%PDF-
%PDF-
Mini Shell
Mini Shell
<?php
# MantisBT - A PHP based bugtracking system
# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* Update bug data then redirect to the appropriate viewing page
*
* @package MantisBT
* @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*
* @uses core.php
* @uses access_api.php
* @uses authentication_api.php
* @uses bug_api.php
* @uses bugnote_api.php
* @uses config_api.php
* @uses constant_inc.php
* @uses custom_field_api.php
* @uses email_api.php
* @uses error_api.php
* @uses event_api.php
* @uses form_api.php
* @uses gpc_api.php
* @uses helper_api.php
* @uses history_api.php
* @uses lang_api.php
* @uses print_api.php
* @uses relationship_api.php
*/
require_once( 'core.php' );
require_api( 'access_api.php' );
require_api( 'authentication_api.php' );
require_api( 'bug_api.php' );
require_api( 'bugnote_api.php' );
require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'custom_field_api.php' );
require_api( 'email_api.php' );
require_api( 'error_api.php' );
require_api( 'event_api.php' );
require_api( 'form_api.php' );
require_api( 'gpc_api.php' );
require_api( 'helper_api.php' );
require_api( 'history_api.php' );
require_api( 'lang_api.php' );
require_api( 'print_api.php' );
require_api( 'relationship_api.php' );
/**
* Retrieves a version from form data and ensures it is valid.
*
* @param BugData $p_bug Reference issue
* @param string $p_field Field name (used for GPC var and BugData property)
*
* @return string|null
*/
function get_valid_version( BugData $p_bug, $p_field ) {
$t_reference_version = $p_bug->$p_field;
$t_version = gpc_get_string( $p_field, $t_reference_version );
if( !is_blank( $t_version )
&& $t_version != $t_reference_version
&& version_get_id( $t_version, $p_bug->project_id ) === false
) {
error_parameters( $t_version );
trigger_error( ERROR_VERSION_NOT_FOUND, ERROR );
}
return $t_version;
}
form_security_validate( 'bug_update' );
$f_bug_id = gpc_get_int( 'bug_id' );
$t_existing_bug = bug_get( $f_bug_id, true );
$f_update_type = gpc_get_string( 'action_type', BUG_UPDATE_TYPE_NORMAL );
$t_current_user_id = auth_get_current_user_id();
if( helper_get_current_project() != $t_existing_bug->project_id ) {
$g_project_override = $t_existing_bug->project_id;
}
$t_updated_bug = clone $t_existing_bug;
$t_updated_bug->additional_information = gpc_get_string( 'additional_information', $t_existing_bug->additional_information );
$t_updated_bug->build = gpc_get_string( 'build', $t_existing_bug->build );
$t_updated_bug->category_id = gpc_get_int( 'category_id', $t_existing_bug->category_id );
$t_updated_bug->description = gpc_get_string( 'description', $t_existing_bug->description );
$t_due_date = gpc_get_string( 'due_date', null );
if( $t_due_date !== null ) {
$t_updated_bug->due_date = date_strtotime( $t_due_date );
}
$t_updated_bug->duplicate_id = gpc_get_int( 'duplicate_id', 0 );
$t_updated_bug->eta = gpc_get_int( 'eta', $t_existing_bug->eta );
$t_updated_bug->handler_id = gpc_get_int( 'handler_id', $t_existing_bug->handler_id );
$t_updated_bug->last_updated = gpc_get_string( 'last_updated' );
$t_updated_bug->os = gpc_get_string( 'os', $t_existing_bug->os );
$t_updated_bug->os_build = gpc_get_string( 'os_build', $t_existing_bug->os_build );
$t_updated_bug->platform = gpc_get_string( 'platform', $t_existing_bug->platform );
$t_updated_bug->priority = gpc_get_int( 'priority', $t_existing_bug->priority );
$t_updated_bug->projection = gpc_get_int( 'projection', $t_existing_bug->projection );
$t_reporter_id = gpc_get_int( 'reporter_id', $t_existing_bug->reporter_id );
