private bool IsValidPassword(string username, string hashedPassword, string resetKey) { var sql = new SQLString("select count(*) from users where us_username = @username and us_password = @password and password_reset_key = @resetKey"); sql.AddParameterWithValue("@username", username); sql.AddParameterWithValue("@password", hashedPassword); sql.AddParameterWithValue("@resetKey", resetKey); return ((int)btnet.DbUtil.execute_scalar(sql)) > 0; }
private bool IsValidPassword(string username, string hashedPassword, string resetKey) { var sql = new SQLString("select count(*) from users where us_username = @username and us_password = @password and password_reset_key = @resetKey"); sql.AddParameterWithValue("@username", username); sql.AddParameterWithValue("@password", hashedPassword); sql.AddParameterWithValue("@resetKey", resetKey); return(((int)btnet.DbUtil.execute_scalar(sql)) > 0); }
protected void Page_Load(Object sender, EventArgs e) { Util.set_context(HttpContext.Current); Util.do_not_cache(Response); string guid = Request["id"]; SQLString sql = new SQLString(@" declare @expiration datetime set @expiration = dateadd(n,-1 * @minutes,getdate()) select *, case when el_date < @expiration then 1 else 0 end [expired] from emailed_links where el_id = @guid delete from emailed_links where el_date < dateadd(n,-240,getdate())"); sql = sql.AddParameterWithValue("minutes", Util.get_setting("RegistrationExpiration", "20")); sql = sql.AddParameterWithValue("guid", guid.Replace("'", "''")); DataRow dr = btnet.DbUtil.get_datarow(sql); if (dr == null) { msg.InnerHtml = "The link you clicked on is expired or invalid.<br>Please start over again."; } else if ((int)dr["expired"] == 1) { msg.InnerHtml = "The link you clicked has expired.<br>Please start over again."; } else { btnet.User.copy_user( (string)dr["el_username"], (string)dr["el_email"], (string)dr["el_firstname"], (string)dr["el_lastname"], "", (int)dr["el_salt"], (string)dr["el_password"], Util.get_setting("SelfRegisteredUserTemplate", "[error - missing user template]"), false); // Delete the temp link sql = new SQLString(@"delete from emailed_links where el_id = @guid"); sql = sql.AddParameterWithValue("guid", guid); btnet.DbUtil.execute_nonquery(sql); msg.InnerHtml = "Your registration is complete."; } }
/////////////////////////////////////////////////////////////////////// public static int get_bug_permission_level(int bugid, IIdentity identity) { /* * public const int PERMISSION_NONE = 0; * public const int PERMISSION_READONLY = 1; * public const int PERMISSION_REPORTER = 3; * public const int PERMISSION_ALL = 2; */ // fetch the revised permission level var sql = new SQLString(@" declare @bg_org int select isnull(pu_permission_level,@dpl), bg_org from bugs left outer join project_user_xref on pu_project = bg_project and pu_user = @us where bg_id = @bg"); ; sql = sql.AddParameterWithValue("@dpl", Util.get_setting("DefaultPermissionLevel", "2")); sql = sql.AddParameterWithValue("@bg", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("@us", Convert.ToString(identity.GetUserId())); DataRow dr = btnet.DbUtil.get_datarow(sql); if (dr == null) { return(PermissionLevel.None); } int pl = (int)dr[0]; int bg_org = (int)dr[1]; // maybe reduce permissions var organizationId = identity.GetOrganizationId(); if (bg_org != organizationId) { var otherOrgsPermissionLevel = identity.GetOtherOrgsPermissionLevels(); if (otherOrgsPermissionLevel == PermissionLevel.None || otherOrgsPermissionLevel == PermissionLevel.ReadOnly) { if (otherOrgsPermissionLevel < pl) { pl = otherOrgsPermissionLevel; } } } return(pl); }
protected void Page_Load(Object sender, EventArgs e) { Util.set_context(HttpContext.Current); Util.do_not_cache(Response); string guid = Request["id"]; SQLString sql = new SQLString(@" declare @expiration datetime set @expiration = dateadd(n,-1 * @minutes,getdate()) select *, case when el_date < @expiration then 1 else 0 end [expired] from emailed_links where el_id = @guid delete from emailed_links where el_date < dateadd(n,-240,getdate())" ); sql = sql.AddParameterWithValue("minutes", Util.get_setting("RegistrationExpiration", "20")); sql = sql.AddParameterWithValue("guid", guid.Replace("'", "''")); DataRow dr = btnet.DbUtil.get_datarow(sql); if (dr == null) { msg.InnerHtml = "The link you clicked on is expired or invalid.<br>Please start over again."; } else if ((int)dr["expired"] == 1) { msg.InnerHtml = "The link you clicked has expired.<br>Please start over again."; } else { btnet.User.copy_user( (string)dr["el_username"], (string)dr["el_email"], (string)dr["el_firstname"], (string)dr["el_lastname"], "", (int)dr["el_salt"], (string)dr["el_password"], Util.get_setting("SelfRegisteredUserTemplate", "[error - missing user template]"), false); // Delete the temp link sql = new SQLString(@"delete from emailed_links where el_id = @guid"); sql = sql.AddParameterWithValue("guid", guid); btnet.DbUtil.execute_nonquery(sql); msg.InnerHtml = "Your registration is complete."; } }
/////////////////////////////////////////////////////////////////////// protected static void write_relationships(HttpResponse Response, int bugid) { var sql = new SQLString(@"select bg_id [id], bg_short_desc [desc], re_type [comment], case when re_direction = 0 then '' when re_direction = 2 then @child else @parent end [parent/child] from bug_relationships inner join bugs on re_bug2 = bg_id where re_bug1 = @bg order by 1"); sql = sql.AddParameterWithValue("bg", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("parent", "parent of " + Convert.ToString(bugid)); sql = sql.AddParameterWithValue("child", "child of " + Convert.ToString(bugid)); DataSet ds_relationships = btnet.DbUtil.get_dataset(sql); if (ds_relationships.Tables[0].Rows.Count > 0) { Response.Write ("<b>Relationships</b><p><table border=1 class=datat><tr>"); Response.Write ("<td class=datah valign=bottom>id</td>"); Response.Write ("<td class=datah valign=bottom>desc</td>"); Response.Write ("<td class=datah valign=bottom>comment</td>"); Response.Write ("<td class=datah valign=bottom>parent/child</td>"); foreach (DataRow dr_relationships in ds_relationships.Tables[0].Rows) { Response.Write ("<tr>"); Response.Write ("<td class=datad valign=top align=right>"); Response.Write (Convert.ToString((int) dr_relationships["id"])); Response.Write ("<td class=datad valign=top>"); Response.Write (Convert.ToString(dr_relationships["desc"])); Response.Write ("<td class=datad valign=top>"); Response.Write (Convert.ToString(dr_relationships["comment"])); Response.Write ("<td class=datad valign=top>"); Response.Write (Convert.ToString(dr_relationships["parent/child"])); } Response.Write ("</table><p>"); } }
public static void update_user_password(string username, string unencypted) { var salt = GenerateRandomString(); string hashed = Util.HashString(unencypted, Convert.ToString(salt)); var sql = new SQLString("update users set us_password = @hashed, us_salt = @salt where us_username = @username"); sql = sql.AddParameterWithValue("hashed", hashed); sql = sql.AddParameterWithValue("salt", Convert.ToString(salt)); sql = sql.AddParameterWithValue("username", Convert.ToString(username)); btnet.DbUtil.execute_nonquery(sql); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit dashboard"; if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanUseReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } ses = (string)Session.SessionID; var sql = new SQLString(@" select ds_id, ds_col, ds_row, ds_chart_type, rp_desc from dashboard_items ds inner join reports on rp_id = ds_report where ds_user = @user order by ds_col, ds_row"); sql = sql.AddParameterWithValue("user", Convert.ToString(User.Identity.GetUserId())); ds = DbUtil.get_dataset(sql); }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); string ct; if (good) { if (id == 0) { // insert new sql = new SQLString(@"insert into reports (rp_desc, rp_sql, rp_chart_type) values (@de, @sq, @ct)" ); } else { // edit existing sql = new SQLString(@"update reports set rp_desc = @de, rp_sql = @sq, rp_chart_type = @ct where rp_id = @id" ); sql = sql.AddParameterWithValue("@id", Convert.ToString(id)); } sql = sql.AddParameterWithValue("@de", desc.Value); sql = sql.AddParameterWithValue("@sq", Server.HtmlDecode(sql_text.Value)); if (pie.Checked) { ct = "pie"; } else if (bar.Checked) { ct = "bar"; } else if (line.Checked) { ct = "line"; } else { ct = "table"; } sql = sql.AddParameterWithValue("@ct", ct); DbUtil.execute_nonquery(sql); Server.Transfer("reports.aspx"); } else { if (id == 0) { // insert new msg.InnerText += "Query was not created."; } else { // edit existing msg.InnerText += "Query was not updated."; } } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { sql = new SQLString(@"update bug_posts set bp_comment = @comment, bp_hidden_from_external_users = @internal where bp_id = @bugPostId" ); sql = sql.AddParameterWithValue("bugPostId", Convert.ToString(id)); sql = sql.AddParameterWithValue("comment", desc.Value.Replace("'", "''")); sql = sql.AddParameterWithValue("internal", btnet.Util.bool_to_string(internal_only.Checked)); btnet.DbUtil.execute_nonquery(sql); if (!internal_only.Checked) { btnet.Bug.send_notifications(btnet.Bug.UPDATE, bugid, User.Identity); } Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid)); } else { msg.InnerText = "Attachment was not updated."; } }
/////////////////////////////////////////////////////////////////////// public static void update_most_recent_login_datetime(int us_id) { var sql = new SQLString(@"update users set us_most_recent_login_datetime = getdate() where us_id = @us"); sql = sql.AddParameterWithValue("us", Convert.ToString(us_id)); DbUtil.execute_nonquery(sql); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit dashboard"; if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanUseReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } ses = (string)Session.SessionID; var sql = new SQLString(@" select ds_id, ds_col, ds_row, ds_chart_type, rp_desc from dashboard_items ds inner join reports on rp_id = ds_report where ds_user = @user order by ds_col, ds_row"); sql = sql.AddParameterWithValue("user", Convert.ToString(User.Identity.GetUserId())); ds = DbUtil.get_dataset(sql); }
