Beispiel #1
0
		///////////////////////////////////////////////////////////////////////
		private static int insert_post_attachment_impl(
			btnet.Security security,
			int bugid,
			Stream content,
			int content_length,
			int copy_bpid,
			string file,
			string comment,
			string content_type,
			int parent,
			bool hidden_from_external_users,
			bool send_notifications)
		{
			// Note that this method does not perform any security check nor does
			// it check that content_length is less than MaxUploadSize.
			// These are left up to the caller.

			
			string upload_folder = Util.get_upload_folder();
			string sql;
			bool store_attachments_in_database = (Util.get_setting("StoreAttachmentsInDatabase", "0") == "1");
			string effective_file = file;
			int effective_content_length = content_length;
			string effective_content_type = content_type;
			Stream effective_content = null;

			try
			{
				// Determine the content. We may be instructed to copy an existing
				// attachment via copy_bpid, or a Stream may be provided as the content parameter.

				if (copy_bpid != -1)
				{
					BugPostAttachment bpa = get_bug_post_attachment(copy_bpid);

					effective_content = bpa.content;
					effective_file = bpa.file;
					effective_content_length = bpa.content_length;
					effective_content_type = bpa.content_type;
				}
				else
				{
					effective_content = content;
					effective_file = file;
					effective_content_length = content_length;
					effective_content_type = content_type;
				}

				// Insert a new post into bug_posts.

				sql = @"
declare @now datetime

set @now = getdate()

update bugs
	set bg_last_updated_date = @now,
	bg_last_updated_user = $us
	where bg_id = $bg

insert into bug_posts
	(bp_type, bp_bug, bp_file, bp_comment, bp_size, bp_date, bp_user, bp_content_type, bp_parent, bp_hidden_from_external_users)
	values ('file', $bg, N'$fi', N'$de', $si, @now, $us, N'$ct', $pa, $internal)
	select scope_identity()";

				sql = sql.Replace("$bg", Convert.ToString(bugid));
				sql = sql.Replace("$fi", effective_file.Replace("'", "''"));
				sql = sql.Replace("$de", comment.Replace("'", "''"));
				sql = sql.Replace("$si", Convert.ToString(effective_content_length));
				sql = sql.Replace("$us", Convert.ToString(security.user.usid));

				// Sometimes, somehow, content type is null.  Not sure how.
				sql = sql.Replace("$ct",
					effective_content_type != null
						? effective_content_type.Replace("'", "''")
						: string.Empty);

				if (parent == -1)
				{
					sql = sql.Replace("$pa", "null");
				}
				else
				{
					sql = sql.Replace("$pa", Convert.ToString(parent));
				}
				sql = sql.Replace("$internal", btnet.Util.bool_to_string(hidden_from_external_users));

				int bp_id = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql));

				try
				{
					// Store attachment in bug_post_attachments table.

					if (store_attachments_in_database)
					{
						byte[] data = new byte[effective_content_length];
						int bytes_read = 0;

						while (bytes_read < effective_content_length)
						{
							int bytes_read_this_iteration = effective_content.Read(data, bytes_read, effective_content_length - bytes_read);
							if (bytes_read_this_iteration == 0)
							{
								throw new Exception("Unexpectedly reached the end of the stream before all data was read.");
							}
							bytes_read += bytes_read_this_iteration;
						}

						sql = @"insert into bug_post_attachments
								(bpa_post, bpa_content)
								values (@bp, @bc)";
						using (SqlCommand cmd = new SqlCommand(sql))
						{
							cmd.Parameters.AddWithValue("@bp", bp_id);
							cmd.Parameters.Add("@bc", SqlDbType.Image).Value = data;
							btnet.DbUtil.execute_nonquery(cmd);
						}
					}
					else
					{
						// Store attachment in UploadFolder.

						if (upload_folder == null)
						{
							throw new Exception("StoreAttachmentsInDatabase is false and UploadFolder is not set in web.config.");
						}

						// Copy the content Stream to a file in the upload_folder.
						byte[] buffer = new byte[16384];
						int bytes_read = 0;
						using (FileStream fs = new FileStream(upload_folder + "\\" + bugid + "_" + bp_id + "_" + effective_file, FileMode.CreateNew, FileAccess.Write))
						{
							while (bytes_read < effective_content_length)
							{
								int bytes_read_this_iteration = effective_content.Read(buffer, 0, buffer.Length);
								if (bytes_read_this_iteration == 0)
								{
									throw new Exception("Unexpectedly reached the end of the stream before all data was read.");
								}
								fs.Write(buffer, 0, bytes_read_this_iteration);
								bytes_read += bytes_read_this_iteration;
							}
						}
					}
				}
				catch
				{
					// clean up
					sql = @"delete from bug_posts where bp_id = $bp";

