diff --git a/application/MantisBT/Error.php b/application/MantisBT/Error.php index 080c4dbf82..84bf265586 100644 --- a/application/MantisBT/Error.php +++ b/application/MantisBT/Error.php @@ -2,6 +2,8 @@ namespace MantisBT; use \stdClass; +require_api('lang_api.php'); + class Error { /** * Indicates previous errors @@ -45,21 +47,29 @@ public static function init(){ } } - public static function exception_handler( Exception $ex) { - self::init(); - - $errorInfo = new stdClass(); - $errorInfo->time = time(); - $errorInfo->type = 'EXCEPTION'; - $errorInfo->name = get_class($ex); - $errorInfo->code = $ex->getCode(); - $errorInfo->message = $ex->getMessage(); - $errorInfo->file = $ex->getFile(); - $errorInfo->line = $ex->getLine(); - $errorInfo->trace = $ex->getTrace(); - $errorInfo->context = $ex->getContext(); + public static function exception_handler($exception) { + $errorInfo = new stdClass(); + $errorInfo->time = time(); + $errorInfo->type = 'EXCEPTION'; + $errorInfo->name = 'InvalidException'; + $errorInfo->code = 0; + $errorInfo->message = 'An invalid exception type was caught by the exception handler. Unfortuantly no further information can be obtained.'; + + if (is_object($exception)) { + $reflectionClass = new \ReflectionClass($exception); + if ($reflectionClass->isSubclassOf('Exception')) { + $errorInfo->name = $reflectionClass->getName(); + $errorInfo->code = $exception->getCode(); + $errorInfo->message = $exception->getMessage(); + $errorInfo->file = $exception->getFile(); + $errorInfo->line = $exception->getLine(); + $errorInfo->trace = $exception->getTrace(); + $errorInfo->context = $exception->getContext(); + } + } - self::$allErrors[] = $errorInfo; + self::init(); + self::$allErrors[] = $errorInfo; } public static function error_handler( $type, $error, $file, $line, $context ) { diff --git a/application/MantisBT/Exception/Access/AccessDenied.php b/application/MantisBT/Exception/Access/AccessDenied.php new file mode 100644 index 0000000000..cc9c3d3655 --- /dev/null +++ b/application/MantisBT/Exception/Access/AccessDenied.php @@ -0,0 +1,10 @@ +context = $parameters; diff --git a/application/core/access_api.php b/application/core/access_api.php index b0136acdd3..8e14e117e3 100644 --- a/application/core/access_api.php +++ b/application/core/access_api.php @@ -39,6 +39,8 @@ * @uses user_api.php */ +use MantisBT\Exception\Access\AccessDenied; + require_api( 'authentication_api.php' ); require_api( 'bug_api.php' ); require_api( 'bugnote_api.php' ); @@ -72,45 +74,6 @@ */ $g_cache_access_matrix_user_ids = array(); -/** - * Function to be called when a user is attempting to access a page that - * he/she is not authorised to. This outputs an access denied message then - * re-directs to the mainpage. - */ -function access_denied() { - if( !auth_is_user_authenticated() ) { - if( basename( $_SERVER['SCRIPT_NAME'] ) != 'login_page.php' ) { - $t_return_page = $_SERVER['SCRIPT_NAME']; - if( isset( $_SERVER['QUERY_STRING'] ) ) { - $t_return_page .= '?' . $_SERVER['QUERY_STRING']; - } - $t_return_page = string_url( string_sanitize_url( $t_return_page ) ); - print_header_redirect( 'login_page.php' . '?return=' . $t_return_page ); - } - } else { - if( current_user_is_anonymous() ) { - if( basename( $_SERVER['SCRIPT_NAME'] ) != 'login_page.php' ) { - $t_return_page = $_SERVER['SCRIPT_NAME']; - if( isset( $_SERVER['QUERY_STRING'] ) ) { - $t_return_page .= '?' . $_SERVER['QUERY_STRING']; - } - $t_return_page = string_url( string_sanitize_url( $t_return_page ) ); - echo '

' . error_string( ERROR_ACCESS_DENIED ) . '

'; - print_bracket_link( helper_mantis_url( 'login_page.php' ) . '?return=' . $t_return_page, lang_get( 'click_to_login' ) ); - echo '

'; - print_bracket_link( helper_mantis_url( 'main_page.php' ), lang_get( 'proceed' ) ); - echo '

'; - } - } else { - echo '

' . error_string( ERROR_ACCESS_DENIED ) . '