private string GetSalt(string username) { var sql = new SQLString("select us_salt from users where us_username = @username"); sql.AddParameterWithValue("@username", username); var result = ((string)btnet.DbUtil.execute_scalar(sql)); return result; }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit priority"; msg.InnerText = ""; string var = Request.QueryString["id"]; if (var == null) { id = 0; } else { id = Convert.ToInt32(var); } if (!IsPostBack) { // add or edit? if (id == 0) { sub.Value = "Create"; } else { sub.Value = "Update"; // Get this entry's data from the db and fill in the form sql = new SQLString(@"select pr_name, pr_sort_seq, pr_background_color, isnull(pr_style,'') [pr_style], pr_default from priorities where pr_id = @id"); sql = sql.AddParameterWithValue("id", id); DataRow dr = btnet.DbUtil.get_datarow(sql); // Fill in this form name.Value = (string)dr["pr_name"]; sort_seq.Value = Convert.ToString((int)dr["pr_sort_seq"]); color.Value = (string)dr["pr_background_color"]; style.Value = (string)dr["pr_style"]; default_selection.Checked = Convert.ToBoolean((int)dr["pr_default"]); } } else { on_update(); } }
private string GetSalt(string username) { var sql = new SQLString("select us_salt from users where us_username = @username"); sql.AddParameterWithValue("@username", username); var result = ((string)btnet.DbUtil.execute_scalar(sql)); return(result); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (Request.QueryString["ses"] != (string)Session["session_cookie"]) { Response.Write("session in URL doesn't match session cookie"); Response.End(); } string string_bugid = Util.sanitize_integer(Request["bugid"]); int bugid = Convert.ToInt32(string_bugid); int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } string string_tsk_id = Util.sanitize_integer(Request["id"]); int tsk_id = Convert.ToInt32(string_tsk_id); if (IsPostBack) { // do delete here sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DbUtil.execute_nonquery(sql); Response.Redirect("tasks.aspx?bugid=" + string_bugid); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete task"; back_href.HRef = "tasks.aspx?bugid=" + string_bugid; sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]); } }
/////////////////////////////////////////////////////////////////////// // Send the emails in the queue protected static void actually_send_the_emails() { btnet.Util.write_to_log("actually_send_the_emails"); var sql = new SQLString(@"select * from queued_notifications where qn_status = N'not sent' and qn_retries < 3"); // create a new one, just in case there would be multithreading issues... // get the pending notifications DataSet ds = btnet.DbUtil.get_dataset(sql); foreach (DataRow dr in ds.Tables[0].Rows) { string err = ""; try { string to = (string)dr["qn_to"]; btnet.Util.write_to_log("sending email to " + to); // try to send it err = Email.send_email( (string)dr["qn_to"], (string)dr["qn_from"], "", // cc (string)dr["qn_subject"], (string)dr["qn_body"], MailFormat.Html); if (err == "") { sql = new SQLString("delete from queued_notifications where qn_id = @qn_id"); } } catch (Exception e) { err = e.Message; if (e.InnerException != null) { err += "; "; err += e.InnerException.Message; } } if (err != "") { sql = new SQLString("update queued_notifications set qn_retries = qn_retries + 1, qn_last_exception = @ex where qn_id = @qn_id"); sql = sql.AddParameterWithValue("@ex", err.Replace("'", "''")); } sql = sql.AddParameterWithValue("qn_id", Convert.ToString(dr["qn_id"])); // update the row or delete the row btnet.DbUtil.execute_nonquery(sql); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (Request.QueryString["ses"] != (string)Session["session_cookie"]) { Response.Write("session in URL doesn't match session cookie"); Response.End(); } var sql = new SQLString("delete from bug_subscriptions where bs_bug = @bg_id and bs_user = @us_id"); sql = sql.AddParameterWithValue("$bg_id", Util.sanitize_integer(Request["bg_id"])); sql = sql.AddParameterWithValue("$us_id", Util.sanitize_integer(Request["us_id"])); DbUtil.execute_nonquery(sql); Response.Redirect("view_subscribers.aspx?id=" + Util.sanitize_integer(Request["bg_id"])); }
/////////////////////////////////////////////////////////////////////// public static void apply_post_insert_rules(int bugid) { var sql = new SQLString(Util.get_setting("UpdateBugAfterInsertBugAspxSql", "")); if (!string.IsNullOrEmpty(sql.ToString())) { sql = sql.AddParameterWithValue("@BUGID", Convert.ToString(bugid)); btnet.DbUtil.execute_nonquery(sql); } }
/////////////////////////////////////////////////////////////////////// public static DataSet get_bug_posts(int bugid, bool external_user, bool history_inline) { SQLString sql = new SQLString(@" /* get_bug_posts */ select a.bp_bug, a.bp_comment, isnull(us_username,'') [us_username], case rtrim(us_firstname) when null then isnull(us_lastname, '') when '' then isnull(us_lastname, '') else isnull(us_lastname + ', ' + us_firstname,'') end [us_fullname], isnull(us_email,'') [us_email], a.bp_date, datediff(s,a.bp_date,getdate()) [seconds_ago], a.bp_id, a.bp_type, isnull(a.bp_email_from,'') bp_email_from, isnull(a.bp_email_to,'') bp_email_to, isnull(a.bp_email_cc,'') bp_email_cc, isnull(a.bp_file,'') bp_file, isnull(a.bp_size,0) bp_size, isnull(a.bp_content_type,'') bp_content_type, a.bp_hidden_from_external_users, isnull(ba.bp_file,'') ba_file, -- intentionally ba isnull(ba.bp_id,'') ba_id, -- intentionally ba isnull(ba.bp_size,'') ba_size, -- intentionally ba isnull(ba.bp_content_type,'') ba_content_type -- intentionally ba from bug_posts a left outer join users on us_id = a.bp_user left outer join bug_posts ba on ba.bp_parent = a.bp_id and ba.bp_bug = a.bp_bug where a.bp_bug = @id and a.bp_parent is null"); if (!history_inline) { sql.Append("\n and a.bp_type <> 'update'"); } if (external_user) { sql.Append("\n and a.bp_hidden_from_external_users = 0"); } sql.Append( "\n order by a.bp_id "); sql.Append( btnet.Util.get_setting("CommentSortOrder","desc")); sql.Append( ", ba.bp_parent, ba.bp_id"); sql = sql.AddParameterWithValue("@id", Convert.ToString(bugid)); return btnet.DbUtil.get_dataset(sql); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (Request.QueryString["ses"] != (string)Session["session_cookie"]) { Response.Write("session in URL doesn't match session cookie"); Response.End(); } var sql = new SQLString("delete from bug_subscriptions where bs_bug = @bg_id and bs_user = @us_id"); sql = sql.AddParameterWithValue("$bg_id", Util.sanitize_integer(Request["bg_id"])); sql = sql.AddParameterWithValue("$us_id", Util.sanitize_integer(Request["us_id"])); DbUtil.execute_nonquery(sql); Response.Redirect("view_subscribers.aspx?id=" + Util.sanitize_integer(Request["bg_id"])); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit priority"; msg.InnerText = ""; string var = Request.QueryString["id"]; if (var == null) { id = 0; } else { id = Convert.ToInt32(var); } if (!IsPostBack) { // add or edit? if (id == 0) { sub.Value = "Create"; } else { sub.Value = "Update"; // Get this entry's data from the db and fill in the form sql = new SQLString(@"select pr_name, pr_sort_seq, pr_background_color, isnull(pr_style,'') [pr_style], pr_default from priorities where pr_id = @id" ); sql = sql.AddParameterWithValue("id", id); DataRow dr = btnet.DbUtil.get_datarow(sql); // Fill in this form name.Value = (string)dr["pr_name"]; sort_seq.Value = Convert.ToString((int)dr["pr_sort_seq"]); color.Value = (string)dr["pr_background_color"]; style.Value = (string)dr["pr_style"]; default_selection.Checked = Convert.ToBoolean((int)dr["pr_default"]); } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanDeleteBugs()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } string id = Util.sanitize_integer(Request["id"]); int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(id), User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } if (IsPostBack) { Bug.delete_bug(Convert.ToInt32(row_id.Value)); Server.Transfer("bugs.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete " + Util.get_setting("SingularBugLabel", "bug"); back_href.HRef = "edit_bug.aspx?id=" + id; sql = new SQLString(@"select bg_short_desc from bugs where bg_id = @bugId"); sql = sql.AddParameterWithValue("bugId", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of " + Util.get_setting("SingularBugLabel", "bug") + ": " + Convert.ToString(dr["bg_short_desc"]); row_id.Value = id; } }
protected void Page_Load(object sender, EventArgs e) { var sql = new SQLString("select us_id, us_email, us_username from users"); using (var reader = DbUtil.execute_reader(sql, System.Data.CommandBehavior.Default)) { while (reader.Read()) { var id = reader.GetInt32(0); var updateQuery = new SQLString("update users set password_reset_key=@resetKey where us_id = @id"); updateQuery.AddParameterWithValue("@id", id); var resetKey = Util.GenerateRandomString(); updateQuery.AddParameterWithValue("@resetKey", resetKey); var emailAddress = reader.IsDBNull(1) ? "" : reader.GetString(1); var username = reader.GetString(2); DbUtil.execute_nonquery(updateQuery); SendMail(emailAddress, resetKey, username); } } }
