search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / query_store.php
blobcec524bd30832f83fa32bc7ddf12611a707254b7
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * @package MantisBT
19 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
20 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
21 * @link http://www.mantisbt.org
22 *
23 * @uses core.php
24 * @uses authentication_api.php
25 * @uses compress_api.php
26 * @uses config_api.php
27 * @uses filter_api.php
28 * @uses form_api.php
29 * @uses gpc_api.php
30 * @uses helper_api.php
31 * @uses lang_api.php
32 * @uses print_api.php
33 * @uses utility_api.php
34 */
35
36 /**
37 * MantisBT Core API's
38 */
39 require_once( 'core.php' );
40 require_api( 'authentication_api.php' );
41 require_api( 'compress_api.php' );
42 require_api( 'config_api.php' );
43 require_api( 'filter_api.php' );
44 require_api( 'form_api.php' );
45 require_api( 'gpc_api.php' );
46 require_api( 'helper_api.php' );
47 require_api( 'lang_api.php' );
48 require_api( 'print_api.php' );
49 require_api( 'utility_api.php' );
50
51 form_security_validate( 'query_store' );
52
53 auth_ensure_user_authenticated();
54 compress_enable();
55
56 $f_query_name = strip_tags( gpc_get_string( 'query_name' ) );
57 $f_is_public = gpc_get_bool( 'is_public' );
58 $f_all_projects = gpc_get_bool( 'all_projects' );
59
60 $t_query_redirect_url = 'query_store_page.php';
61
62 # We can't have a blank name
63 if ( is_blank( $f_query_name ) ) {
64 $t_query_redirect_url = $t_query_redirect_url . '?error_msg='
65 . urlencode( lang_get( 'query_blank_name' ) );
66 print_header_redirect( $t_query_redirect_url );
67 }
68
69 // mantis_filters_table.name has a length of 64. Not allowing longer.
70 if ( !filter_name_valid_length( $f_query_name ) ) {
71 $t_query_redirect_url = $t_query_redirect_url . '?error_msg='
72 . urlencode( lang_get( 'query_name_too_long' ) );
73 print_header_redirect( $t_query_redirect_url );
74 }
75
76 # Check and make sure they don't already have a
77 # query with the same name
78 $t_query_arr = filter_db_get_available_queries();
79 foreach( $t_query_arr as $t_id => $t_name ) {
80 if ( $f_query_name == $t_name ) {
81 $t_query_redirect_url = $t_query_redirect_url . '?error_msg='
82 . urlencode( lang_get( 'query_dupe_name' ) );
83 print_header_redirect( $t_query_redirect_url );
84 exit;
85 }
86 }
87
88 $t_project_id = helper_get_current_project();
89 if ( $f_all_projects ) {
90 $t_project_id = 0;
91 }
92
93 $t_filter_string = filter_db_get_filter( gpc_get_cookie( config_get( 'view_all_cookie' ), '' ) );
94
95 $t_new_row_id = filter_db_set_for_current_user($t_project_id, $f_is_public,
96 $f_query_name, $t_filter_string);
97
98 form_security_purge( 'query_store' );
99
100 if ( $t_new_row_id == -1 ) {
101 $t_query_redirect_url = $t_query_redirect_url . '?error_msg='
102 . urlencode( lang_get( 'query_store_error' ) );
103 print_header_redirect( $t_query_redirect_url );
104 } else {
105 print_header_redirect( 'view_all_bug_page.php' );
106 }