnote_id );
 
 	# Determine which view page to redirect back to.

diff --git a/bugnote_delete_page.php b/bugnote_delete_page.php
@@ -15,7 +15,7 @@
 	check_bugnote_exists( $f_bugnote_id );
 	$t_bug_id = get_bugnote_field( $f_bugnote_id, 'bug_id' );
 	project_access_check( $t_bug_id );
-	check_access( $g_handle_bug_threshold );
+	check_access( $g_delete_bugnote_threshold );
 	check_bug_exists( $t_bug_id );
 ?>
 <?php print_page_top1() ?>

diff --git a/config_defaults_inc.php b/config_defaults_inc.php
@@ -424,6 +424,10 @@
 	############################
 
 	# --- threshold -------------------
+
+	# access level needed to update bugs
+	$g_update_bug_threshold = UPDATER;
+
 	# access level needed to re-open bugs
 	# Look in the constant_inc.php file if you want to set a different value
 	$g_reopen_bug_threshold = DEVELOPER;
@@ -471,6 +475,10 @@
 	# Allow the specified access level and higher to delete bugs
 	$g_allow_bug_delete_access_level = DEVELOPER;
 
+	# --- bug note delete ------
+	# Specify the required access level to delete bug notes.
+	$g_delete_bugnote_threshold = $g_allow_bug_delete_access_level;
+
 	# --- move bugs -----------
 	# Allow the specified access level and higher to move bugs between projects
 	$g_bug_move_access_level = DEVELOPER;

diff --git a/core_API.php b/core_API.php
@@ -13,9 +13,6 @@
 	#  headers from being sent if there's a blank line in an included file
 	ob_start();
 
-	# constant for our minimum required PHP version
-	define( 'PHP_MIN_VERSION', '4.0.3' );
-
 	# Include compatibility file before anything else
 	include( 'core_php_API.php' );
 

diff --git a/core_bug_API.php b/core_bug_API.php
@@ -27,24 +27,29 @@ function bug_delete( $p_id, $p_bug_text_id ) {
 
 		$c_id			= (integer)$p_id;
 		$c_bug_text_id	= (integer)$p_bug_text_id;
+
+		$retval = true;
 
 		# Delete the bug entry
 		$query = "DELETE
 				FROM $g_mantis_bug_table
 				WHERE id='$c_id'";
 		$result = db_query( $query );
+		$retval = $retval && $result;
 
 		# Delete the corresponding bug text
 		$query = "DELETE
 				FROM $g_mantis_bug_text_table
 				WHERE id='$c_bug_text_id'";
 		$result = db_query( $query );
+		$retval = $retval && $result;
 
 		# Delete the bugnote text items
 		$query = "SELECT bugnote_text_id
 				FROM $g_mantis_bugnote_table
 				WHERE bug_id='$c_id'";
 		$result = db_query($query);
+		$retval = $retval && $result;
 		$bugnote_count = db_num_rows( $result );
 		for ($i=0;$i<$bugnote_count;$i++){
 			$row = db_fetch_array( $result );
@@ -54,21 +59,24 @@ function bug_delete( $p_id, $p_bug_text_id ) {
 			$query = "DELETE
 					FROM $g_mantis_bugnote_text_table
 					WHERE id='$t_bugnote_text_id'";
-			$result2 = db_query( $query );
+			$result = db_query( $query );
+			$retval = $retval && $result;
 		}
 
 		# Delete the corresponding bugnotes
 		$query = "DELETE
 				FROM $g_mantis_bugnote_table
 				WHERE bug_id='$c_id'";
 		$result = db_query($query);
+		$retval = $retval && $result;
 
 		if ( ( DISK == $g_file_upload_method ) || ( FTP == $g_file_upload_method ) ) {
 			# Delete files from disk
 			$query = "SELECT diskfile, filename
 				FROM $g_mantis_bug_file_table
 				WHERE bug_id='$c_id'";
 			$result = db_query( $query );
+			$retval = $retval && $result;
 			$file_count = db_num_rows( $result );
 
 			# there may be more than one file
@@ -90,12 +98,16 @@ function bug_delete( $p_id, $p_bug_text_id ) {
 			FROM $g_mantis_bug_file_table
 			WHERE bug_id='$c_id'";
 		$result = db_query($query);
+		$retval = $retval && $result;
 
 		# Delete the bug history
 		$query = "DELETE
 			FROM $g_mantis_bug_history_table
 			WHERE bug_id='$c_id'";
 		$result = db_query($query);
+		$retval = $retval && $result;
+
+		return ($retval);
 	}
 	# --------------------
 	# This function assigns the bug to the current user
@@ -246,13 +258,4 @@ function get_bug_text_field( $p_bug_id, $p_field_name ) {
 		$result = db_query( $query );
 		return db_result( $result, 0 );
 	}
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
-	# --------------------
 ?>