[Fusionforge-commits] r13248 - in trunk/src: common/docman/actions common/include plugins/mantisbt/www

Franck VILLAUME nerville at fusionforge.org
Tue May 10 16:18:21 CEST 2011


Author: nerville
Date: 2011-05-10 16:18:20 +0200 (Tue, 10 May 2011)
New Revision: 13248

Modified:
   trunk/src/common/docman/actions/addfile.php
   trunk/src/common/include/exit.php
   trunk/src/common/include/utils.php
   trunk/src/plugins/mantisbt/www/getAttachment.php
   trunk/src/plugins/mantisbt/www/index.php
Log:
fix exit_missing_param implementation

Modified: trunk/src/common/docman/actions/addfile.php
===================================================================
--- trunk/src/common/docman/actions/addfile.php	2011-05-10 07:18:04 UTC (rev 13247)
+++ trunk/src/common/docman/actions/addfile.php	2011-05-10 14:18:20 UTC (rev 13248)
@@ -49,7 +49,7 @@
 	$return_msg = _('No valid Directory was selected.');
 	session_redirect('/docman/?group_id='.$group_id.'&error_msg='.urlencode($return_msg));
 }
-	
+
 if (!$title || !$description || (!$uploaded_data && !$file_url && (!$editor && !$name))) {
 	$missing_params = array();
 	if (!$title)
@@ -58,14 +58,7 @@
 	if (!$description)
 		$missing_params[] = 'description';
 
-	if (forge_get_config('use_ssl'))
-		$url = "https://";
-	else
-		$url = "http://";
-
-	$url .= forge_get_config('web_host');
-
-	exit_missing_param(substr($_SERVER['HTTP_REFERER'], strlen($url)),$missing_params,'docman');
+	exit_missing_param($_SERVER['HTTP_REFERER'], $missing_params, 'docman');
 }
 
 if (empty($gfcommon)) {
@@ -123,7 +116,7 @@
 			$return_msg = _('Manual uploads disabled.');
 			session_redirect('/docman/?group_id='.$group_id.'&error_msg='.urlencode($return_msg));
 		}
-		
+
 		$incoming = forge_get_config('groupdir_prefix')."/".$g->getUnixName()."/incoming";
 		$filename = $incoming.'/'.$manual_path;
 

Modified: trunk/src/common/include/exit.php
===================================================================
--- trunk/src/common/include/exit.php	2011-05-10 07:18:04 UTC (rev 13247)
+++ trunk/src/common/include/exit.php	2011-05-10 14:18:20 UTC (rev 13248)
@@ -3,7 +3,7 @@
  * FusionForge : Exit functions
  *
  * Copyright 1999-2001 (c) VA Linux Systems
- * Copyright 2010, Franck Villaume
+ * Copyright 2010-2011, Franck Villaume - Capgemini
  *
  * This file is part of FusionForge.
  *
@@ -28,8 +28,8 @@
  * @param	string	Error text
  * @param	string	toptab for navigation bar
  */
-function exit_error($text="", $toptab='') {
-	global $HTML,$group_id;
+function exit_error($text = "", $toptab = '') {
+	global $HTML, $group_id;
 	$HTML->header(array('title'=>_('Exiting with error'), 'group'=>$group_id, 'toptab'=>$toptab));
 	echo $HTML->error_msg(htmlspecialchars($text));
 	$HTML->footer(array());
@@ -42,7 +42,7 @@
  * @param	string	$reason_descr
  * @param	string	toptab needed for navigation
  */
-function exit_permission_denied($reason_descr='', $toptab='') {
+function exit_permission_denied($reason_descr = '', $toptab = '') {
 	if(!session_loggedin()) {
 		exit_not_logged_in();
 	} else {
@@ -66,32 +66,33 @@
  * @param	string	toptab
  */
 function exit_no_group() {
-	exit_error(_('Permission denied. No project was chosen, project does not exist or you can\'t access it.'),$toptab='');
+	exit_error(_('Permission denied. No project was chosen, project does not exist or you can\'t access it.'), '');
 }
 