'; - echo '

'; - print_bracket_link( helper_mantis_url( 'main_page.php' ), lang_get( 'proceed' ) ); - echo '

'; - } - } - exit; -} - /** * retrieves and returns access matrix for a project from cache or caching if required. * @param int $p_project_id integer representing project id @@ -254,7 +217,7 @@ function access_has_global_level( $p_access_level, $p_user_id = null ) { */ function access_ensure_global_level( $p_access_level, $p_user_id = null ) { if( !access_has_global_level( $p_access_level, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -351,7 +314,7 @@ function access_has_project_level( $p_access_level, $p_project_id = null, $p_use */ function access_ensure_project_level( $p_access_level, $p_project_id = null, $p_user_id = null ) { if( !access_has_project_level( $p_access_level, $p_project_id, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -436,7 +399,7 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { */ function access_ensure_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) { if( !access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -478,7 +441,7 @@ function access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id = */ function access_ensure_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id = null ) { if( !access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -515,7 +478,7 @@ function access_can_close_bug( $p_bug_id, $p_user_id = null ) { */ function access_ensure_can_close_bug( $p_bug_id, $p_user_id = null ) { if( !access_can_close_bug( $p_bug_id, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -541,7 +504,6 @@ function access_can_reopen_bug( $p_bug_id, $p_user_id = null ) { /** * Make sure that the current user can reopen the specified bug. - * Calls access_denied if user has no access to terminate script * @see access_can_reopen_bug * @param int $p_bug_id integer representing bug id to check access against * @param int|null $p_user_id integer representing user id, defaults to null to use current user @@ -549,7 +511,7 @@ function access_can_reopen_bug( $p_bug_id, $p_user_id = null ) { */ function access_ensure_can_reopen_bug( $p_bug_id, $p_user_id = null ) { if( !access_can_reopen_bug( $p_bug_id, $p_user_id ) ) { - access_denied(); + throw new AccessDenied(); } } diff --git a/application/core/authentication_api.php b/application/core/authentication_api.php index 771d1aec94..8dc800ff51 100644 --- a/application/core/authentication_api.php +++ b/application/core/authentication_api.php @@ -23,7 +23,6 @@ * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * - * @uses access_api.php * @uses config_api.php * @uses constant_inc.php * @uses crypto_api.php @@ -43,7 +42,9 @@ * @uses utility_api.php */ -require_api( 'access_api.php' ); +use MantisBT\Error; +use MantisBT\Exception\Access\AccessDenied; + require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); require_api( 'crypto_api.php' ); @@ -827,8 +828,7 @@ function auth_get_current_user_id() { # and give them an Access Denied message. if( !$t_user_id ) { auth_clear_cookies(); - access_denied(); - exit(); + throw new AccessDenied(); } $g_cache_current_user_id = $t_user_id; @@ -846,7 +846,7 @@ function auth_http_prompt() { header( 'WWW-Authenticate: Basic realm="' . lang_get( 'http_auth_realm' ) . '"' ); header( 'status: 401 Unauthorized' ); - echo '

' . error_string( ERROR_ACCESS_DENIED ) . '

'; + echo '

' . Error::error_string( ERROR_ACCESS_DENIED ) . '