protected void Page_Load(object sender, EventArgs e) { var sql = new SQLString("select us_id, us_email, us_username from users"); using (var reader = DbUtil.execute_reader(sql, System.Data.CommandBehavior.Default)) { while (reader.Read()) { var id = reader.GetInt32(0); var updateQuery = new SQLString("update users set password_reset_key=@resetKey where us_id = @id"); updateQuery.AddParameterWithValue("@id", id); var resetKey = Util.GenerateRandomString(); updateQuery.AddParameterWithValue("@resetKey", resetKey); var emailAddress = reader.IsDBNull(1) ? "" : reader.GetString(1); var username = reader.GetString(2); DbUtil.execute_nonquery(updateQuery); SendMail(emailAddress, resetKey, username); } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (Request.QueryString["ses"] != (string)Session["session_cookie"]) { Response.Write("session in URL doesn't match session cookie"); Response.End(); } string string_bugid = Util.sanitize_integer(Request["bugid"]); int bugid = Convert.ToInt32(string_bugid); int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } string string_tsk_id = Util.sanitize_integer(Request["id"]); int tsk_id = Convert.ToInt32(string_tsk_id); if (IsPostBack) { // do delete here sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DbUtil.execute_nonquery(sql); Response.Redirect("tasks.aspx?bugid=" + string_bugid); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete task"; back_href.HRef = "tasks.aspx?bugid=" + string_bugid; sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete priorities where pr_id = @prid"); sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("priorities.aspx"); } else { Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete priority"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_priority = @id select pr_name, @cnt [cnt] from priorities where pr_id = @id"); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete priority \"" + Convert.ToString(dr["pr_name"]) + "\" because some bugs still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["pr_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete orgs where og_id = @orgid"); sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("orgs.aspx"); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete organization"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from users where us_org = @orgid; select @cnt = @cnt + count(1) from queries where qu_org = @orgid; select @cnt = @cnt + count(1) from bugs where bg_org = @orgid; select og_name, @cnt [cnt] from orgs where og_id = @orgid"); sql = sql.AddParameterWithValue("orgid", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete organization \"" + Convert.ToString(dr["og_name"]) + "\" because some bugs, users, queries still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["og_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit user defined attribute value"; msg.InnerText = ""; string var = Request.QueryString["id"]; if (var == null) { id = 0; } else { id = Convert.ToInt32(var); } if (!IsPostBack) { // add or edit? if (id == 0) { sub.Value = "Create"; } else { sub.Value = "Update"; // Get this entry's data from the db and fill in the form sql = new SQLString(@"select udf_name, udf_sort_seq, udf_default from user_defined_attribute where udf_id = @udfid"); sql = sql.AddParameterWithValue("udfid", Convert.ToString(id)); DataRow dr = btnet.DbUtil.get_datarow(sql); // Fill in this form name.Value = (string)dr[0]; sort_seq.Value = Convert.ToString((int)dr[1]); default_selection.Checked = Convert.ToBoolean((int)dr["udf_default"]); } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanDeleteBugs()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } string id = Util.sanitize_integer(Request["id"]); int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(id), User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } if (IsPostBack) { Bug.delete_bug(Convert.ToInt32(row_id.Value)); Server.Transfer("bugs.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete " + Util.get_setting("SingularBugLabel", "bug"); back_href.HRef = "edit_bug.aspx?id=" + id; sql = new SQLString(@"select bg_short_desc from bugs where bg_id = @bugId"); sql = sql.AddParameterWithValue("bugId", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of " + Util.get_setting("SingularBugLabel", "bug") + ": " + Convert.ToString(dr["bg_short_desc"]); row_id.Value = id; } }
/////////////////////////////////////////////////////////////////////// public static void delete_bug(int bugid) { // delete attachements string id = Convert.ToString(bugid); string upload_folder = Util.get_upload_folder(); var sql = new SQLString(@"select bp_id, bp_file from bug_posts where bp_type = 'file' and bp_bug = @bg"); sql = sql.AddParameterWithValue("bg", id); DataSet ds = btnet.DbUtil.get_dataset(sql); if (upload_folder != null && upload_folder != "") { foreach (DataRow dr in ds.Tables[0].Rows) { // create path StringBuilder path = new StringBuilder(upload_folder); path.Append("\\"); path.Append(id); path.Append("_"); path.Append(Convert.ToString(dr["bp_id"])); path.Append("_"); path.Append(Convert.ToString(dr["bp_file"])); if (System.IO.File.Exists(path.ToString())) { System.IO.File.Delete(path.ToString()); } } } // delete the database entries sql = new SQLString(@" delete bug_post_attachments from bug_post_attachments inner join bug_posts on bug_post_attachments.bpa_post = bug_posts.bp_id where bug_posts.bp_bug = @bg delete from bug_posts where bp_bug = @bg delete from bug_subscriptions where bs_bug = @bg delete from bug_relationships where re_bug1 = @bg delete from bug_relationships where re_bug2 = @bg delete from bug_user where bu_bug = @bg delete from bug_tasks where tsk_bug = @bg delete from bugs where bg_id = @bg"); sql = sql.AddParameterWithValue("bg", id); btnet.DbUtil.execute_nonquery(sql); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit category"; msg.InnerText = ""; string var = Request.QueryString["id"]; if (var == null) { id = 0; } else { id = Convert.ToInt32(var); } if (!IsPostBack) { // add or edit? if (id == 0) { sub.Value = "Create"; } else { sub.Value = "Update"; // Get this entry's data from the db and fill in the form var sql = new SQLString(@"select ct_name, ct_sort_seq, ct_default from categories where ct_id = @categoryId"); sql = sql.AddParameterWithValue("categoryId", Convert.ToString(id)); DataRow dr = btnet.DbUtil.get_datarow(sql); // Fill in this form name.Value = (string)dr[0]; sort_seq.Value = Convert.ToString((int)dr[1]); default_selection.Checked = Convert.ToBoolean((int)dr["ct_default"]); } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { sql = new SQLString(@"update bug_posts set bp_comment = @cm, bp_comment_search = @cs, bp_content_type = @cn, bp_hidden_from_external_users = @internal where bp_id = @id select bg_short_desc from bugs where bg_id = @bugid"); if (use_fckeditor) { string text = Util.strip_dangerous_tags(comment.Value); sql = sql.AddParameterWithValue("cm", text.Replace("'", "'")); sql = sql.AddParameterWithValue("cs", Util.strip_html(comment.Value).Replace("'", "''")); sql = sql.AddParameterWithValue("cn", "text/html"); } else { sql = sql.AddParameterWithValue("cm", HttpUtility.HtmlDecode(comment.Value).Replace("'", "''")); sql = sql.AddParameterWithValue("cs", comment.Value.Replace("'", "''")); sql = sql.AddParameterWithValue("cn", "text/plain"); } sql = sql.AddParameterWithValue("id", Convert.ToString(id)); sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("internal", Util.bool_to_string(internal_only.Checked)); DataRow dr = DbUtil.get_datarow(sql); // Don't send notifications for internal only comments. // We aren't putting them the email notifications because it that makes it // easier for them to accidently get forwarded to the "wrong" people... if (!internal_only.Checked) { Bug.send_notifications(Bug.UPDATE, bugid, User.Identity); WhatsNew.add_news(bugid, (string)dr["bg_short_desc"], "updated", User.Identity); } Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid)); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete user_defined_attribute where udf_id = @udfid"); sql = sql.AddParameterWithValue("udfid", Util.sanitize_integer(row_id.Value)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("udfs.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete user defined attribute value"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_user_defined_attribute = @udfid select udf_name, @cnt [cnt] from user_defined_attribute where udf_id = @udfid"); sql = sql.AddParameterWithValue("udfid", id); DataRow dr = btnet.DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete value \"" + Convert.ToString(dr["udf_name"]) + "\" because some bugs still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["udf_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete priorities where pr_id = @prid"); sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("priorities.aspx"); } else { Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete priority"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_priority = @id select pr_name, @cnt [cnt] from priorities where pr_id = @id" ); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete priority \"" + Convert.ToString(dr["pr_name"]) + "\" because some bugs still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["pr_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } SQLString sql; if (IsPostBack) { // do delete here sql = new SQLString(@" delete reports where rp_id = @reportId; delete dashboard_items where ds_report = @reportId"); sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("reports.