 /**
  * exit_missing_param() - Exit with missing required parameters error
  *
- * @param	string	URL : usually $_SERVER['HTTP_REFERER'] minus forge_get_config('web_host') + forge_get_config('use_ssl')
+ * @param	string	URL : usually $_SERVER['HTTP_REFERER']
  * @param	array	array of missing parameters
  * @param	string	toptab needed for navigation
  */
-function exit_missing_param($url='', $missing_params=array(), $toptab='') {
+function exit_missing_param($url = '', $missing_params = array(), $toptab = '') {
 	if (!empty($missing_params)) {
 		$error = _('Missing required parameters : ');
 		foreach ($missing_params as $missing_param) {
-		$error .= $missing_param.' ';
+			$error .= $missing_param.' ';
 		}
 	} else {
 		$error = sprintf(_('Missing required parameters.'));
 	}
-	if (!empty($url)) {
-		if (strpos($url,'?')) {
-			session_redirect($url.'&error_msg='.urlencode($error));
+	$redirect_url = util_find_relative_referer($url);
+	if (!empty($redirect_url)) {
+		if (strpos($redirect_url,'?')) {
+			session_redirect($redirect_url.'&error_msg='.urlencode($error));
 		}
-		session_redirect($url.'?error_msg='.urlencode($error));
+		session_redirect($redirect_url.'?error_msg='.urlencode($error));
 	} else {
-		exit_error($error,$toptab);
+		exit_error($error, $toptab);
 	}
 }
 
@@ -100,8 +101,8 @@
  *
  * @param	string	toptab needed for navigation
  */
-function exit_disabled($toptab='summary') {
-	exit_error(_('The Site Administrator has turned off this feature.'),$toptab);
+function exit_disabled($toptab = 'summary') {
+	exit_error(_('The Site Administrator has turned off this feature.'), $toptab);
 }
 
 /**
@@ -109,8 +110,8 @@
  *
  * @param	string	toptab needed for navigation
  */
-function exit_form_double_submit($toptab='') {
-	exit_error(_('You Attempted To Double-submit this item. Please avoid double-clicking.'),$toptab);
+function exit_form_double_submit($toptab = '') {
+	exit_error(_('You Attempted To Double-submit this item. Please avoid double-clicking.'), $toptab);
 }
 
 // Local Variables:

Modified: trunk/src/common/include/utils.php
===================================================================
--- trunk/src/common/include/utils.php	2011-05-10 07:18:04 UTC (rev 13247)
+++ trunk/src/common/include/utils.php	2011-05-10 14:18:20 UTC (rev 13248)
@@ -4,7 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2009-2011, Roland Mas
- * Copyright 2009-2010, Franck Villaume - Capgemini
+ * Copyright 2009-2011, Franck Villaume - Capgemini
  * Copyright 2010, Thorsten Glaser <t.glaser at tarent.de>
  * Copyright 2010-2011, Alain Peyrat - Alcatel-Lucent
  *
@@ -14,7 +14,7 @@
  * it under the terms of the GNU General Public License as published
  * by the Free Software Foundation; either version 2 of the License,
  * or (at your option) any later version.
- * 
+ *
  * FusionForge is distributed in the hope that it will be useful, but
  * WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
@@ -59,7 +59,7 @@
     "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
     return "$"."apr1"."$".$salt."$".$tmp;
 }
- 
+
 /**
  * is_utf8($string) - utf-8 detection
  *
@@ -92,11 +92,11 @@
 }
 
