search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / bug_report.php
blob77ada1e97b995096c2b15e66a127de75b9d780e9
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This page stores the reported bug
19 *
20 * @package MantisBT
21 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses access_api.php
27 * @uses authentication_api.php
28 * @uses bug_api.php
29 * @uses config_api.php
30 * @uses constant_inc.php
31 * @uses custom_field_api.php
32 * @uses date_api.php
33 * @uses email_api.php
34 * @uses error_api.php
35 * @uses event_api.php
36 * @uses file_api.php
37 * @uses form_api.php
38 * @uses gpc_api.php
39 * @uses helper_api.php
40 * @uses history_api.php
41 * @uses html_api.php
42 * @uses lang_api.php
43 * @uses last_visited_api.php
44 * @uses print_api.php
45 * @uses profile_api.php
46 * @uses relationship_api.php
47 * @uses string_api.php
48 * @uses user_api.php
49 * @uses utility_api.php
50 */
51
52 /**
53 * MantisBT Core API's
54 */
55 require_once( 'core.php' );
56 require_api( 'access_api.php' );
57 require_api( 'authentication_api.php' );
58 require_api( 'bug_api.php' );
59 require_api( 'config_api.php' );
60 require_api( 'constant_inc.php' );
61 require_api( 'custom_field_api.php' );
62 require_api( 'date_api.php' );
63 require_api( 'email_api.php' );
64 require_api( 'error_api.php' );
65 require_api( 'event_api.php' );
66 require_api( 'file_api.php' );
67 require_api( 'form_api.php' );
68 require_api( 'gpc_api.php' );
69 require_api( 'helper_api.php' );
70 require_api( 'history_api.php' );
71 require_api( 'html_api.php' );
72 require_api( 'lang_api.php' );
73 require_api( 'last_visited_api.php' );
74 require_api( 'print_api.php' );
75 require_api( 'profile_api.php' );
76 require_api( 'relationship_api.php' );
77 require_api( 'string_api.php' );
78 require_api( 'user_api.php' );
79 require_api( 'utility_api.php' );
80
81 form_security_validate( 'bug_report' );
82
83 access_ensure_project_level( config_get('report_bug_threshold' ) );
84
85 $t_bug_data = new BugData;
86 $t_bug_data->build = gpc_get_string( 'build', '' );
87 $t_bug_data->platform = gpc_get_string( 'platform', '' );
88 $t_bug_data->os = gpc_get_string( 'os', '' );
89 $t_bug_data->os_build = gpc_get_string( 'os_build', '' );
90 $t_bug_data->version = gpc_get_string( 'product_version', '' );
91 $t_bug_data->profile_id = gpc_get_int( 'profile_id', 0 );
92 $t_bug_data->handler_id = gpc_get_int( 'handler_id', 0 );
93 $t_bug_data->view_state = gpc_get_int( 'view_state', config_get( 'default_bug_view_status' ) );
94
95 $t_bug_data->category_id = gpc_get_int( 'category_id', 0 );
96 $t_bug_data->reproducibility = gpc_get_int( 'reproducibility', config_get( 'default_bug_reproducibility' ) );
97 $t_bug_data->severity = gpc_get_int( 'severity', config_get( 'default_bug_severity' ) );
98 $t_bug_data->priority = gpc_get_int( 'priority', config_get( 'default_bug_priority' ) );
99 $t_bug_data->projection = gpc_get_int( 'projection', config_get( 'default_bug_projection' ) );
100 $t_bug_data->eta = gpc_get_int( 'eta', config_get( 'default_bug_eta' ) );
101 $t_bug_data->resolution = config_get( 'default_bug_resolution' );
102 $t_bug_data->status = config_get( 'bug_submit_status' );
103 $t_bug_data->summary = gpc_get_string( 'summary' );
104 $t_bug_data->description = gpc_get_string( 'description' );