					sql = sql.Replace("$bp", Convert.ToString(bp_id));

					btnet.DbUtil.execute_nonquery(sql);

					throw;
				}

				if (send_notifications)
				{
					btnet.Bug.send_notifications(btnet.Bug.UPDATE, bugid, security);
				}
				return bp_id;
			}
			finally
			{
				// If this procedure "owns" the content (instead of our caller owning it), dispose it.
				if (effective_content != null && effective_content != content)
				{
					effective_content.Dispose();
				}
			}
		}
Beispiel #2
0
		///////////////////////////////////////////////////////////////////////
		public static int insert_post_attachment_copy(
			btnet.Security security,
			int bugid,
			int copy_bpid,
			string comment,
			int parent,
			bool hidden_from_external_users,
			bool send_notifications)
		{
			return insert_post_attachment_impl(
				security,
				bugid,
				null,
				-1,
				copy_bpid,
				null,
				comment,
				null,
				parent,
				hidden_from_external_users,
				send_notifications);
		}
Beispiel #3
0
		///////////////////////////////////////////////////////////////////////
		public static int insert_post_attachment(
			btnet.Security security,
			int bugid,
			Stream content,
			int content_length,
			string file,
			string comment,
			string content_type,
			int parent,
			bool hidden_from_external_users,
			bool send_notifications)
		{
			return insert_post_attachment_impl(
				security,
				bugid,
				content,
				content_length,
				-1, // copy_bpid
				file,
				comment,
				content_type,
				parent,
				hidden_from_external_users,
				send_notifications);
		}
		///////////////////////////////////////////////////////////////////////
		public static int write_posts(
			DataSet ds_posts,
            HttpResponse Response,
			int bugid,
			int permission_level,
			bool write_links,
			bool images_inline,
            bool history_inline,
            bool internal_posts,
			btnet.User user)
		{

			if (Util.get_setting("ForceBordersInEmails","0") == "1")
			{
				Response.Write ("\n<table id='posts_table' border=1 cellpadding=0 cellspacing=3>");
			}
			else
			{
				Response.Write ("\n<table id='posts_table' border=0 cellpadding=0 cellspacing=3>");
			}

			int post_cnt = ds_posts.Tables[0].Rows.Count;
			
			int bp_id;
			int prev_bp_id = -1;

			
			foreach (DataRow dr in ds_posts.Tables[0].Rows)
			{

                if (!internal_posts)
                {
                    if ((int)dr["bp_hidden_from_external_users"] == 1)
                    {
                        continue; 
                    }
                }

                bp_id = (int) dr["bp_id"];

				if ((string)dr["bp_type"] == "update")
				{

					string comment = (string) dr["bp_comment"];

					if (user.tags_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed tags from"))
						continue;

					if (user.project_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed project from"))
						continue;

					if (user.org_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed organization from"))
						continue;

					if (user.category_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed category from"))
						continue;

					if (user.priority_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed priority from"))
						continue;

					if (user.assigned_to_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed assigned_to from"))
						continue;

					if (user.status_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed status from"))
						continue;

					if (user.udf_field_permission_level == Security.PERMISSION_NONE
					&& comment.StartsWith("changed " + Util.get_setting("UserDefinedBugAttributeName","YOUR ATTRIBUTE") + " from"))
						continue;

                    bool bSkip = false;
                    foreach (string key in user.dict_custom_field_permission_level.Keys)
                    { 
                        int field_permission_level = user.dict_custom_field_permission_level[key];
                        if (field_permission_level == Security.PERMISSION_NONE)
                        {
                            if (comment.StartsWith("changed " + key + " from"))
                            {
                                bSkip = true;
                            }
                        }
                    }
                    if (bSkip)
                    {
                        continue;
                    }

				}

				if (bp_id == prev_bp_id)
				{
					// show another attachment
					write_email_attachment(Response, bugid, dr, write_links, images_inline);
				}
				else
				{
					// show the comment and maybe an attachment
					if (prev_bp_id != -1) {
						Response.Write ("\n</table>"); // end the previous table
					}

					write_post(Response, bugid, permission_level, dr, bp_id, write_links, images_inline,
						user.is_admin,
						user.can_edit_and_delete_posts,
						user.external_user);


					if (Convert.ToString(dr["ba_file"]) != "") // intentially "ba"
					{
						write_email_attachment(Response, bugid, dr, write_links, images_inline);
					}
					prev_bp_id = bp_id;
				}

			}

			if (prev_bp_id != -1)
			{
				Response.Write ("\n</table>"); // end the previous table
			}

			Response.Write ("\n</table>");
			
			return post_cnt;
		}