# Only validate the reporter if different from the recorded one; this avoids
# blocking the update when changing another field and the original reporter's
# account no longer exists.
if( $t_reporter_id != $t_existing_bug->reporter_id ) {
user_ensure_exists( $t_reporter_id );
$t_report_bug_threshold = config_get( 'report_bug_threshold',
null,
$t_reporter_id,
$t_existing_bug->project_id
);
$t_can_report = access_has_project_level(
$t_report_bug_threshold,
$t_existing_bug->project_id,
$t_reporter_id
);
if( !$t_can_report ) {
trigger_error( ERROR_USER_DOES_NOT_HAVE_REQ_ACCESS, ERROR );
}
}
$t_updated_bug->reporter_id = $t_reporter_id;
$t_updated_bug->reproducibility = gpc_get_int( 'reproducibility', $t_existing_bug->reproducibility );
$t_updated_bug->resolution = gpc_get_int( 'resolution', $t_existing_bug->resolution );
$t_updated_bug->severity = gpc_get_int( 'severity', $t_existing_bug->severity );
$t_updated_bug->status = gpc_get_int( 'status', $t_existing_bug->status );
$t_updated_bug->steps_to_reproduce = gpc_get_string( 'steps_to_reproduce', $t_existing_bug->steps_to_reproduce );
$t_updated_bug->summary = gpc_get_string( 'summary', $t_existing_bug->summary );
$t_updated_bug->fixed_in_version = get_valid_version( $t_existing_bug, 'fixed_in_version' );
$t_updated_bug->target_version = get_valid_version( $t_existing_bug, 'target_version' );
$t_updated_bug->version = get_valid_version( $t_existing_bug, 'version' );
$t_updated_bug->view_state = gpc_get_int( 'view_state', $t_existing_bug->view_state );
$t_bug_note = new BugNoteData();
$t_bug_note->note = gpc_get_string( 'bugnote_text', '' );
$t_bug_note->view_state = gpc_get_bool( 'private' ) ? VS_PRIVATE : VS_PUBLIC;
$t_bug_note->time_tracking = gpc_get_string( 'time_tracking', '0:00' );
if( $t_existing_bug->last_updated != $t_updated_bug->last_updated ) {
trigger_error( ERROR_BUG_CONFLICTING_EDIT, ERROR );
}
# Determine whether the new status will reopen, resolve or close the issue.
# Note that multiple resolved or closed states can exist and thus we need to
# look at a range of statuses when performing this check.
$t_resolved_status = config_get( 'bug_resolved_status_threshold' );
$t_closed_status = config_get( 'bug_closed_status_threshold' );
$t_reopen_resolution = config_get( 'bug_reopen_resolution' );
$t_resolve_issue = false;
$t_close_issue = false;
$t_reopen_issue = false;
if( $t_existing_bug->status < $t_resolved_status &&
$t_updated_bug->status >= $t_resolved_status &&
$t_updated_bug->status < $t_closed_status
) {
$t_resolve_issue = true;
} else if( $t_existing_bug->status < $t_closed_status &&
$t_updated_bug->status >= $t_closed_status
) {
$t_close_issue = true;
} else if( $t_existing_bug->status >= $t_resolved_status &&
$t_updated_bug->status <= config_get( 'bug_reopen_status' )
) {
$t_reopen_issue = true;
}
$t_reporter_closing =
( $f_update_type == BUG_UPDATE_TYPE_CLOSE ) &&
bug_is_user_reporter( $f_bug_id, $t_current_user_id ) &&
access_can_close_bug( $t_existing_bug, $t_current_user_id );
$t_reporter_reopening =
( ( $f_update_type == BUG_UPDATE_TYPE_REOPEN ) || $t_reopen_issue ) &&
bug_is_user_reporter( $f_bug_id, $t_current_user_id ) &&
access_can_reopen_bug( $t_existing_bug, $t_current_user_id );
if ( !$t_reporter_reopening && !$t_reporter_closing ) {
switch( $f_update_type ) {
case BUG_UPDATE_TYPE_ASSIGN:
$t_threshold = 'update_bug_assign_threshold';
$t_check_readonly = true;
break;
case BUG_UPDATE_TYPE_CLOSE:
case BUG_UPDATE_TYPE_REOPEN:
$t_threshold = 'update_bug_status_threshold';
$t_check_readonly = false;
break;
case BUG_UPDATE_TYPE_CHANGE_STATUS:
$t_threshold = 'update_bug_status_threshold';
$t_check_readonly = true;
break;
case BUG_UPDATE_TYPE_NORMAL:
default:
$t_threshold = 'update_bug_threshold';
$t_check_readonly = true;
break;
}
access_ensure_bug_level( config_get( $t_threshold ), $f_bug_id );
if( $t_check_readonly ) {
# Check if the bug is in a read-only state and whether the current user has
# permission to update read-only bugs.
if( bug_is_readonly( $f_bug_id ) ) {
error_parameters( $f_bug_id );
trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
}
}
}
# If resolving or closing, ensure that all dependent issues have been resolved
# unless config option enables closing parents with open children.
if( ( $t_resolve_issue || $t_close_issue ) &&
!relationship_can_resolve_bug( $f_bug_id ) &&
OFF == config_get( 'allow_parent_of_unresolved_to_close' ) ) {
trigger_error( ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING, ERROR );
}
# Validate any change to the status of the issue.
if( $t_existing_bug->status != $t_updated_bug->status ) {
if( !bug_check_workflow( $t_existing_bug->status, $t_updated_bug->status ) ) {
error_parameters( lang_get( 'status' ) );
trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
}
if( !access_has_bug_level( access_get_status_threshold( $t_updated_bug->status, $t_updated_bug->project_id ), $f_bug_id ) ) {
# The reporter may be allowed to close or reopen the issue regardless.
$t_can_bypass_status_access_thresholds = false;
if( $t_close_issue &&
$t_existing_bug->status >= $t_resolved_status &&
$t_existing_bug->reporter_id == $t_current_user_id &&
config_get( 'allow_reporter_close' )
) {
$t_can_bypass_status_access_thresholds = true;
} else if( $t_reopen_issue &&
$t_existing_bug->status >= $t_resolved_status &&
$t_existing_bug->status <= $t_closed_status &&
$t_existing_bug->reporter_id == $t_current_user_id &&
config_get( 'allow_reporter_reopen' ) ) {
$t_can_bypass_status_access_thresholds = true;
}
if( !$t_can_bypass_status_access_thresholds ) {
trigger_error( ERROR_ACCESS_DENIED, ERROR );
}
}
if( $t_reopen_issue ) {
# for everyone allowed to reopen an issue, set the reopen resolution
$t_updated_bug->resolution = $t_reopen_resolution;
}
}
# Validate any change to the handler of an issue.
# The new handler is checked at project level.
if( $t_existing_bug->handler_id != $t_updated_bug->handler_id ) {
$t_issue_is_sponsored = config_get( 'enable_sponsorship' )
&& sponsorship_get_amount( sponsorship_get_all_ids( $f_bug_id ) ) > 0;
access_ensure_bug_level( config_get( 'update_bug_assign_threshold' ), $f_bug_id );
if( $t_issue_is_sponsored && !access_has_project_level( config_get( 'handle_sponsored_bugs_threshold' ), $t_updated_bug->project_id, $t_updated_bug->handler_id ) ) {
trigger_error( ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW, ERROR );
}
if( $t_updated_bug->handler_id != NO_USER ) {
if( !access_has_project_level( config_get( 'handle_bug_threshold' ), $t_updated_bug->project_id, $t_updated_bug->handler_id ) ) {
trigger_error( ERROR_HANDLER_ACCESS_TOO_LOW, ERROR );
}
if( $t_issue_is_sponsored && !access_has_bug_level( config_get( 'assign_sponsored_bugs_threshold' ), $f_bug_id ) ) {
trigger_error( ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW, ERROR );
}
}
}
# Check whether the category has been undefined when it's compulsory.
if( $t_existing_bug->category_id != $t_updated_bug->category_id ) {
if( $t_updated_bug->category_id == 0 &&
!config_get( 'allow_no_category' )
) {
error_parameters( lang_get( 'category' ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
# Make sure the category belongs to the given project's hierarchy
category_ensure_exists_in_project(
$t_updated_bug->category_id,
$t_updated_bug->project_id
);
}
# Don't allow changing the Resolution in the following cases:
# - new status < RESOLVED and resolution denoting completion (>= fixed_threshold)
# - new status >= RESOLVED and resolution < fixed_threshold
# - resolution = REOPENED and current status < RESOLVED and new status >= RESOLVED
# Refer to #15653 for further details (particularly note 37180)
$t_resolution_fixed_threshold = config_get( 'bug_resolution_fixed_threshold' );
if( $t_existing_bug->resolution != $t_updated_bug->resolution && (
( $t_updated_bug->resolution >= $t_resolution_fixed_threshold
&& $t_updated_bug->resolution != $t_reopen_resolution
&& $t_updated_bug->status < $t_resolved_status
)
|| ( $t_updated_bug->resolution == $t_reopen_resolution
&& ( $t_existing_bug->status < $t_resolved_status
|| $t_updated_bug->status >= $t_resolved_status
) )
|| ( $t_updated_bug->resolution < $t_resolution_fixed_threshold
&& $t_updated_bug->status >= $t_resolved_status
)
) ) {
error_parameters(
get_enum_element( 'resolution', $t_updated_bug->resolution ),
get_enum_element( 'status', $t_updated_bug->status )
);
trigger_error( ERROR_INVALID_RESOLUTION, ERROR );