105 $t_bug_data->steps_to_reproduce = gpc_get_string( 'steps_to_reproduce', config_get( 'default_bug_steps_to_reproduce' ) );
106 $t_bug_data->additional_information = gpc_get_string( 'additional_info', config_get ( 'default_bug_additional_info' ) );
107 $t_bug_data->due_date = gpc_get_string( 'due_date', '');
108 if ( is_blank ( $t_bug_data->due_date ) ) {
109 $t_bug_data->due_date = date_get_null();
110 } else {
111 $t_bug_data->due_date = $t_bug_data->due_date;
112 }
113
114 $f_file = gpc_get_file( 'file', null ); /** @todo (thraxisp) Note that this always returns a structure */
115 # size = 0, if no file
116 $f_report_stay = gpc_get_bool( 'report_stay', false );
117 $t_bug_data->project_id = gpc_get_int( 'project_id' );
118
119 $t_bug_data->reporter_id = auth_get_current_user_id();
120
121 $t_bug_data->summary = trim( $t_bug_data->summary );
122
123 if ( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_bug_data->project_id ) ) {
124 $t_bug_data->target_version = gpc_get_string( 'target_version', '' );
125 }
126
127 # if a profile was selected then let's use that information
128 if ( 0 != $t_bug_data->profile_id ) {
129 if ( profile_is_global( $t_bug_data->profile_id ) ) {
130 $row = user_get_profile_row( ALL_USERS, $t_bug_data->profile_id );
131 } else {
132 $row = user_get_profile_row( $t_bug_data->reporter_id, $t_bug_data->profile_id );
133 }
134
135 if ( is_blank( $t_bug_data->platform ) ) {
136 $t_bug_data->platform = $row['platform'];
137 }
138 if ( is_blank( $t_bug_data->os ) ) {
139 $t_bug_data->os = $row['os'];
140 }
141 if ( is_blank( $t_bug_data->os_build ) ) {
142 $t_bug_data->os_build = $row['os_build'];
143 }
144 }
145 helper_call_custom_function( 'issue_create_validate', array( $t_bug_data ) );
146
147 # Validate the custom fields before adding the bug.
148 $t_related_custom_field_ids = custom_field_get_linked_ids( $t_bug_data->project_id );
149 foreach( $t_related_custom_field_ids as $t_id ) {
150 $t_def = custom_field_get_definition( $t_id );
151
152 # Produce an error if the field is required but wasn't posted
153 if ( !gpc_isset_custom_field( $t_id, $t_def['type'] ) &&
154 ( $t_def['require_report'] ||
155 $t_def['type'] == CUSTOM_FIELD_TYPE_ENUM ||
156 $t_def['type'] == CUSTOM_FIELD_TYPE_LIST ||
157 $t_def['type'] == CUSTOM_FIELD_TYPE_MULTILIST ||
158 $t_def['type'] == CUSTOM_FIELD_TYPE_RADIO ) ) {
159 error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
160 trigger_error( ERROR_EMPTY_FIELD, ERROR );
161 }
162 if ( !custom_field_validate( $t_id, gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], NULL ) ) ) {
163 error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
164 trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
165 }
166 }
167
168 # Allow plugins to pre-process bug data
169 $t_bug_data = event_signal( 'EVENT_REPORT_BUG_DATA', $t_bug_data );
170
171 # Create the bug
172 $t_bug_id = $t_bug_data->create();
173
174 # Mark the added issue as visited so that it appears on the last visited list.
175 last_visited_issue( $t_bug_id );
176
177 # Handle the file upload
178 if ( !is_blank( $f_file['tmp_name'] ) && ( 0 < $f_file['size'] ) ) {
179 file_add( $t_bug_id, $f_file, 'bug' );
180 }
181
182 # Handle custom field submission
183 foreach( $t_related_custom_field_ids as $t_id ) {
184 # Do not set custom field value if user has no write access.