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete report"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"select rp_desc from reports where rp_id = @id"); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of report: " + Convert.ToString(dr["rp_desc"]); row_id.Value = id; } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete orgs where og_id = @orgid"); sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("orgs.aspx"); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete organization"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from users where us_org = @orgid; select @cnt = @cnt + count(1) from queries where qu_org = @orgid; select @cnt = @cnt + count(1) from bugs where bg_org = @orgid; select og_name, @cnt [cnt] from orgs where og_id = @orgid" ); sql = sql.AddParameterWithValue("orgid", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete organization \"" + Convert.ToString(dr["og_name"]) + "\" because some bugs, users, queries still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["og_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { if (id == 0) // insert new { sql = new SQLString(@"insert into priorities (pr_name, pr_sort_seq, pr_background_color, pr_style, pr_default) values (@na, @ss, @co, @st, @df)" ); } else // edit existing { sql = new SQLString(@"update priorities set pr_name = @na, pr_sort_seq = @ss, pr_background_color = @co, pr_style = @st, pr_default = @df where pr_id = @id" ); sql = sql.AddParameterWithValue("id", Convert.ToString(id)); } sql = sql.AddParameterWithValue("na", name.Value); sql = sql.AddParameterWithValue("ss", sort_seq.Value); sql = sql.AddParameterWithValue("co", color.Value); sql = sql.AddParameterWithValue("st", style.Value); sql = sql.AddParameterWithValue("df", Util.bool_to_string(default_selection.Checked)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("priorities.aspx"); } else { if (id == 0) // insert new { msg.InnerText = "Priority was not created."; } else // edit existing { msg.InnerText = "Priority was not updated."; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete user_defined_attribute where udf_id = @udfid"); sql = sql.AddParameterWithValue("udfid", Util.sanitize_integer(row_id.Value)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("udfs.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete user defined attribute value"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_user_defined_attribute = @udfid select udf_name, @cnt [cnt] from user_defined_attribute where udf_id = @udfid" ); sql = sql.AddParameterWithValue("udfid", id); DataRow dr = btnet.DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete value \"" + Convert.ToString(dr["udf_name"]) + "\" because some bugs still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["udf_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } SQLString sql; if (IsPostBack) { // do delete here sql = new SQLString(@" delete reports where rp_id = @reportId; delete dashboard_items where ds_report = @reportId"); sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("reports.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete report"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"select rp_desc from reports where rp_id = @id"); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of report: " + Convert.ToString(dr["rp_desc"]); row_id.Value = id; } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { if (id == 0) // insert new { sql = new SQLString("insert into statuses (st_name, st_sort_seq, st_style, st_default) values (@na, @ss, @st, @df)"); } else // edit existing { sql = new SQLString(@"update statuses set st_name = @na, st_sort_seq = @ss, st_style = @st, st_default = @df where st_id = @id" ); sql = sql.AddParameterWithValue("id", id); } sql = sql.AddParameterWithValue("na", name.Value); sql = sql.AddParameterWithValue("ss", sort_seq.Value); sql = sql.AddParameterWithValue("st", style.Value); sql = sql.AddParameterWithValue("df", Util.bool_to_string(default_selection.Checked)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("statuses.aspx"); } else { if (id == 0) // insert new { msg.InnerText = "Status was not created."; } else // edit existing { msg.InnerText = "Status was not updated."; } } }
/////////////////////////////////////////////////////////////////////// protected void on_update() { Boolean good = validate(); if (good) { SQLString sql; if (id == 0) // insert new { sql = new SQLString("insert into categories (ct_name, ct_sort_seq, ct_default) values (@na, @ss, @df)"); } else // edit existing { sql = new SQLString(@"update categories set ct_name = @na, ct_sort_seq = @ss, ct_default = @df where ct_id = @id" ); sql = sql.AddParameterWithValue("id", Convert.ToString(id)); } sql = sql.AddParameterWithValue("na", name.Value); sql = sql.AddParameterWithValue("ss", sort_seq.Value); sql = sql.AddParameterWithValue("df", Util.bool_to_string(default_selection.Checked)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("categories.aspx"); } else { if (id == 0) // insert new { msg.InnerText = "Category was not created."; } else // edit existing { msg.InnerText = "Category was not updated."; } } }
/////////////////////////////////////////////////////////////////////// private void on_update() { Boolean good = validate(); if (good) { if (id == 0) // insert new { sql = new SQLString("insert into user_defined_attribute (udf_name, udf_sort_seq, udf_default) values (@na, @ss, @df)"); } else // edit existing { sql = new SQLString(@"update user_defined_attribute set udf_name = @na, udf_sort_seq = @ss, udf_default = @df where udf_id = @id" ); sql = sql.AddParameterWithValue("id", Convert.ToString(id)); } sql = sql.AddParameterWithValue("na", name.Value); sql = sql.AddParameterWithValue("ss", sort_seq.Value); sql = sql.AddParameterWithValue("df", Util.bool_to_string(default_selection.Checked)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("udfs.aspx"); } else { if (id == 0) // insert new { msg.InnerText = "User defined attribute value was not created."; } else // edit existing { msg.InnerText = "User defined attribute value was not updated."; } } }
/////////////////////////////////////////////////////////////////////// public static int get_default_user(int projectid) { if (projectid == 0) { return(0); } var sql = new SQLString(@"select isnull(pj_default_user,0) from projects where pj_id = @pj" ); sql = sql.AddParameterWithValue("pj", Convert.ToString(projectid)); object obj = btnet.DbUtil.execute_scalar(sql); if (obj != null) { return((int)obj); } else { return(0); } }
/////////////////////////////////////////////////////////////////////// public void Page_Load(Object sender, EventArgs e) { btnet.Util.do_not_cache(Response); Page.Header.Title = btnet.Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "send email"; msg.InnerText = ""; string string_bp_id = Request["bp_id"]; string string_bg_id = Request["bg_id"]; string request_to = Request["to"]; string reply = Request["reply"]; enable_internal_posts = (Util.get_setting("EnableInternalOnlyPosts", "0") == "1"); if (!enable_internal_posts) { include_internal_posts.Visible = false; include_internal_posts_label.Visible = false; } if (!IsPostBack) { Session["email_addresses"] = null; DataRow dr = null; if (string_bp_id != null) { string_bp_id = btnet.Util.sanitize_integer(string_bp_id); sql = new SQLString(@"select bp_parent, bp_file, bp_id, bg_id, bg_short_desc, bp_email_from, bp_comment, bp_email_from, bp_date, bp_type, bp_content_type, bg_project, bp_hidden_from_external_users, isnull(us_signature,'') [us_signature], isnull(pj_pop3_email_from,'') [pj_pop3_email_from], isnull(us_email,'') [us_email], isnull(us_firstname,'') [us_firstname], isnull(us_lastname,'') [us_lastname] from bug_posts inner join bugs on bp_bug = bg_id inner join users on us_id = @us left outer join projects on bg_project = pj_id where bp_id = @id or (bp_parent = @id and bp_type='file')"); sql = sql.AddParameterWithValue("id", string_bp_id); sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId())); DataView dv = btnet.DbUtil.get_dataview(sql); dr = null; if (dv.Count > 0) { dv.RowFilter = "bp_id = " + string_bp_id; if (dv.Count > 0) { dr = dv[0].Row; } } int int_bg_id = (int)dr["bg_id"]; int permission_level = btnet.Bug.get_bug_permission_level(int_bg_id, User.Identity); if (permission_level == PermissionLevel.None) { Response.Write("You are not allowed to view this item"); Response.End(); } if ((int)dr["bp_hidden_from_external_users"] == 1) { if (User.Identity.GetIsExternalUser()) { Response.Write("You are not allowed to view this post"); Response.End(); } } string_bg_id = Convert.ToString(dr["bg_id"]); back_href.HRef = "edit_bug.aspx?id=" + string_bg_id; bg_id.Value = string_bg_id; to.Value = dr["bp_email_from"].ToString(); // Work around for a mysterious bug: // http://sourceforge.net/tracker/?func=detail&aid=2815733&group_id=66812&atid=515837 if (btnet.Util.get_setting("StripDisplayNameFromEmailAddress", "0") == "1") { to.Value = Email.simplify_email_address(to.Value); } load_from_dropdown(dr, true); // list the project's email address first if (reply != null && reply == "all") { Regex regex = new Regex("\n"); string[] lines = regex.Split((string)dr["bp_comment"]); string cc_addrs = ""; int max = lines.Length < 5 ? lines.Length : 5; // gather cc addresses, which might include the current user for (int i = 0; i < max; i++) { if (lines[i].StartsWith("To:") || lines[i].StartsWith("Cc:")) { string cc_addr = lines[i].Substring(3, lines[i].Length - 3).Trim(); // don't cc yourself if (cc_addr.IndexOf(from.SelectedItem.Value) == -1) { if (cc_addrs != "") { cc_addrs += ","; } cc_addrs += cc_addr; } } } cc.Value = cc_addrs; } if (dr["us_signature"].ToString() != "") { if (User.Identity.GetUseFCKEditor()) { body.Value += "<br><br><br>"; body.Value += dr["us_signature"].ToString().Replace("\r\n", "<br>"); body.Value += "<br><br><br>"; } else { body.Value += "\n\n\n"; body.Value += dr["us_signature"].ToString(); body.Value += "\n\n\n"; } } if (Request["quote"] != null) { Regex regex = new Regex("\n"); string[] lines = regex.Split((string)dr["bp_comment"]); if (dr["bp_type"].ToString() == "received") { if (User.Identity.GetUseFCKEditor()) { body.Value += "<br><br><br>"; body.Value += ">From: " + dr["bp_email_from"].ToString().Replace("<", "<").Replace(">", ">") + "<br>"; } else { body.Value += "\n\n\n"; body.Value += ">From: " + dr["bp_email_from"] + "\n"; } } bool next_line_is_date = false; for (int i = 0; i < lines.Length; i++) { if (i < 4 && (lines[i].IndexOf("To:") == 