}
# Ensure that the user has permission to change the target version of the issue.
if( $t_existing_bug->target_version !== $t_updated_bug->target_version ) {
access_ensure_bug_level( config_get( 'roadmap_update_threshold' ), $f_bug_id );
}
# Ensure that the user has permission to change the view status of the issue.
if( $t_existing_bug->view_state != $t_updated_bug->view_state ) {
access_ensure_bug_level( config_get( 'change_view_status_threshold' ), $f_bug_id );
}
# Determine the custom field "require check" to use for validating
# whether fields can be undefined during this bug update.
if( $t_close_issue ) {
$t_cf_require_check = 'require_closed';
} else if( $t_resolve_issue ) {
$t_cf_require_check = 'require_resolved';
} else {
$t_cf_require_check = 'require_update';
}
$t_related_custom_field_ids = custom_field_get_linked_ids( $t_existing_bug->project_id );
$t_custom_fields_to_set = array();
foreach ( $t_related_custom_field_ids as $t_cf_id ) {
$t_cf_def = custom_field_get_definition( $t_cf_id );
# If the custom field is not set and is required, then complain!
if( !gpc_isset_custom_field( $t_cf_id, $t_cf_def['type'] ) ) {
if( $t_cf_def[$t_cf_require_check] &&
custom_field_is_present( $t_cf_id ) &&
custom_field_has_write_access( $t_cf_id, $f_bug_id ) ) {
# A value for the custom field was expected however
# no value was given by the user.
error_parameters( lang_get_defaulted( custom_field_get_field( $t_cf_id, 'name' ) ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
}
# Otherwise, if not present then skip it.
if ( !custom_field_is_present( $t_cf_id ) ) {
continue;
}
if( !custom_field_has_write_access( $t_cf_id, $f_bug_id ) ) {
trigger_error( ERROR_ACCESS_DENIED, ERROR );
}
$t_new_custom_field_value = gpc_get_custom_field( 'custom_field_' . $t_cf_id, $t_cf_def['type'], '' );
$t_old_custom_field_value = custom_field_get_value( $t_cf_id, $f_bug_id );
# Validate the value of the field against current validation rules.
# This may cause an error if validation rules have recently been
# modified such that old values that were once OK are now considered
# invalid.
if( !custom_field_validate( $t_cf_id, $t_new_custom_field_value ) ) {
error_parameters( lang_get_defaulted( custom_field_get_field( $t_cf_id, 'name' ) ) );
trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
}
# Remember the new custom field values so we can set them when updating
# the bug (done after all data passed to this update page has been
# validated).
$t_custom_fields_to_set[] = array( 'id' => $t_cf_id, 'value' => $t_new_custom_field_value );
}
# Perform validation of the duplicate ID of the bug.
if( $t_updated_bug->duplicate_id != 0 ) {
if( $t_updated_bug->duplicate_id == $f_bug_id ) {
trigger_error( ERROR_BUG_DUPLICATE_SELF, ERROR );
}
bug_ensure_exists( $t_updated_bug->duplicate_id );
if( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_updated_bug->duplicate_id ) ) {
trigger_error( ERROR_RELATIONSHIP_ACCESS_LEVEL_TO_DEST_BUG_TOO_LOW, ERROR );
}
}
# Validate the new bug note (if any is provided).
if( $t_bug_note->note ||
( config_get( 'time_tracking_enabled' ) &&
helper_duration_to_minutes( $t_bug_note->time_tracking ) > 0 )
) {
access_ensure_bug_level( config_get( 'add_bugnote_threshold' ), $f_bug_id );
if( !$t_bug_note->note &&
!config_get( 'time_tracking_without_note' )
) {
error_parameters( lang_get( 'bugnote' ) );
trigger_error( ERROR_EMPTY_FIELD, ERROR );
}
if( $t_bug_note->view_state != config_get( 'default_bugnote_view_status' ) ) {
access_ensure_bug_level( config_get( 'set_view_status_threshold' ), $f_bug_id );
}
}
# Handle the reassign on feedback feature. Note that this feature generally
# won't work very well with custom workflows as it makes a lot of assumptions
# that may not be true. It assumes you don't have any statuses in the workflow
# between 'bug_submit_status' and 'bug_feedback_status'. It assumes you only
# have one feedback, assigned and submitted status.
if( $t_bug_note->note &&
config_get( 'reassign_on_feedback' ) &&
$t_existing_bug->status == config_get( 'bug_feedback_status' ) &&
$t_updated_bug->status == $t_existing_bug->status &&
$t_updated_bug->handler_id != $t_current_user_id &&
$t_updated_bug->reporter_id == $t_current_user_id
) {
if( $t_updated_bug->handler_id != NO_USER ) {
$t_updated_bug->status = config_get( 'bug_assigned_status' );
} else {
$t_updated_bug->status = config_get( 'bug_submit_status' );
