Merge branch 'master-2.2'

adm_config_report.php

@@ -584,7 +584,7 @@ function check_config_value( $p_config ) {
 					<input type="text" name="config_option" class="input-sm"
 						   value="<?php echo string_display_line( $t_edit_option ); ?>"
 						   size="64" maxlength="64" />
-					<input type="hidden" name="original_config_option" value="<?php echo $t_edit_option; ?>" />
+					<input type="hidden" name="original_config_option" value="<?php echo string_display_line( $t_edit_option ); ?>" />
 				</td>
 			</tr>
 

admin/move_attachments_page.php

@@ -188,7 +188,7 @@ function get_attachment_stats( $p_file_type, $p_in_db ) {
 
 </table>
 <div class="widget-toolbox padding-8 clearfix">
-	<input name="type" type="hidden" value="<?php echo $f_file_type ?>" />
+	<input name="type" type="hidden" value="<?php echo string_attribute( $f_file_type); ?>" />
 	<input type="submit" class="btn btn-primary btn-white btn-round" value="Move Attachments" />
 </div>
 </div>

core/bug_api.php

@@ -2221,9 +2221,8 @@ function bug_cache_columns_data( array $p_bugs, array $p_selected_columns ) {
 			continue;
 		}
 
-		if( strncmp( $t_column, 'custom_', 7 ) === 0 ) {
-			# @TODO cproensa, this will we replaced with column_is_custom_field()
-			$t_cf_name = utf8_substr( $t_column, 7 );
+		if( column_is_custom_field( $t_column ) ) {
+			$t_cf_name = column_get_custom_field_name( $t_column );
 			$t_cf_id = custom_field_get_id_from_name( $t_cf_name );
 			if( $t_cf_id ) {
 				$t_custom_field_ids[] = $t_cf_id;

core/columns_api.php

@@ -200,8 +200,7 @@ function columns_get_custom_fields() {
 	$t_all_cfids = custom_field_get_ids();
 	$t_col_names = array();
 	foreach( $t_all_cfids as $t_id ) {
-		$t_def = custom_field_get_definition( $t_id );
-		$t_col_names[] = 'custom_' . $t_def['name'];
+		$t_col_names[] = column_get_custom_field_column_name( $t_id );
 	}
 	return $t_col_names;
 }
@@ -350,6 +349,21 @@ function column_get_custom_field_name( $p_column ) {
 	return null;
 }
 
+/**
+ * Returns the name of a column corresponding to a custom field, providing the id as parameter.
+ *
+ * @param integer $p_cf_id	Custom field id
+ * @return string	The column name
+ */
+function column_get_custom_field_column_name( $p_cf_id ) {
+	$t_def = custom_field_get_definition( $p_cf_id );
+	if( $t_def ) {
+		return 'custom_' . $t_def['name'];
+	} else {
+		return null;
+	}
+}
+
 /**
  * Converts a string of comma separate column names to an array.
  *

core/filter_api.php

@@ -586,8 +586,45 @@ function filter_ensure_valid_filter( array $p_filter_arr ) {
 		$p_filter_arr[FILTER_PROPERTY_SORT_DIRECTION] = filter_get_default_property( FILTER_PROPERTY_SORT_DIRECTION, $t_view_type );
 	}
 
-	# validate or filter junk from other fields
-	$t_multi_select_list = array(
+	# Validate types for values.
+
+	# helper function to validate types
+	$t_function_validate_type = function( $p_value, $p_type ) {
+		$t_value = stripslashes( $p_value );
+		if( ( $t_value === 'any' ) || ( $t_value === '[any]' ) ) {
+			$t_value = META_FILTER_ANY;
+		}
+		if( ( $t_value === 'none' ) || ( $t_value === '[none]' ) ) {
+			$t_value = META_FILTER_NONE;
+		}
+		# Ensure the filter property has the right type - see #20087
+		switch( $p_type ) {
+			case 'string' :
+			case 'int' :
+				settype( $t_value, $p_type );
+				break;
+		}
+		return $t_value;
+	};
+
+	# Validate properties that must not be arrays
+	$t_single_value_list = array(
+		FILTER_PROPERTY_VIEW_STATE => 'int',
+	);
+	foreach( $t_single_value_list as $t_field_name => $t_field_type ) {
+		$t_value = $p_filter_arr[$t_field_name];
+		if( is_array( $t_value ) ) {
+			if( count( $t_value ) > 0 ) {
+				$p_filter_arr[$t_field_name] = reset( $t_value );
+			} else {
+				$p_filter_arr[$t_field_name] = filter_get_default_property( $t_field_name, $t_view_type );
+			}
+		}
+		$p_filter_arr[$t_field_name] = $t_function_validate_type( $p_filter_arr[$t_field_name], $t_field_type );
+	}
+
+	# Validate properties that must be arrays, and the type of its elements
+	$t_array_values_list = array(
 		FILTER_PROPERTY_CATEGORY_ID => 'string',
 		FILTER_PROPERTY_SEVERITY => 'int',
 		FILTER_PROPERTY_STATUS => 'int',
@@ -608,29 +645,15 @@ function filter_ensure_valid_filter( array $p_filter_arr ) {
 		FILTER_PROPERTY_OS_BUILD => 'string',
 		FILTER_PROPERTY_PROJECT_ID => 'int'
 	);
-	foreach( $t_multi_select_list as $t_multi_field_name => $t_multi_field_type ) {
+	foreach( $t_array_values_list as $t_multi_field_name => $t_multi_field_type ) {
 		if( !is_array( $p_filter_arr[$t_multi_field_name] ) ) {
 			$p_filter_arr[$t_multi_field_name] = array(
 				$p_filter_arr[$t_multi_field_name],
 			);
 		}
 		$t_checked_array = array();
 		foreach( $p_filter_arr[$t_multi_field_name] as $t_filter_value ) {
-			$t_filter_value = stripslashes( $t_filter_value );
-			if( ( $t_filter_value === 'any' ) || ( $t_filter_value === '[any]' ) ) {
-				$t_filter_value = META_FILTER_ANY;
-			}
-			if( ( $t_filter_value === 'none' ) || ( $t_filter_value === '[none]' ) ) {
-				$t_filter_value = META_FILTER_NONE;
-			}
-			# Ensure the filter property has the right type - see #20087
-			switch( $t_multi_field_type ) {
-				case 'string' :
-				case 'int' :
-					settype( $t_filter_value, $t_multi_field_type );
-					break;
-			}
-			$t_checked_array[] = $t_filter_value;
+			$t_checked_array[] = $t_function_validate_type( $t_filter_value, $t_multi_field_type );
 		}
 		$p_filter_arr[$t_multi_field_name] = $t_checked_array;
 	}
@@ -3153,10 +3176,16 @@ function filter_gpc_get( array $p_filter = null ) {
 