 /**
- * removeCRLF() - remove any Carriage Return-Line Feed from a string. 
+ * removeCRLF() - remove any Carriage Return-Line Feed from a string.
  * That function is useful to remove the possibility of a CRLF Injection when sending mail
  * All the data that we will send should be passed through that function
  *
- * @param	   string  The string that we want to empty from any CRLF 
+ * @param	   string  The string that we want to empty from any CRLF
  */
 function util_remove_CRLF($str) {
 	return strtr($str, "\015\012", '  ');
@@ -174,8 +174,8 @@
 	if (!$from) {
 		$from='noreply@'.forge_get_config('web_host');
 	}
-	
 
+
 	$charset = _('UTF-8');
 	if (!$charset) {
 		$charset = 'UTF-8';
@@ -198,7 +198,7 @@
 		"\nContent-type: text/$type; charset=$charset".
 		"\n\n".
 		util_convert_body($body, $charset);
-	
+
 	if (!forge_get_config('sendmail_path')){
 		$sys_sendmail_path="/usr/sbin/sendmail";
 	}
@@ -223,7 +223,7 @@
 				$name,$charset,"UTF-8")).
 			"?=";
 	}
-	
+
 	return $name." <".$email."> ";
 }
 
@@ -269,7 +269,7 @@
 	if (!function_exists('mb_convert_encoding') || $charset == 'UTF-8') {
 		return $str;
 	}
-	
+
 	return mb_convert_encoding($str,$charset,"UTF-8");
 }
 
@@ -458,7 +458,7 @@
 					if ($code <= 0x7F ||
 					    $code >= 0xC0) {
 						//Here is single byte character
-						//or head of multi byte character  
+						//or head of multi byte character
 						return $wrap;
 					}
 					//Do not break multi byte character
@@ -518,8 +518,8 @@
  *
  */
 function util_make_links($data='') {
-	if(empty($data)) { 
-		return $data; 
+	if(empty($data)) {
+		return $data;
 	}
 	$lines = explode("\n", $data);
 	$newText = "";
@@ -763,14 +763,14 @@
 				$headersCellData[] = array($fieldName);
 			}
 		}
-		
+
 		/*  Create the title  */
 		if(strlen($title) > 0) {
 			$titleCellData = array();
 			$titleCellData[] = array($title, 'colspan="'.count($headersCellData).'"');
 			echo $HTML->multiTableRow('', $titleCellData, TRUE);
 		}
-		
+
 		/* Display the headers */
 		if($displayHeaders) {
 			echo $HTML->multiTableRow('', $headersCellData, TRUE);
@@ -835,10 +835,10 @@
 */
 function validate_emails($addresses, $separator=',') {
 	if (strlen($addresses) == 0) return array();
-	
+
 	$emails = explode($separator, $addresses);
 	$ret 	= array();
-	
+
 	if (is_array($emails)) {
 		foreach ($emails as $email) {
 			$email = trim($email);		// This is done so we can validate lists like "a at b.com, c at d.com"
@@ -914,7 +914,7 @@
  * @version        1.0
  * @param int       bytes   is the size
  * @param bool     base10  enable base 10 representation, otherwise
- *                 default base 2  is used  
+ *                 default base 2  is used
  * @param int       round   number of fractional digits
  * @param array     labels  strings associated to each 2^10 or
  *                  10^3(base10==true) multiple of base units
@@ -977,12 +977,12 @@
     $chunksize = 1*(1024*1024); // 1MB chunks
     $buffer = '';
     $byteCounter = 0;
-    
+
     $handle = fopen($filename, 'rb');
     if ($handle === false) {
         return false;
     }
-    
+
     ob_start () ;
     while (!feof($handle)) {
 	    $buffer = fread($handle, $chunksize);
@@ -1029,7 +1029,7 @@
     if (util_is_dot_or_dotdot($sub_dir))
       return true;
   }
-  
+
   return false;
 }
 