0 || lines[i].IndexOf("Cc:") == 0)) { next_line_is_date = true; if (User.Identity.GetUseFCKEditor()) { body.Value += ">" + lines[i].Replace("<", "<").Replace(">", ">") + "<br>"; } else { body.Value += ">" + lines[i] + "\n"; } } else if (next_line_is_date) { next_line_is_date = false; if (User.Identity.GetUseFCKEditor()) { body.Value += ">Date: " + Convert.ToString(dr["bp_date"]) + "<br>><br>"; } else { body.Value += ">Date: " + Convert.ToString(dr["bp_date"]) + "\n>\n"; } } else { if (User.Identity.GetUseFCKEditor()) { if (Convert.ToString(dr["bp_content_type"]) != "text/html") { body.Value += ">" + lines[i].Replace("<", "<").Replace(">", ">") + "<br>"; } else { if (i == 0) { body.Value += "<hr>"; } body.Value += lines[i]; } } else { body.Value += ">" + lines[i] + "\n"; } } } } if (reply == "forward") { to.Value = ""; //original attachments //dv.RowFilter = "bp_parent = " + string_bp_id; dv.RowFilter = "bp_type = 'file'"; foreach (DataRowView drv in dv) { attachments_label.InnerText = "Select attachments to forward:"; lstAttachments.Items.Add(new ListItem(drv["bp_file"].ToString(), drv["bp_id"].ToString())); } } } else if (string_bg_id != null) { string_bg_id = btnet.Util.sanitize_integer(string_bg_id); int permission_level = btnet.Bug.get_bug_permission_level(Convert.ToInt32(string_bg_id), User.Identity); if (permission_level == PermissionLevel.None || permission_level == PermissionLevel.ReadOnly) { Response.Write("You are not allowed to edit this item"); Response.End(); } sql = new SQLString(@"select bg_short_desc, bg_project, isnull(us_signature,'') [us_signature], isnull(us_email,'') [us_email], isnull(us_firstname,'') [us_firstname], isnull(us_lastname,'') [us_lastname], isnull(pj_pop3_email_from,'') [pj_pop3_email_from] from bugs inner join users on us_id = @us left outer join projects on bg_project = pj_id where bg_id = @bg"); sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId())); sql = sql.AddParameterWithValue("bg", string_bg_id); dr = btnet.DbUtil.get_datarow(sql); load_from_dropdown(dr, false); // list the user's email first, then the project back_href.HRef = "edit_bug.aspx?id=" + string_bg_id; bg_id.Value = string_bg_id; if (request_to != null) { to.Value = request_to; } // Work around for a mysterious bug: // http://sourceforge.net/tracker/?func=detail&aid=2815733&group_id=66812&atid=515837 if (btnet.Util.get_setting("StripDisplayNameFromEmailAddress", "0") == "1") { to.Value = Email.simplify_email_address(to.Value); } if (dr["us_signature"].ToString() != "") { if (User.Identity.GetUseFCKEditor()) { body.Value += "<br><br><br>"; body.Value += dr["us_signature"].ToString().Replace("\r\n", "<br>"); } else { body.Value += "\n\n\n"; body.Value += dr["us_signature"].ToString(); } } } short_desc.Value = (string)dr["bg_short_desc"]; if (string_bp_id != null || string_bg_id != null) { subject.Value = (string)dr["bg_short_desc"] + " (" + btnet.Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:") + bg_id.Value + ")"; // for determining which users to show in "address book" project = (int)dr["bg_project"]; } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { sql = new SQLString(@"update bug_posts set bp_comment = @comment, bp_hidden_from_external_users = @internal where bp_id = @bugPostId"); sql = sql.AddParameterWithValue("bugPostId", Convert.ToString(id)); sql = sql.AddParameterWithValue("comment", desc.Value.Replace("'", "''")); sql = sql.AddParameterWithValue("internal", btnet.Util.bool_to_string(internal_only.Checked)); btnet.DbUtil.execute_nonquery(sql); if (!internal_only.Checked) { btnet.Bug.send_notifications(btnet.Bug.UPDATE, bugid, User.Identity); } Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid)); } else { msg.InnerText = "Attachment was not updated."; } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs"); Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit attachment"; msg.InnerText = ""; string var = Request.QueryString["id"]; id = Convert.ToInt32(var); var = Request.QueryString["bug_id"]; bugid = Convert.ToInt32(var); int permission_level = btnet.Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } if (User.Identity.GetIsExternalUser() || Util.get_setting("EnableInternalOnlyPosts", "0") == "0") { internal_only.Visible = false; internal_only_label.Visible = false; } if (!IsPostBack) { // Get this entry's data from the db and fill in the form sql = new SQLString(@"select bp_comment, bp_file, bp_hidden_from_external_users from bug_posts where bp_id = @bugPostId"); sql = sql.AddParameterWithValue("bugPostId", Convert.ToString(id)); DataRow dr = btnet.DbUtil.get_datarow(sql); // Fill in this form desc.Value = (string)dr["bp_comment"]; filename.InnerText = (string)dr["bp_file"]; internal_only.Checked = Convert.ToBoolean((int)dr["bp_hidden_from_external_users"]); } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { if (tsk_id == 0) // insert new { sql = new SQLString(@" insert into bug_tasks ( tsk_bug, tsk_created_user, tsk_created_date, tsk_last_updated_user, tsk_last_updated_date, tsk_assigned_to_user, tsk_planned_start_date, tsk_actual_start_date, tsk_planned_end_date, tsk_actual_end_date, tsk_planned_duration, tsk_actual_duration, tsk_duration_units, tsk_percent_complete, tsk_status, tsk_sort_sequence, tsk_description ) values ( @tsk_bug, @tsk_created_user, getdate(), @tsk_last_updated_user, getdate(), @tsk_assigned_to_user, @tsk_planned_start_date, @tsk_actual_start_date, @tsk_planned_end_date, @tsk_actual_end_date, @tsk_planned_duration, @tsk_actual_duration, @tsk_duration_units, @tsk_percent_complete, @tsk_status, @tsk_sort_sequence, @tsk_description ); declare @tsk_id int select @tsk_id = scope_identity() insert into bug_posts (bp_bug, bp_user, bp_date, bp_comment, bp_type) values(@tsk_bug, @tsk_last_updated_user, getdate(), N'added task ' + convert(varchar, @tsk_id), 'update')"); sql = sql.AddParameterWithValue("tsk_created_user", Convert.ToString(User.Identity.GetUserId())); } else // edit existing { sql = new SQLString(@" update bug_tasks set tsk_last_updated_user = @tsk_last_updated_user, tsk_last_updated_date = getdate(), tsk_assigned_to_user = @tsk_assigned_to_user, tsk_planned_start_date = '@tsk_planned_start_date', tsk_actual_start_date = '@tsk_actual_start_date', tsk_planned_end_date = '@tsk_planned_end_date', tsk_actual_end_date = '@tsk_actual_end_date', tsk_planned_duration = @tsk_planned_duration, tsk_actual_duration = @tsk_actual_duration, tsk_duration_units = @tsk_duration_units, tsk_percent_complete = @tsk_percent_complete, tsk_status = @tsk_status, tsk_sort_sequence = @tsk_sort_sequence, tsk_description = @tsk_description where tsk_id = @tsk_id; insert into bug_posts (bp_bug, bp_user, bp_date, bp_comment, bp_type) values(@tsk_bug, @tsk_last_updated_user, getdate(), N'updated task ' + @tsk_id, 'update')"); sql = sql.AddParameterWithValue("tsk_id", Convert.ToString(tsk_id)); } sql = sql.AddParameterWithValue("tsk_bug", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("tsk_last_updated_user", Convert.ToString(User.Identity.GetUserId())); sql = sql.AddParameterWithValue("tsk_planned_start_date", format_date_hour_min( planned_start_date.Value, planned_start_hour.SelectedItem.Value, planned_start_min.SelectedItem.Value)); sql = sql.AddParameterWithValue("tsk_actual_start_date", format_date_hour_min( actual_start_date.Value, actual_start_hour.SelectedItem.Value, actual_start_min.SelectedItem.Value)); sql = sql.AddParameterWithValue("tsk_planned_end_date", format_date_hour_min( planned_end_date.Value, planned_end_hour.SelectedItem.Value, planned_end_min.SelectedItem.Value)); sql = sql.AddParameterWithValue("tsk_actual_end_date", format_date_hour_min( actual_end_date.Value, actual_end_hour.SelectedItem.Value, actual_end_min.SelectedItem.Value)); sql = sql.AddParameterWithValue("tsk_planned_duration", format_decimal_for_db(planned_duration.Value)); sql = sql.AddParameterWithValue("tsk_actual_duration", format_decimal_for_db(actual_duration.Value)); sql = sql.AddParameterWithValue("tsk_percent_complete", format_number_for_db(percent_complete.Value)); sql = sql.AddParameterWithValue("tsk_status", status.SelectedItem.Value); sql = sql.AddParameterWithValue("tsk_sort_sequence", format_number_for_db(sort_sequence.Value)); sql = sql.AddParameterWithValue("tsk_assigned_to_user", assigned_to.SelectedItem.Value); sql = sql.AddParameterWithValue("tsk_description", desc.Value); sql = sql.AddParameterWithValue("tsk_duration_units", duration_units.SelectedItem.Value); DbUtil.execute_nonquery(sql); Bug.send_notifications(Bug.UPDATE, bugid, User.Identity); Response.Redirect("tasks.aspx?bugid=" + Convert.ToString(bugid)); } else { if (tsk_id == 0) // insert new { msg.InnerText = "Task was not created."; } else // edit existing { msg.InnerText = "Task was not updated."; } } }
/////////////////////////////////////////////////////////////////////// public static int insert_comment( int bugid, int this_usid, string comment_formated, string comment_search, string from, string cc, string content_type, bool internal_only) { if (comment_formated != "") { var sql = new SQLString(@" declare @now datetime set @now = getdate() insert into bug_posts (bp_bug, bp_user, bp_date, bp_comment, bp_comment_search, bp_email_from, bp_email_cc, bp_type, bp_content_type, bp_hidden_from_external_users) values( @id, @us, @now, @comment_formatted, @comment_search, @from, @cc, @type, @content_type, @internal) select scope_identity();"); if (from != null) { // Update the bugs timestamp here. // We don't do it unconditionally because it would mess up the locking. // The edit_bug.aspx page gets its snapshot timestamp from the update of the bug // row, not the comment row, so updating the bug again would confuse it. sql.Append(@"update bugs set bg_last_updated_date = @now, bg_last_updated_user = @us where bg_id = @id"); sql = sql.AddParameterWithValue("@from", from); sql = sql.AddParameterWithValue("@type", "received"); // received email } else { sql = sql.AddParameterWithValue("@from", null); sql = sql.AddParameterWithValue("@type", "comment"); // bug comment } sql = sql.AddParameterWithValue("@id", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("@us", Convert.ToString(this_usid)); sql = sql.AddParameterWithValue("@comment_formatted", comment_formated); sql = sql.AddParameterWithValue("@comment_search", comment_search); sql = sql.AddParameterWithValue("@content_type", content_type); if (cc == null) { cc = ""; } sql = sql.AddParameterWithValue("@cc", cc); sql = sql.AddParameterWithValue("@internal", btnet.Util.bool_to_string(internal_only)); return Convert.ToInt32(btnet.DbUtil.execute_scalar(sql)); } else { return 0; } }