185 if( !custom_field_has_write_access( $t_id, $t_bug_id ) ) {
186 continue;
187 }
188
189 $t_def = custom_field_get_definition( $t_id );
190 if( !custom_field_set_value( $t_id, $t_bug_id, gpc_get_custom_field( "custom_field_$t_id", $t_def['type'], '' ), false ) ) {
191 error_parameters( lang_get_defaulted( custom_field_get_field( $t_id, 'name' ) ) );
192 trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
193 }
194 }
195
196 $f_master_bug_id = gpc_get_int( 'm_id', 0 );
197 $f_rel_type = gpc_get_int( 'rel_type', -1 );
198
199 if ( $f_master_bug_id > 0 ) {
200 # it's a child generation... let's create the relationship and add some lines in the history
201
202 # update master bug last updated
203 bug_update_date( $f_master_bug_id );
204
205 # Add log line to record the cloning action
206 history_log_event_special( $t_bug_id, BUG_CREATED_FROM, '', $f_master_bug_id );
207 history_log_event_special( $f_master_bug_id, BUG_CLONED_TO, '', $t_bug_id );
208
209 if ( $f_rel_type >= 0 ) {
210 # Add the relationship
211 relationship_add( $t_bug_id, $f_master_bug_id, $f_rel_type );
212
213 # Add log line to the history (both issues)
214 history_log_event_special( $f_master_bug_id, BUG_ADD_RELATIONSHIP, relationship_get_complementary_type( $f_rel_type ), $t_bug_id );
215 history_log_event_special( $t_bug_id, BUG_ADD_RELATIONSHIP, $f_rel_type, $f_master_bug_id );
216
217 # Send the email notification
218 email_relationship_added( $f_master_bug_id, $t_bug_id, relationship_get_complementary_type( $f_rel_type ) );
219
220 # update relationship target bug last updated
221 bug_update_date( $t_bug_id );
222 }
223 }
224
225 helper_call_custom_function( 'issue_create_notify', array( $t_bug_id ) );
226
227 # Allow plugins to post-process bug data with the new bug ID
228 event_signal( 'EVENT_REPORT_BUG', array( $t_bug_data, $t_bug_id ) );
229
230 email_new_bug( $t_bug_id );
231
232 form_security_purge( 'bug_report' );
233
234 html_page_top1();
235
236 if ( !$f_report_stay ) {
237 html_meta_redirect( 'view_all_bug_page.php' );
238 }
239
240 html_page_top2();
241 ?>
242 <br />
243 <div>
244 <?php
245 echo lang_get( 'operation_successful' ) . '<br />';
246 print_bracket_link( string_get_bug_view_url( $t_bug_id ), sprintf( lang_get( 'view_submitted_bug_link' ), $t_bug_id ) );
247 print_bracket_link( 'view_all_bug_page.php', lang_get( 'view_bugs_link' ) );
248
249 if ( $f_report_stay ) {
250 ?>
251 <p>
252 <form method="post" action="<?php echo string_get_bug_report_url() ?>">
253 <?php # CSRF protection not required here - form does not result in modifications ?>
254 <input type="hidden" name="category_id" value="<?php echo string_attribute( $t_bug_data->category_id ) ?>" />
255 <input type="hidden" name="severity" value="<?php echo string_attribute( $t_bug_data->severity ) ?>" />
256 <input type="hidden" name="reproducibility" value="<?php echo string_attribute( $t_bug_data->reproducibility ) ?>" />
257 <input type="hidden" name="profile_id" value="<?php echo string_attribute( $t_bug_data->profile_id ) ?>" />
258 <input type="hidden" name="platform" value="<?php echo string_attribute( $t_bug_data->platform ) ?>" />
259 <input type="hidden" name="os" value="<?php echo string_attribute( $t_bug_data->os ) ?>" />
260 <input type="hidden" name="os_build" value="<?php echo string_attribute( $t_bug_data->os_build ) ?>" />
261 <input type="hidden" name="product_version" value="<?php echo string_attribute( $t_bug_data->version ) ?>" />
262 <input type="hidden" name="target_version" value="<?php echo string_attribute( $t_bug_data->target_version ) ?>" />
263 <input type="hidden" name="build" value="<?php echo string_attribute( $t_bug_data->build ) ?>" />
264 <input type="hidden" name="report_stay" value="1" />
265 <input type="hidden" name="view_state" value="<?php echo string_attribute( $t_bug_data->view_state ) ?>" />
266 <input type="hidden" name="due_date" value="<?php echo string_attribute( $t_bug_data->due_date ) ?>" />
267 <input type="submit" class="button" value="<?php echo lang_get( 'report_more_bugs' ) ?>" />
268 </form>
269 </p>
270 <?php
271 }
272 ?>
273 </div>
274
275 <?php
276 html_page_bottom();