'; print_bracket_link( 'main_page.php', lang_get( 'proceed' ) ); exit; diff --git a/application/core/news_api.php b/application/core/news_api.php index f45224cc75..370bafeddb 100644 --- a/application/core/news_api.php +++ b/application/core/news_api.php @@ -24,7 +24,6 @@ * @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * - * @uses access_api.php * @uses config_api.php * @uses constant_inc.php * @uses current_user_api.php @@ -36,7 +35,8 @@ * @uses utility_api.php */ -require_api( 'access_api.php' ); +use MantisBT\Exception\Access\AccessDenied; + require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); require_api( 'current_user_api.php' ); @@ -332,6 +332,6 @@ function news_is_enabled() { # Ensures that the news feature is enabled, otherwise generates an access denied error. function news_ensure_enabled() { if ( !news_is_enabled() ) { - access_denied(); + throw new AccessDenied(); } } diff --git a/public/account_sponsor_page.php b/public/account_sponsor_page.php index 9566e702b1..04c6394c92 100644 --- a/public/account_sponsor_page.php +++ b/public/account_sponsor_page.php @@ -38,7 +38,6 @@ * @link http://www.mantisbt.org * * @uses core.php - * @uses access_api.php * @uses authentication_api.php * @uses bug_api.php * @uses config_api.php @@ -57,11 +56,9 @@ * @uses version_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); -require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); require_api( 'bug_api.php' ); require_api( 'config_api.php' ); @@ -87,7 +84,7 @@ # anonymous users are not allowed to sponsor issues if ( current_user_is_anonymous() ) { - access_denied(); + throw new AccessDenied(); } $t_show_all = gpc_get_bool( 'show_all', false ); diff --git a/public/bug_change_status_page.php b/public/bug_change_status_page.php index df8d0a6b8d..1c172ef264 100644 --- a/public/bug_change_status_page.php +++ b/public/bug_change_status_page.php @@ -40,9 +40,9 @@ * @uses version_api.php */ -/** - * MantisBT Core API's - */ + +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -90,7 +90,7 @@ ( ON == config_get( 'allow_reporter_close' ) ) ) ) || ( ( ON == $f_reopen_flag ) && ( access_has_bug_level( config_get( 'reopen_bug_threshold' ), $f_bug_id ) ) ) ) ) { - access_denied(); + throw new AccessDenied(); } $t_can_update_due_date = access_has_bug_level( config_get( 'due_date_update_threshold' ), $f_bug_id ); diff --git a/public/bug_file_add.php b/public/bug_file_add.php index ec4252c11f..b1799529cb 100644 --- a/public/bug_file_add.php +++ b/public/bug_file_add.php @@ -37,9 +37,8 @@ * @uses string_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'bug_api.php' ); @@ -72,7 +71,7 @@ } if ( !file_allow_bug_upload( $f_bug_id ) ) { - access_denied(); + throw new AccessDenied(); } access_ensure_bug_level( config_get( 'upload_bug_file_threshold' ), $f_bug_id ); diff --git a/public/bug_relationship_graph.php b/public/bug_relationship_graph.php index 4d9e262bec..31095ee26e 100644 --- a/public/bug_relationship_graph.php +++ b/public/bug_relationship_graph.php @@ -35,9 +35,8 @@ * @uses relationship_graph_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -58,7 +57,7 @@ auth_ensure_user_authenticated(); if ( ON != config_get( 'relationship_graph_enable' ) ) - access_denied(); + throw new AccessDenied(); $f_bug_id = gpc_get_int( 'bug_id' ); $f_type = gpc_get_string( 'graph', 'relation' ); diff --git a/public/bug_relationship_graph_img.php b/public/bug_relationship_graph_img.php index bd983359e0..41e99fefa0 100644 --- a/public/bug_relationship_graph_img.php +++ b/public/bug_relationship_graph_img.php @@ -31,9 +31,8 @@ * @uses relationship_graph_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -50,7 +49,7 @@ auth_ensure_user_authenticated(); if ( ON != config_get( 'relationship_graph_enable' ) ) - access_denied(); + throw new AccessDenied(); $f_bug_id = gpc_get_int( 'bug_id' ); $f_type = gpc_get_string( 'graph', 'relation' ); diff --git a/public/bug_set_sponsorship.php b/public/bug_set_sponsorship.php index 56c181a7d1..a38c74dfc5 100644 --- a/public/bug_set_sponsorship.php +++ b/public/bug_set_sponsorship.php @@ -37,9 +37,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -60,7 +59,7 @@ # anonymous users are not allowed to sponsor issues if ( current_user_is_anonymous() ) { - access_denied(); + throw new AccessDenied(); } $f_bug_id = gpc_get_int( 'bug_id' ); diff --git a/public/file_download.php b/public/file_download.php index 9c7fb3b7a8..0c8c1d9795 100644 --- a/public/file_download.php +++ b/public/file_download.php @@ -35,12 +35,11 @@ * @uses utility_api.php */ +use MantisBT\Exception\Access\AccessDenied; + $g_bypass_headers = true; # suppress headers as we will send our own later define( 'COMPRESSION_DISABLED', true ); -/** - * MantisBT Core API's - */ require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -96,7 +95,7 @@ WHERE id=" . db_param(); break; default: - access_denied(); + throw new AccessDenied(); } $result = db_query_bound( $query, array( $c_file_id ) ); $row = db_fetch_array( $result ); @@ -112,13 +111,13 @@ switch ( $f_type ) { case 'bug': if ( !file_can_download_bug_attachments( $v_bug_id, (int)$v_user_id ) ) { - access_denied(); + throw new AccessDenied(); } break; case 'doc': # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { - access_denied(); + throw new AccessDenied(); } access_ensure_project_level( config_get( 'view_proj_doc_threshold' ), $v_project_id ); diff --git a/public/issues_rss.php b/public/issues_rss.php index 63bea76647..d2a08eb4de 100644 --- a/public/issues_rss.php +++ b/public/issues_rss.php @@ -45,9 +45,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'bug_api.php' ); @@ -71,17 +70,17 @@ # make sure RSS syndication is enabled. if ( OFF == config_get( 'rss_enabled' ) ) { - access_denied(); + throw new AccessDenied(); } # authenticate the user if ( $f_username !== null ) { if ( !rss_login( $f_username, $f_key ) ) { - access_denied(); + throw new AccessDenied(); } } else { if ( OFF == config_get( 'allow_anonymous_login' ) ) { - access_denied(); + throw new AccessDenied(); } } @@ -181,7 +180,7 @@ # null will be returned if the user doesn't have access right to access the filter. $t_custom_filter = filter_db_get_filter( $f_filter_id, $t_user_id ); if ( null === $t_custom_filter ) { - access_denied(); + throw new AccessDenied(); } $t_custom_filter = filter_deserialize( $t_custom_filter ); diff --git a/public/manage_columns_copy.php b/public/manage_columns_copy.php index bbd6a3ec94..7f08baf784 100644 --- a/public/manage_columns_copy.php +++ b/public/manage_columns_copy.php @@ -32,9 +32,8 @@ * @uses print_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -68,7 +67,7 @@ # only admins can set global defaults.for ALL_PROJECT if ( $f_manage_page && $t_dst_project_id == ALL_PROJECTS && !current_user_is_administrator() ) { - access_denied(); + throw new AccessDenied(); } # only MANAGERS can set global defaults.for a project diff --git a/public/manage_config_columns_set.php b/public/manage_config_columns_set.php index 236644f7ad..3228bfe689 100644 --- a/public/manage_config_columns_set.php +++ b/public/manage_config_columns_set.php @@ -35,9 +35,8 @@ * @uses project_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -68,7 +67,7 @@ # only admins can set global defaults.for ALL_PROJECT if ( $f_update_columns_as_global_default && $f_project_id == ALL_PROJECTS && !current_user_is_administrator() ) { - access_denied(); + throw new AccessDenied(); } # only MANAGERS can set global defaults.for a project diff --git a/public/manage_config_revert.php b/public/manage_config_revert.php index 093ab41bd9..683f4861ba 100644 --- a/public/manage_config_revert.php +++ b/public/manage_config_revert.php @@ -35,9 +35,8 @@ * @uses string_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -68,7 +67,7 @@ } if ( !$t_access ) { - access_denied(); + throw new AccessDenied(); } if ( '' != $f_revert ) { diff --git a/public/manage_config_workflow_graph_page.php b/public/manage_config_workflow_graph_page.php index da47dc9109..291e51a2f2 100644 --- a/public/manage_config_workflow_graph_page.php +++ b/public/manage_config_workflow_graph_page.php @@ -35,11 +35,9 @@ * @uses workflow_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); -require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); @@ -53,7 +51,7 @@ auth_reauthenticate(); if ( !config_get( 'relationship_graph_enable' ) ) { - access_denied(); + throw new AccessDenied(); } html_page_top( lang_get( 'manage_workflow_graph' ) ); diff --git a/public/news_rss.php b/public/news_rss.php index ef0b34ffed..221e97448c 100644 --- a/public/news_rss.php +++ b/public/news_rss.php @@ -35,9 +35,8 @@ * @uses rssbuilder/class.RSSBuilder.inc.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -60,17 +59,17 @@ # make sure RSS syndication is enabled. if ( OFF == config_get( 'rss_enabled' ) ) { - access_denied(); + throw new AccessDenied(); } # authenticate the user if ( $f_username !