 	# custom field updates
 	$t_custom_fields 		= custom_field_get_ids(); # @todo (thraxisp) This should really be the linked ids, but we don't know the project
-	$f_custom_fields_data 	= array();
+	$f_custom_fields_data 	= $t_filter['custom_fields'];
 	if( is_array( $t_custom_fields ) && ( count( $t_custom_fields ) > 0 ) ) {
 		foreach( $t_custom_fields as $t_cfid ) {
 			if( custom_field_type( $t_cfid ) == CUSTOM_FIELD_TYPE_DATE ) {
+
+				# check if gpc parameters are present, otherwise skip parsing.
+				if( !gpc_isset( 'custom_field_' . $t_cfid . '_control' ) ) {
+					continue;
+				}
+
 				$f_custom_fields_data[$t_cfid] = array();
 
 				# Get date control property
@@ -3235,6 +3264,12 @@ function filter_gpc_get( array $p_filter = null ) {
 				$f_custom_fields_data[$t_cfid][2] = $t_end;
 
 			} else {
+
+				# check if gpc parameters are present, otherwise skip parsing.
+				if( !gpc_isset( 'custom_field_' . $t_cfid ) ) {
+					continue;
+				}
+
 				if( is_array( gpc_get( 'custom_field_' . $t_cfid, null ) ) ) {
 					$f_custom_fields_data[$t_cfid] = gpc_get_string_array( 'custom_field_' . $t_cfid, array( META_FILTER_ANY ) );
 				} else {

core/helper_api.php

@@ -503,6 +503,17 @@ function helper_project_specific_where( $p_project_id, $p_user_id = null ) {
 function helper_get_columns_to_view( $p_columns_target = COLUMNS_TARGET_VIEW_PAGE, $p_viewable_only = true, $p_user_id = null ) {
 	$t_columns = helper_call_custom_function( 'get_columns_to_view', array( $p_columns_target, $p_user_id ) );
 
+	# Fix column names for custom field columns that may be stored as lowercase in configuration. See issue #17367
+	# If the system was working fine with lowercase names, then database is case-insensitive, eg: mysql
+	# Fix by forcing a search with current name to get the id, then get the actual name by looking up this id
+	foreach( $t_columns as &$t_column_name ) {
+		$t_cf_name = column_get_custom_field_name( $t_column_name );
+		if( $t_cf_name ) {
+			$t_cf_id = custom_field_get_id_from_name( $t_cf_name );
+			$t_column_name = column_get_custom_field_column_name( $t_cf_id );
+		}
+	}
+
 	if( !$p_viewable_only ) {
 		return $t_columns;
 	}

search.php

@@ -65,6 +65,7 @@
 gpc_make_array( FILTER_PROPERTY_PRIORITY );
 gpc_make_array( FILTER_PROPERTY_MONITOR_USER_ID );
 gpc_make_array( FILTER_PROPERTY_VIEW_STATE );
+gpc_make_array( FILTER_PROPERTY_NOTE_USER_ID );
 
 $t_my_filter = filter_get_default();
 
@@ -95,6 +96,7 @@
 $t_my_filter[FILTER_PROPERTY_MATCH_TYPE] = gpc_get_int( FILTER_PROPERTY_MATCH_TYPE, FILTER_MATCH_ALL );
 $t_my_filter[FILTER_PROPERTY_TAG_STRING] = gpc_get_string( FILTER_PROPERTY_TAG_STRING, '' );
 $t_my_filter[FILTER_PROPERTY_TAG_SELECT] = gpc_get_int( FILTER_PROPERTY_TAG_SELECT, 0 );
+$t_my_filter[FILTER_PROPERTY_NOTE_USER_ID] = gpc_get_string_array( FILTER_PROPERTY_NOTE_USER_ID, $t_meta_filter_any_array );
 
 # Filtering by Date
 # Creation Date

view_all_set.php

@@ -121,6 +121,8 @@
 			trigger_error( ERROR_FILTER_TOO_OLD, ERROR );
 			exit; # stop here
 		}
+	} else {
+		$t_setting_arr = filter_ensure_valid_filter( $t_setting_arr );
 	}
 } else {
 	# no cookie found, set it
@@ -161,6 +163,8 @@
 			error_proceed_url( 'view_all_set.php?type=0' );
 			trigger_error( ERROR_FILTER_TOO_OLD, ERROR );
 			exit; # stop here
+		} else {
+			$t_setting_arr = filter_ensure_valid_filter( $t_setting_arr );
 		}
 		# Store the source query id to select the correct filter in the drop down.
 		$t_setting_arr['_source_query_id'] = $f_source_query_id;