@@ -1058,7 +1058,7 @@
 
 /**
  * Constructs the forge's URL prefix out of forge_get_config('url_prefix')
- * 
+ *
  * @return string
  */
 function normalized_urlprefix() {
@@ -1066,38 +1066,51 @@
 	$prefix = preg_replace ("/^\//", "", $prefix) ;
 	$prefix = preg_replace ("/\/$/", "", $prefix) ;
 	$prefix = "/$prefix/" ;
-	if ($prefix == '//') 
+	if ($prefix == '//')
 		$prefix = '/' ;
 	return $prefix ;
 }
 
 /**
+ * Construct the base URL http[s]://forge_name[:port]
+ *
+ * @return	string base URL
+ */
+function util_make_base_url() {
+	if (forge_get_config('use_ssl')) {
+		$url = "https://" ;
+	} else {
+		$url = "http://" ;
+	}
+	$url .= forge_get_config('web_host') ;
+	if (forge_get_config('https_port') != 443) {
+		$url .= ":".forge_get_config('https_port') ;
+	}
+	return $url;
+}
+/**
  * Construct full URL from a relative path
- * 
- * @param string $path
- * @return string URL
+ *
+ * @param	string	$path
+ * @return	string	URL
  */
 function util_make_url($path = '') {
-        if (forge_get_config('use_ssl')) {
-                $url = "https://" ;
-                $url .= forge_get_config('web_host') ;
-                if (forge_get_config('https_port') != 443) {
-                        $url .= ":".forge_get_config('https_port') ;
-                }
-        } else {
-                $url = "http://" ;
-                $url .= forge_get_config('web_host') ;
-                if (forge_get_config('http_port') != 80) {
-                        $url .= ":".forge_get_config('http_port') ;
-                }
-        }
-	$url .= util_make_uri($path) ;
+	$url = util_make_base_url().util_make_uri($path) ;
 	return $url;
 }
 
 /**
+ * Find the relative URL from full URL, removing http[s]://forge_name[:port]
+ *
+ * @param	string	URL
+ */
+function util_find_relative_referer($url) {
+	return str_replace(util_make_base_url(), '', $url);
+}
+
+/**
  * Construct proper (relative) URI (prepending prefix)
- * 
+ *
  * @param string $path
  * @return string URI
  */
@@ -1124,7 +1137,7 @@
 
 /**
  * Create an HTML link to a user's profile page
- * 
+ *
  * @param string $username
  * @param int $user_id
  * @param string $text
@@ -1137,7 +1150,7 @@
 /**
  * Display username with link to a user's profile page
  * and icon face if possible.
- * 
+ *
  * @param string $username
  * @param int $user_id
  * @param string $text
@@ -1153,11 +1166,11 @@
         }
 
         // If no plugin replaced it, then back to default standard link
-        
+
         // Invoke user_logo plugin (see gravatar plugin for instance)
         $params = array('user_id' => $user_id, 'size' => $size, 'content' => '');
         plugin_hook_by_reference('user_logo', $params);
-        
+
         $url = '<a href="' . util_make_url_u ($username, $user_id) . '">' . $text . '</a>';
         if ($params['content']) {
                 return $params['content'].$url.'<div class="new_line"></div>';
@@ -1167,7 +1180,7 @@
 
 /**
  * Create URL for user's profile page
- * 
+ *
  * @param string $username
  * @param int $user_id
  * @return string URL
@@ -1204,7 +1217,7 @@
 