== null ) { if ( !rss_login( $f_username, $f_key ) ) { - access_denied(); + throw new AccessDenied(); } } else { if ( OFF == config_get( 'allow_anonymous_login' ) ) { - access_denied(); + throw new AccessDenied(); } } diff --git a/public/proj_doc_add.php b/public/proj_doc_add.php index 713cc0ee42..a6a30b3560 100644 --- a/public/proj_doc_add.php +++ b/public/proj_doc_add.php @@ -34,9 +34,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -54,7 +53,7 @@ # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { - access_denied(); + throw new AccessDenied(); } access_ensure_project_level( config_get( 'upload_project_file_threshold' ) ); diff --git a/public/proj_doc_add_page.php b/public/proj_doc_add_page.php index 91c4355869..95e499f51c 100644 --- a/public/proj_doc_add_page.php +++ b/public/proj_doc_add_page.php @@ -30,9 +30,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -46,7 +45,7 @@ if ( OFF == config_get( 'enable_project_documentation' ) || !file_is_uploading_enabled() || !file_allow_project_upload() ) { - access_denied(); + throw new AccessDenied(); } access_ensure_project_level( config_get( 'upload_project_file_threshold' ) ); diff --git a/public/proj_doc_delete.php b/public/proj_doc_delete.php index 1e86128a29..5af67c3562 100644 --- a/public/proj_doc_delete.php +++ b/public/proj_doc_delete.php @@ -34,9 +34,8 @@ * @uses string_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -54,7 +53,7 @@ # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) ) { - access_denied(); + throw new AccessDenied(); } $f_file_id = gpc_get_int( 'file_id' ); diff --git a/public/proj_doc_edit_page.php b/public/proj_doc_edit_page.php index 3dfbd60a7a..b5e396b86a 100644 --- a/public/proj_doc_edit_page.php +++ b/public/proj_doc_edit_page.php @@ -34,9 +34,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -54,7 +53,7 @@ if ( OFF == config_get( 'enable_project_documentation' ) || !file_is_uploading_enabled() || !file_allow_project_upload() ) { - access_denied(); + throw new AccessDenied(); } $f_file_id = gpc_get_int( 'file_id' ); diff --git a/public/proj_doc_page.php b/public/proj_doc_page.php index bc5242e326..4fe245b373 100644 --- a/public/proj_doc_page.php +++ b/public/proj_doc_page.php @@ -37,9 +37,8 @@ * @uses user_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -60,7 +59,7 @@ # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) || !file_is_uploading_enabled() ) { - access_denied(); + throw new AccessDenied(); } # Override the current page to make sure we get the appropriate project-specific configuration diff --git a/public/proj_doc_update.php b/public/proj_doc_update.php index 486bcc178c..a137f33ba2 100644 --- a/public/proj_doc_update.php +++ b/public/proj_doc_update.php @@ -35,9 +35,8 @@ * @uses utility_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); @@ -58,7 +57,7 @@ if ( OFF == config_get( 'enable_project_documentation' ) || !file_is_uploading_enabled() || !file_allow_project_upload() ) { - access_denied(); + throw new AccessDenied(); } $f_file_id = gpc_get_int( 'file_id' ); diff --git a/public/tag_update.php b/public/tag_update.php index 82e4f0978a..097fe0806c 100644 --- a/public/tag_update.php +++ b/public/tag_update.php @@ -31,9 +31,8 @@ * @uses user_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -56,7 +55,7 @@ || ( auth_get_current_user_id() == $t_tag_row['user_id'] ) && access_has_global_level( config_get( 'tag_edit_own_threshold' ) ) ) ) { - access_denied(); + throw new AccessDenied(); } if ( access_has_global_level( config_get( 'tag_edit_threshold' ) ) ) { diff --git a/public/tag_update_page.php b/public/tag_update_page.php index 29fba42bc2..5895a134ef 100644 --- a/public/tag_update_page.php +++ b/public/tag_update_page.php @@ -37,9 +37,8 @@ * @uses user_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'authentication_api.php' ); @@ -69,7 +68,7 @@ || ( auth_get_current_user_id() == $t_tag_row['user_id'] ) && access_has_global_level( config_get( 'tag_edit_own_threshold' ) ) ) ) { - access_denied(); + throw new AccessDenied(); } html_page_top( sprintf( lang_get( 'tag_update' ), $t_name ) ); diff --git a/public/workflow_graph_img.php b/public/workflow_graph_img.php index 3f30b0005e..70cc47d75d 100644 --- a/public/workflow_graph_img.php +++ b/public/workflow_graph_img.php @@ -29,9 +29,8 @@ * @uses workflow_api.php */ -/** - * MantisBT Core API's - */ +use MantisBT\Exception\Access\AccessDenied; + require_once( 'core.php' ); require_api( 'authentication_api.php' ); require_api( 'compress_api.php' ); @@ -42,7 +41,7 @@ auth_ensure_user_authenticated(); if ( !config_get( 'relationship_graph_enable' ) ) { - access_denied(); + throw new AccessDenied(); } compress_enable();