}
}
# Handle automatic assignment of issues.
$t_updated_bug->status = bug_get_status_for_assign( $t_existing_bug->handler_id, $t_updated_bug->handler_id, $t_existing_bug->status, $t_updated_bug->status );
# Allow a custom function to validate the proposed bug updates. Note that
# custom functions are being deprecated in MantisBT. You should migrate to
# the new plugin system instead.
helper_call_custom_function( 'issue_update_validate', array( $f_bug_id, $t_updated_bug, $t_bug_note->note ) );
# Allow plugins to validate/modify the update prior to it being committed.
$t_updated_bug = event_signal( 'EVENT_UPDATE_BUG_DATA', $t_updated_bug, $t_existing_bug );
# Commit the bug updates to the database.
$t_text_field_update_required = ( $t_existing_bug->description != $t_updated_bug->description ) ||
( $t_existing_bug->additional_information != $t_updated_bug->additional_information ) ||
( $t_existing_bug->steps_to_reproduce != $t_updated_bug->steps_to_reproduce );
$t_updated_bug->update( $t_text_field_update_required, true );
# Update custom field values.
foreach ( $t_custom_fields_to_set as $t_custom_field_to_set ) {
custom_field_set_value( $t_custom_field_to_set['id'], $f_bug_id, $t_custom_field_to_set['value'] );
}
# Add a bug note if there is one.
if( $t_bug_note->note || helper_duration_to_minutes( $t_bug_note->time_tracking ) > 0 ) {
$t_bugnote_id = bugnote_add( $f_bug_id, $t_bug_note->note, $t_bug_note->time_tracking, $t_bug_note->view_state == VS_PRIVATE, 0, '', null, false );
bugnote_process_mentions( $f_bug_id, $t_bugnote_id, $t_bug_note->note );
}
# Add a duplicate relationship if requested.
if( $t_updated_bug->duplicate_id != 0 ) {
relationship_upsert( $f_bug_id, $t_updated_bug->duplicate_id, BUG_DUPLICATE, /* email_for_source */ false );
if( user_exists( $t_existing_bug->reporter_id ) ) {
bug_monitor( $t_updated_bug->duplicate_id, $t_existing_bug->reporter_id );
}
if( user_exists( $t_existing_bug->handler_id ) ) {
bug_monitor( $t_updated_bug->duplicate_id, $t_existing_bug->handler_id );
}
bug_monitor_copy( $f_bug_id, $t_updated_bug->duplicate_id );
}
event_signal( 'EVENT_UPDATE_BUG', array( $t_existing_bug, $t_updated_bug ) );
# Allow a custom function to respond to the modifications made to the bug. Note
# that custom functions are being deprecated in MantisBT. You should migrate to
# the new plugin system instead.
helper_call_custom_function( 'issue_update_notify', array( $f_bug_id ) );
# Send a notification of changes via email.
if( $t_resolve_issue ) {
email_resolved( $f_bug_id );
email_relationship_child_resolved( $f_bug_id );
} else if( $t_close_issue ) {
email_close( $f_bug_id );
email_relationship_child_closed( $f_bug_id );
} else if( $t_reopen_issue ) {
email_bug_reopened( $f_bug_id );
} else if( $t_existing_bug->handler_id != $t_updated_bug->handler_id ) {
email_owner_changed( $f_bug_id, $t_existing_bug->handler_id, $t_updated_bug->handler_id );
} else if( $t_existing_bug->status != $t_updated_bug->status ) {
$t_new_status_label = MantisEnum::getLabel( config_get( 'status_enum_string' ), $t_updated_bug->status );
$t_new_status_label = str_replace( ' ', '_', $t_new_status_label );
email_bug_status_changed( $f_bug_id, $t_new_status_label );
} else {
email_bug_updated( $f_bug_id );
}
form_security_purge( 'bug_update' );
print_successful_redirect_to_bug( $f_bug_id );
Zerion Mini Shell 1.0