 /**
  * Create URL for a project's page
- * 
+ *
  * @param string $groupame
  * @param int $group_id
  * @return string
@@ -1244,7 +1257,7 @@
 			return false;
 		}
 	}
-		
+
 	// Check if a forum with same name already exists
 	$ff = new ForumFactory($group);
 	if (!$ff || !is_object($ff) || $ff->isError()) {
@@ -1261,7 +1274,7 @@
 			}
 		}
 	}
-	
+
 	// Email is available
 	return true;
 }
@@ -1282,9 +1295,9 @@
 if (!function_exists('array_replace_recursive')) {
 	/**
 	 * Replaces elements from passed arrays into the first array recursively
-	 * @param array $a1 The array in which elements are replaced. 
-	 * @param array $a2 The array from which elements will be extracted. 
-	 * @return Returns an array, or NULL if an error occurs. 
+	 * @param array $a1 The array in which elements are replaced.
+	 * @param array $a2 The array from which elements will be extracted.
+	 * @return Returns an array, or NULL if an error occurs.
 	 */
 	function array_replace_recursive ($a1, $a2) {
 		$result = $a1 ;
@@ -1298,7 +1311,7 @@
 			    !isset ($result[$k]) || !is_array ($result[$k])) {
 				$result[$k] = $v ;
 			}
-			
+
 			$result[$k] = array_replace_recursive ($result[$k],
 							       $v) ;
 		}

Modified: trunk/src/plugins/mantisbt/www/getAttachment.php
===================================================================
--- trunk/src/plugins/mantisbt/www/getAttachment.php	2011-05-10 07:18:04 UTC (rev 13247)
+++ trunk/src/plugins/mantisbt/www/getAttachment.php	2011-05-10 14:18:20 UTC (rev 13248)
@@ -90,12 +90,6 @@
 	header('Content-type: application/binary');
 	echo base64_decode($content);
 } else {
-	if (forge_get_config('use_ssl'))
-		$url = "https://";
-	else
-		$url = "http://";
-
-	$url .= forge_get_config('web_host');
-	exit_missing_param(substr($_SERVER['HTTP_REFERER'], strlen($url)), array(_('No idAttachment')), 'mantisbt');
+	exit_missing_param($_SERVER['HTTP_REFERER'], array(_('No idAttachment')), 'mantisbt');
 }
 ?>

Modified: trunk/src/plugins/mantisbt/www/index.php
===================================================================
--- trunk/src/plugins/mantisbt/www/index.php	2011-05-10 07:18:04 UTC (rev 13247)
+++ trunk/src/plugins/mantisbt/www/index.php	2011-05-10 14:18:20 UTC (rev 13248)
@@ -32,13 +32,7 @@
 $type = getStringFromRequest('type');
 
 if (!$type) {
-	if (forge_get_config('use_ssl'))
-		$url = "https://";
-	else
-		$url = "http://";
-
-	$url .= forge_get_config('web_host');
-	exit_missing_param(substr($_SERVER['HTTP_REFERER'], strlen($url)), array('No TYPE specified'), 'mantisbt');
+	exit_missing_param($_SERVER['HTTP_REFERER']), array('No TYPE specified'), 'mantisbt');
 }
 
 $use_tooltips = 1;
@@ -49,13 +43,7 @@
 	case 'group': {
 		$group_id = getIntFromRequest('group_id');
 		if (!$group_id) {
-			if (forge_get_config('use_ssl'))
-				$url = "https://";
-			else
-				$url = "http://";
-
-			$url .= forge_get_config('web_host');
-			exit_missing_param(substr($_SERVER['HTTP_REFERER'], strlen($url)), array('No GROUP_ID specified'), 'mantisbt');
+			exit_missing_param($_SERVER['HTTP_REFERER']), array('No GROUP_ID specified'), 'mantisbt');
 		}
 		$group = group_get_object($group_id);
 		if (!$group) {
@@ -228,13 +216,7 @@
 		}
 		$group_id = getIntFromRequest('group_id');
 		if (!$group_id) {
-			if (forge_get_config('use_ssl'))
-				$url = "https://";
-			else
-				$url = "http://";
-
-			$url .= forge_get_config('web_host');
-			exit_missing_param(substr($_SERVER['HTTP_REFERER'], strlen($url)), array('No GROUP_ID specified'), 'mantisbt');
+			exit_missing_param($_SERVER['HTTP_REFERER']), array('No GROUP_ID specified'), 'mantisbt');
 		}
 
 		$group = group_get_object($group_id);




More information about the Fusionforge-commits mailing list