/////////////////////////////////////////////////////////////////////// public static void print_bug (HttpResponse Response, DataRow dr, IIdentity identity, bool include_style, bool images_inline, bool history_inline, bool internal_posts) { int bugid = Convert.ToInt32(dr["id"]); string string_bugid = Convert.ToString(bugid); if (include_style) // when sending emails { Response.Write("\n<style>\n"); // If this file exists, use it. string css_for_email_file = Util.GetAbsolutePath("custom\\btnet_css_for_email.css"); try { if (System.IO.File.Exists(css_for_email_file)) { Response.WriteFile(css_for_email_file); Response.Write("\n"); } else { css_for_email_file = Util.GetAbsolutePath("btnet_base.css"); Response.WriteFile(css_for_email_file); Response.Write("\n"); css_for_email_file = Util.GetAbsolutePath("custom\\btnet_custom.css"); if (System.IO.File.Exists(css_for_email_file)) { Response.WriteFile(css_for_email_file); Response.Write("\n"); } } } catch (Exception e) { btnet.Util.write_to_log("Exception trying to read css file for email \"" + css_for_email_file + "\":" + e.Message); } // underline links in the emails to make them more obvious Response.Write("\na {text-decoration: underline; }"); Response.Write("\na:visited {text-decoration: underline; }"); Response.Write("\na:hover {text-decoration: underline; }"); Response.Write("\n</style>\n"); } Response.Write ("<body style='background:white'>"); Response.Write ("<b>" + btnet.Util.capitalize_first_letter(btnet.Util.get_setting("SingularBugLabel","bug")) + " ID: <a href=" + btnet.Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/") + "edit_bug.aspx?id=" + string_bugid + ">" + string_bugid + "</a>"); if (btnet.Util.get_setting("EnableMobile", "0") == "1") { Response.Write( " Mobile link: <a href=" + btnet.Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/") + "mbug.aspx?id=" + string_bugid + ">" + btnet.Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/") + "mbug.aspx?id=" + string_bugid + "</a>"); } Response.Write("<br>"); Response.Write ("Short desc: <a href=" + btnet.Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/") + "edit_bug.aspx?id=" + string_bugid + ">" + HttpUtility.HtmlEncode((string)dr["short_desc"]) + "</a></b><p>"); // start of the table with the bug fields Response.Write ("\n<table border=1 cellpadding=3 cellspacing=0>"); Response.Write("\n<tr><td>Last changed by<td>" + format_username((string)dr["last_updated_user"],(string)dr["last_updated_fullname"]) + " "); Response.Write("\n<tr><td>Reported By<td>" + format_username((string)dr["reporter"],(string)dr["reporter_fullname"]) + " "); Response.Write("\n<tr><td>Reported On<td>" + btnet.Util.format_db_date_and_time(dr["reported_date"]) + " "); if (identity.GetTagsFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Tags<td>" + dr["bg_tags"] + " "); if (identity.GetProjectFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Project<td>" + dr["current_project"] + " "); if (identity.GetOrgFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Organization<td>" + dr["og_name"] + " "); if (identity.GetCategoryFieldPermissionLevel()> 0) Response.Write("\n<tr><td>Category<td>" + dr["category_name"] + " "); if (identity.GetPriorityFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Priority<td>" + dr["priority_name"] + " "); if (identity.GetAssignedToFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Assigned<td>" + format_username((string)dr["assigned_to_username"],(string)dr["assigned_to_fullname"]) + " "); if (identity.GetStatusFieldPermissionLevel() > 0) Response.Write("\n<tr><td>Status<td>" + dr["status_name"] + " "); if (identity.GetUdfFieldPermissionLevel() > 0) if (btnet.Util.get_setting("ShowUserDefinedBugAttribute","1") == "1") { Response.Write("\n<tr><td>" + btnet.Util.get_setting("UserDefinedBugAttributeName","YOUR ATTRIBUTE") + "<td>" + dr["udf_name"] + " "); } // Get custom column info (There's an inefficiency here - we just did this // same call in get_bug_datarow...) // create project custom dropdowns if ((int)dr["project"] != 0) { var sql = new SQLString(@"select isnull(pj_enable_custom_dropdown1,0) [pj_enable_custom_dropdown1], isnull(pj_enable_custom_dropdown2,0) [pj_enable_custom_dropdown2], isnull(pj_enable_custom_dropdown3,0) [pj_enable_custom_dropdown3], isnull(pj_custom_dropdown_label1,'') [pj_custom_dropdown_label1], isnull(pj_custom_dropdown_label2,'') [pj_custom_dropdown_label2], isnull(pj_custom_dropdown_label3,'') [pj_custom_dropdown_label3] from projects where pj_id = @pj"); sql = sql.AddParameterWithValue("pj", Convert.ToString((int)dr["project"])); DataRow project_dr = btnet.DbUtil.get_datarow(sql); if (project_dr != null) { for (int i = 1; i < 4; i++) { if ((int)project_dr["pj_enable_custom_dropdown" + Convert.ToString(i)] == 1) { Response.Write("\n<tr><td>"); Response.Write (project_dr["pj_custom_dropdown_label" + Convert.ToString(i)]); Response.Write ("<td>"); Response.Write (dr["bg_project_custom_dropdown_value" + Convert.ToString(i)]); Response.Write (" "); } } } } Response.Write("\n</table><p>"); // end of the table with the bug fields // Relationships if (btnet.Util.get_setting("EnableRelationships", "0") == "1") { write_relationships(Response, bugid); } // Tasks if (btnet.Util.get_setting("EnableTasks", "0") == "1") { write_tasks(Response, bugid); } DataSet ds_posts = get_bug_posts(bugid, identity.GetIsExternalUser(), history_inline); write_posts ( ds_posts, Response, bugid, 0, false, /* don't write links */ images_inline, history_inline, internal_posts, identity); Response.Write ("</body>"); }
/////////////////////////////////////////////////////////////////////// // This used to send the emails, but not now. Now it just queues // the emails to be sent, then spawns a thread to send them. public static void send_notifications(int insert_or_update, // The implementation int bugid, IIdentity identity, int just_to_this_userid, bool status_changed, bool assigned_to_changed, int prev_assigned_to_user) { // If there's something worth emailing about, then there's // probably something worth updating the index about. // Really, though, we wouldn't want to update the index if it were // just the status that were changing... if (btnet.Util.get_setting("EnableSearch", "1") == "1") { IBugSearch search = BugSearchFactory.CreateBugSearch(); search.IndexBug(bugid); } bool notification_email_enabled = (btnet.Util.get_setting("NotificationEmailEnabled", "1") == "1"); if (!notification_email_enabled) { return; } // MAW -- 2006/01/27 -- Determine level of change detected int changeLevel = 0; if (insert_or_update == INSERT) { changeLevel = 1; } else if (status_changed) { changeLevel = 2; } else if (assigned_to_changed) { changeLevel = 3; } else { changeLevel = 4; } SQLString sql; if (just_to_this_userid > 0) { sql = new SQLString(@" /* get notification email for just one user */ select us_email, us_id, us_admin, og.* from bug_subscriptions inner join users on bs_user = us_id inner join orgs og on us_org = og_id inner join bugs on bg_id = bs_bug left outer join project_user_xref on pu_user = us_id and pu_project = bg_project where us_email is not null and us_enable_notifications = 1 -- @status_change and us_active = 1 and us_email <> '' and case when us_org <> bg_org and og_other_orgs_permission_level < 2 and og_other_orgs_permission_level < isnull(pu_permission_level,@dpl) then og_other_orgs_permission_level else isnull(pu_permission_level,@dpl) end <> 0 and bs_bug = @id and us_id = @just_this_usid"); sql = sql.AddParameterWithValue("just_this_usid", Convert.ToString(just_to_this_userid)); } else { // MAW -- 2006/01/27 -- Added different notifications if reported or assigned-to sql = new SQLString(@" /* get notification emails for all subscribers */ select us_email, us_id, us_username, us_admin, og.* from bug_subscriptions inner join users on bs_user = us_id inner join orgs og on us_org = og_id inner join bugs on bg_id = bs_bug left outer join project_user_xref on pu_user = us_id and pu_project = bg_project where us_email is not null and us_enable_notifications = 1 -- @status_change and us_active = 1 and us_email <> '' and ( (@cl <= us_reported_notifications and bg_reported_user = bs_user) or (@cl <= us_assigned_notifications and bg_assigned_to_user = bs_user) or (@cl <= us_assigned_notifications and @pau = bs_user) or (@cl <= us_subscribed_notifications)) and case when us_org <> bg_org and og_other_orgs_permission_level < 2 and og_other_orgs_permission_level < isnull(pu_permission_level,@dpl) then og_other_orgs_permission_level else isnull(pu_permission_level,@dpl) end <> 0 and bs_bug = @id and (us_id <> @us or isnull(us_send_notifications_to_self,0) = 1)"); } sql = sql.AddParameterWithValue("@cl", changeLevel); sql = sql.AddParameterWithValue("@pau", prev_assigned_to_user); sql = sql.AddParameterWithValue("@id", bugid); sql = sql.AddParameterWithValue("@dpl", Convert.ToInt32(btnet.Util.get_setting("DefaultPermissionLevel", "2"))); sql = sql.AddParameterWithValue("@us", identity.GetUserId()); DataSet ds_subscribers = btnet.DbUtil.get_dataset(sql); if (ds_subscribers.Tables[0].Rows.Count > 0) { bool added_to_queue = false; // Get bug html DataRow bug_dr = btnet.Bug.get_bug_datarow(bugid, identity); string from = btnet.Util.get_setting("NotificationEmailFrom", ""); // Format the subject line string subject = btnet.Util.get_setting("NotificationSubjectFormat", "$THING$:$BUGID$ was $ACTION$ - $SHORTDESC$ $TRACKINGID$"); subject = subject.Replace("$THING$", btnet.Util.capitalize_first_letter(btnet.Util.get_setting("SingularBugLabel", "bug"))); string action = ""; if (insert_or_update == INSERT) { action = "added"; } else { action = "updated"; } subject = subject.Replace("$ACTION$", action); subject = subject.Replace("$BUGID$", Convert.ToString(bugid)); subject = subject.Replace("$SHORTDESC$", (string)bug_dr["short_desc"]); string tracking_id = " ("; tracking_id += btnet.Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"); tracking_id += Convert.ToString(bugid); tracking_id += ")"; subject = subject.Replace("$TRACKINGID$", tracking_id); subject = subject.Replace("$PROJECT$", (string)bug_dr["current_project"]); subject = subject.Replace("$ORGANIZATION$", (string)bug_dr["og_name"]); subject = subject.Replace("$CATEGORY$", (string)bug_dr["category_name"]); subject = subject.Replace("$PRIORITY$", (string)bug_dr["priority_name"]); subject = subject.Replace("$STATUS$", (string)bug_dr["status_name"]); subject = subject.Replace("$ASSIGNED_TO$", (string)bug_dr["assigned_to_username"]); // send a separate email to each subscriber foreach (DataRow dr in ds_subscribers.Tables[0].Rows) { string to = (string)dr["us_email"]; // Create a fake response and let the code // write the html to that response System.IO.StringWriter writer = new System.IO.StringWriter(); HttpResponse my_response = new HttpResponse(writer); my_response.Write("<html>"); my_response.Write("<base href=\"" + btnet.Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/") + "\"/>"); // create a security rec for the user receiving the email IIdentity identity2 = Security.Security.GetIdentity((string)dr["us_username"]); PrintBug.print_bug( my_response, bug_dr, identity2, true, // include style false, // images_inline true, // history_inline true); // internal_posts // at this point "writer" has the bug html sql = new SQLString(@" delete from queued_notifications where qn_bug = @bug and qn_to = @to insert into queued_notifications (qn_date_created, qn_bug, qn_user, qn_status, qn_retries, qn_to, qn_from, qn_subject, qn_body, qn_last_exception) values (getdate(), @bug, @user, N''not sent', 0, @to, @from, @subject, @body, N'')"); sql = sql.AddParameterWithValue("@bug", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("@user", Convert.ToString(dr["us_id"])); sql = sql.AddParameterWithValue("@to", to); sql = sql.AddParameterWithValue("@from", from); sql = sql.AddParameterWithValue("@subject", subject); sql = sql.AddParameterWithValue("@body", writer.ToString()); btnet.DbUtil.execute_nonquery_without_logging(sql); added_to_queue = true; } // end loop through ds_subscribers if (added_to_queue) { // spawn a worker thread to send the emails System.Threading.Thread thread = new System.Threading.Thread(threadproc_notifications); thread.Start(); } } // if there are any subscribers }
/////////////////////////////////////////////////////////////////////// void load_users_dropdowns(int bugid) { // What's selected now? Save it before we refresh the dropdown. string current_value = ""; if (IsPostBack) { current_value = assigned_to.SelectedItem.Value; } sql = new SQLString(@" declare @project int declare @assigned_to int select @project = bg_project, @assigned_to = bg_assigned_to_user from bugs where bg_id = @bg_id"); // Load the user dropdown, which changes per project // Only users explicitly allowed will be listed if (Util.get_setting("DefaultPermissionLevel", "2") == "0") { sql.Append(@" /* users this project */ select us_id, case when @fullnames=1 then us_lastname + ', ' + us_firstname else us_username end us_username from users inner join orgs on us_org = og_id where us_active = 1 and og_can_be_assigned_to = 1 and (@og_other_orgs_permission_level <> 0 or @og_id = og_id or og_external_user = 0) and us_id in (select pu_user from project_user_xref where pu_project = @project and pu_permission_level <> 0) order by us_username; "); } // Only users explictly DISallowed will be omitted else { sql.Append(@" /* users this project */ select us_id, case when @fullnames =1 then us_lastname + ', ' + us_firstname else us_username end us_username from users inner join orgs on us_org = og_id where us_active = 1 and og_can_be_assigned_to = 1 and (@og_other_orgs_permission_level <> 0 or @og_id = og_id or og_external_user = 0) and us_id not in (select pu_user from project_user_xref where pu_project = @project and pu_permission_level = 0) order by us_username; "); } sql.Append("\nselect st_id, st_name from statuses order by st_sort_seq, st_name"); sql.Append("\nselect isnull(@assigned_to,0) "); sql = sql.AddParameterWithValue("og_id", User.Identity.GetOrganizationId()); sql = sql.AddParameterWithValue("og_other_orgs_permission_level", User.Identity.GetOtherOrgsPermissionLevels()); sql = sql.AddParameterWithValue("bg_id", bugid); if (Util.get_setting("UseFullNames", "0") == "0") { // false condition sql = sql.AddParameterWithValue("fullnames", 0); } else { // true condition sql = sql.AddParameterWithValue("fullnames", 1); } DataSet dataSet = DbUtil.get_dataset(sql); assigned_to.DataSource = new DataView((DataTable)dataSet.Tables[0]); assigned_to.DataTextField = "us_username"; assigned_to.DataValueField = "us_id"; assigned_to.DataBind(); assigned_to.Items.Insert(0, new ListItem("[not assigned]", "0")); status.DataSource = new DataView((DataTable)dataSet.Tables[1]); status.DataTextField = "st_name"; status.DataValueField = "st_id"; status.DataBind(); status.Items.Insert(0, new ListItem("[no status]", "0")); // by default, assign the entry to the same user to whom the bug is assigned to? // or should it be assigned to the logged in user? if (tsk_id == 0) { int default_assigned_to_user = (int)dataSet.Tables[2].Rows[0][0]; ListItem li = assigned_to.Items.FindByValue(Convert.ToString(default_assigned_to_user)); if (li != null) { li.Selected = true; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); msg.InnerText = ""; string string_bugid = Util.sanitize_integer(Request["bugid"]); bugid = Convert.ToInt32(string_bugid); int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit tasks for this item"); Response.End(); } if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditTasks()) { // allowed } else { Response.Write("You are not allowed to edit tasks"); Response.End(); } string string_tsk_id = Util.sanitize_integer(Request["id"]); tsk_id_static.InnerHtml = string_tsk_id; tsk_id = Convert.ToInt32(string_tsk_id); if (!IsPostBack) { Master.Menu.SelectedItem = "admin"; Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit task"; bugid_label.InnerHtml = Util.capitalize_first_letter(Util.get_setting("SingularBugLabel", "bug")) + " ID:"; bugid_static.InnerHtml = Convert.ToString(bugid); load_users_dropdowns(bugid); if (Util.get_setting("ShowTaskAssignedTo", "1") == "0") { assigned_to_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedStartDate", "1") == "0") { planned_start_date_tr.Visible = false; } if (Util.get_setting("ShowTaskActualStartDate", "1") == "0") { actual_start_date_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedEndDate", "1") == "0") { planned_end_date_tr.Visible = false; } if (Util.get_setting("ShowTaskActualEndDate", "1") == "0") { actual_end_date_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedDuration", "1") == "0") { planned_duration_tr.Visible = false; } if (Util.get_setting("ShowTaskActualDuration", "1") == "0") { actual_duration_tr.Visible = false; } if (Util.get_setting("ShowTaskDurationUnits", "1") == "0") { duration_units_tr.Visible = false; } if (Util.get_setting("ShowTaskPercentComplete", "1") == "0") { percent_complete_tr.Visible = false; } if (Util.get_setting("ShowTaskStatus", "1") == "0") { status_tr.Visible = false; } if (Util.get_setting("ShowTaskSortSequence", "1") == "0") { sort_sequence_tr.Visible = false; } // add or edit? if (tsk_id == 0) { tsk_id_tr.Visible = false; sub.Value = "Create"; string default_duration_units = Util.get_setting("TaskDefaultDurationUnits", "hours"); duration_units.Items.FindByText(default_duration_units).Selected = true; string default_hour = Util.get_setting("TaskDefaultHour", "09"); planned_start_hour.Items.FindByText(default_hour).Selected = true; actual_start_hour.Items.FindByText(default_hour).Selected = true; planned_end_hour.Items.FindByText(default_hour).Selected = true; actual_end_hour.Items.FindByText(default_hour).Selected = true; string default_status = Util.get_setting("TaskDefaultStatus", "[no status]"); status.Items.FindByText(default_status).Selected = true; } else { // Get this entry's data from the db and fill in the form sql = new SQLString(@"select * from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", Convert.ToString(tsk_id)); sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid)); DataRow dr = DbUtil.get_datarow(sql); assigned_to.Items.FindByValue(Convert.ToString(dr["tsk_assigned_to_user"])).Selected = true; duration_units.Items.FindByText(Convert.ToString(dr["tsk_duration_units"])).Selected = true; status.Items.FindByValue(Convert.ToString(dr["tsk_status"])).Selected = true; planned_duration.Value = Util.format_db_value(dr["tsk_planned_duration"]); actual_duration.Value = Util.format_db_value(dr["tsk_actual_duration"]); percent_complete.Value = Convert.ToString(dr["tsk_percent_complete"]); sort_sequence.Value = Convert.ToString(dr["tsk_sort_sequence"]); desc.Value = Convert.ToString(dr["tsk_description"]); load_date_hour_min( planned_start_date, planned_start_hour, planned_start_min, dr["tsk_planned_start_date"]); load_date_hour_min( actual_start_date, actual_start_hour, actual_start_min, dr["tsk_actual_start_date"]); load_date_hour_min( planned_end_date, planned_end_hour, planned_end_min, dr["tsk_planned_end_date"]); load_date_hour_min( actual_end_date, actual_end_hour, actual_end_min, dr["tsk_actual_end_date"]); sub.Value = "Update"; } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// void on_update() { if (!validate()) return; sql = new SQLString(@" insert into bug_posts (bp_bug, bp_user, bp_date, bp_comment, bp_comment_search, bp_email_from, bp_email_to, bp_type, bp_content_type, bp_email_cc) values(@id, @us, getdate(), @cm, @cs, @fr, @to, 'sent', @ct, @cc); select scope_identity() update bugs set bg_last_updated_user = @us, bg_last_updated_date = getdate() where bg_id = @id"); sql = sql.AddParameterWithValue("id", bg_id.Value); sql = sql.AddParameterWithValue("us", Convert.ToString(User.Identity.GetUserId())); if (User.Identity.GetUseFCKEditor()) { string adjusted_body = "Subject: " + subject.Value + "<br><br>"; adjusted_body += btnet.Util.strip_dangerous_tags(body.Value); sql = sql.AddParameterWithValue("cm", adjusted_body); sql = sql.AddParameterWithValue("cs", adjusted_body); sql = sql.AddParameterWithValue("ct", "text/html"); } else { string adjusted_body = "Subject: " + subject.Value + "\n\n"; adjusted_body += HttpUtility.HtmlDecode(body.Value); sql = sql.AddParameterWithValue("cm", adjusted_body); sql = sql.AddParameterWithValue("cs", adjusted_body); sql = sql.AddParameterWithValue("ct", "text/plain"); } sql = sql.AddParameterWithValue("fr", from.SelectedItem.Value); sql = sql.AddParameterWithValue("to", to.Value); sql = sql.AddParameterWithValue("cc", cc.Value); int comment_id = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql)); int[] attachments = handle_attachments(comment_id); string body_text; MailFormat format; MailPriority priority; switch (prior.SelectedItem.Value) { case "High": priority = MailPriority.High; break; case "Low": priority = MailPriority.Low; break; default: priority = MailPriority.Normal; break; } if (include_bug.Checked) { // white space isn't handled well, I guess. if (User.Identity.GetUseFCKEditor()) { body_text = body.Value; body_text += "<br><br>"; } else { body_text = body.Value.Replace("\n", "<br>"); body_text = body_text.Replace("\t", " "); body_text = body_text.Replace(" ", " "); } body_text += "<hr>" + get_bug_text(Convert.ToInt32(bg_id.Value)); format = MailFormat.Html; } else { if (User.Identity.GetUseFCKEditor()) { body_text = body.Value; format = MailFormat.Html; } else { body_text = HttpUtility.HtmlDecode(body.Value); //body_text = body_text.Replace("\n","\r\n"); format = MailFormat.Text; } } string result = Email.send_email( // 9 args to.Value, from.SelectedItem.Value, cc.Value, subject.Value, body_text, format, priority, attachments, return_receipt.Checked); btnet.Bug.send_notifications(btnet.Bug.UPDATE, Convert.ToInt32(bg_id.Value), User.Identity); btnet.WhatsNew.add_news(Convert.ToInt32(bg_id.Value), short_desc.Value, "email sent", User.Identity); if (result == "") { Response.Redirect("edit_bug.aspx?id=" + bg_id.Value); } else { msg.InnerText = result; } }
public BugQueryResult ExecuteQuery(IIdentity identity, int start, int length, string orderBy, string sortDirection, bool idOnly, BugQueryFilter[] filters = null) { if (!string.IsNullOrEmpty(orderBy) && !_columnNames.Contains(orderBy)) { throw new ArgumentException("Invalid order by column specified: {0}", orderBy); } bool hasFilters = filters != null && filters.Any(); string columnsToSelect = idOnly ? "id" : "*"; var innerSql = GetInnerSql(identity); var countSql = string.Format("SELECT COUNT(1) FROM ({0}) t", GetInnerSql(identity)); SQLString sqlString = new SQLString(countSql); sqlString.Append(";"); if (hasFilters) { sqlString.Append(countSql); ApplyWhereClause(sqlString, filters); sqlString.Append(";"); } var bugsSql = string.Format("SELECT t.{0} FROM ({1}) t",columnsToSelect, innerSql); sqlString.Append(bugsSql); sqlString.Append(" WHERE id IN ("); var innerBugsSql = string.Format("SELECT t.id FROM ({0}) t", innerSql); sqlString.Append(innerBugsSql); ApplyWhereClause(sqlString, filters); if (hasFilters) { foreach (var filter in filters) { sqlString.AddParameterWithValue(GetCleanParameterName(filter.Column), filter.Value); } } sqlString.Append(" ORDER BY "); sqlString.Append(BuildDynamicOrderByClause(orderBy, sortDirection)); sqlString.Append(" OFFSET @offset ROWS FETCH NEXT @page_size ROWS ONLY)"); int userId = identity.GetUserId(); sqlString.AddParameterWithValue("@ME", userId); sqlString.AddParameterWithValue("page_size", length > 0 ? length : MaxLength); sqlString.AddParameterWithValue("offset", start); DataSet dataSet = DbUtil.get_dataset(sqlString); var countUnfiltered = Convert.ToInt32(dataSet.Tables[0].Rows[0][0]); var countFiltered = hasFilters ? Convert.ToInt32(dataSet.Tables[1].Rows[0][0]) : countUnfiltered; var bugDataTableIndex = hasFilters ? 2 : 1; return new BugQueryResult { CountUnfiltered = countUnfiltered, CountFiltered = countFiltered, Data = dataSet.Tables[bugDataTableIndex] }; }
/////////////////////////////////////////////////////////////////////// public static NewIds insert_bug(string short_desc, IIdentity identity, string tags, int projectid, int orgid, int categoryid, int priorityid, int statusid, int assigned_to_userid, int udfid, string comment_formated, string comment_search, string @from, string cc, string content_type, bool internal_only, SortedDictionary<string, string> hash_custom_cols, bool send_notifications) { if (short_desc.Trim() == "") { short_desc = "[No Description]"; } if (assigned_to_userid == 0) { assigned_to_userid = btnet.Util.get_default_user(projectid); } var sql = new SQLString(@"insert into bugs (bg_short_desc, bg_tags, bg_reported_user, bg_last_updated_user, bg_reported_date, bg_last_updated_date, bg_project, bg_org, bg_category, bg_priority, bg_status, bg_assigned_to_user, bg_user_defined_attribute) values (@short_desc, @tags, @reported_user, @reported_user, getdate(), getdate(), @project, @org, @category, @priority, @status, @assigned_user, @udf)"); sql = sql.AddParameterWithValue("@short_desc", short_desc); sql = sql.AddParameterWithValue("@tags", tags); sql = sql.AddParameterWithValue("@reported_user", Convert.ToString(identity.GetUserId())); sql = sql.AddParameterWithValue("@project", Convert.ToString(projectid)); sql = sql.AddParameterWithValue("@org", Convert.ToString(orgid)); sql = sql.AddParameterWithValue("@category", Convert.ToString(categoryid)); sql = sql.AddParameterWithValue("@priority", Convert.ToString(priorityid)); sql = sql.AddParameterWithValue("@status", Convert.ToString(statusid)); sql = sql.AddParameterWithValue("@assigned_user", Convert.ToString(assigned_to_userid)); sql = sql.AddParameterWithValue("@udf", Convert.ToString(udfid)); //TODO: Add custom columns sql.Append("\nselect scope_identity()"); int bugid = Convert.ToInt32(btnet.DbUtil.execute_scalar(sql)); int postid = btnet.Bug.insert_comment( bugid, identity.GetUserId(), comment_formated, comment_search, from, cc, content_type, internal_only); btnet.Bug.auto_subscribe(bugid); if (send_notifications) { btnet.Bug.send_notifications(btnet.Bug.INSERT, bugid, identity); } return new NewIds(bugid, postid); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); string id = Util.sanitize_integer(Request["id"]); if (!User.IsInRole(BtnetRoles.Admin)) { sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us"); sql = sql.AddParameterWithValue("us", id); DataRow dr = DbUtil.get_datarow(sql); if (User.Identity.GetUserId() != (int)dr["us_created_user"]) { Response.Write("You not allowed to delete this user, because you didn't create it."); Response.End(); } else if ((int)dr["us_admin"] == 1) { Response.Write("You not allowed to delete this user, because it is an admin."); Response.End(); } } if (IsPostBack) { // do delete here sql = new SQLString(@" delete from emailed_links where el_username in (select us_username from users where us_id = @us) delete users where us_id = @us delete project_user_xref where pu_user = @us delete bug_subscriptions where bs_user = @us delete bug_user where bu_user = @us delete queries where qu_user = @us delete queued_notifications where qn_user = @us delete dashboard_items where ds_user = @us"); sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("users.aspx"); } else { Page.Header.Title= Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete user"; sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us if @cnt = 0 begin select @cnt = count(1) from bug_posts where bp_user = @us end select us_username, @cnt [cnt] from users where us_id = @us"); sql = sql.AddParameterWithValue("us", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete user \"" + Convert.ToString(dr["us_username"]) + "\" because some bugs or bug posts still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["us_username"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// private void on_update() { Boolean good = validate(); if (good) { if (id == 0) // insert new { sql = new SQLString("insert into user_defined_attribute (udf_name, udf_sort_seq, udf_default) values (@na, @ss, @df)"); } else // edit existing { sql = new SQLString(@"update user_defined_attribute set udf_name = @na, udf_sort_seq = @ss, udf_default = @df where udf_id = @id"); sql = sql.AddParameterWithValue("id", Convert.ToString(id)); } sql = sql.AddParameterWithValue("na", name.Value); sql = sql.AddParameterWithValue("ss", sort_seq.Value); sql = sql.AddParameterWithValue("df", Util.bool_to_string(default_selection.Checked)); btnet.DbUtil.execute_nonquery(sql); Server.Transfer("udfs.aspx"); } else { if (id == 0) // insert new { msg.InnerText = "User defined attribute value was not created."; } else // edit existing { msg.InnerText = "User defined attribute value was not updated."; } } }