/////////////////////////////////////////////////////////////////////// public static int get_bug_permission_level(int bugid, Security security) { /* * public const int PERMISSION_NONE = 0; * public const int PERMISSION_READONLY = 1; * public const int PERMISSION_REPORTER = 3; * public const int PERMISSION_ALL = 2; */ // fetch the revised permission level string sql = @" declare @bg_org int select isnull(pu_permission_level,$dpl), bg_org from bugs left outer join project_user_xref on pu_project = bg_project and pu_user = $us where bg_id = $bg"; ; sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2")); sql = sql.Replace("$bg", Convert.ToString(bugid)); sql = sql.Replace("$us", Convert.ToString(security.user.usid)); DataRow dr = DbUtil.get_datarow(sql); if (dr == null) { return(Security.PERMISSION_NONE); } int pl = (int)dr[0]; int bg_org = (int)dr[1]; // maybe reduce permissions if (bg_org != security.user.org) { if (security.user.other_orgs_permission_level == Security.PERMISSION_NONE || security.user.other_orgs_permission_level == Security.PERMISSION_READONLY) { if (security.user.other_orgs_permission_level < pl) { pl = security.user.other_orgs_permission_level; } } } return(pl); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (Request.QueryString["ses"] != (string)Session["session_cookie"]) { Response.Write("session in URL doesn't match session cookie"); Response.End(); } string string_bugid = Util.sanitize_integer(Request["bugid"]); int bugid = Convert.ToInt32(string_bugid); int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } string string_tsk_id = Util.sanitize_integer(Request["id"]); int tsk_id = Convert.ToInt32(string_tsk_id); if (IsPostBack) { // do delete here sql = new SQLString(@"delete bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DbUtil.execute_nonquery(sql); Response.Redirect("tasks.aspx?bugid=" + string_bugid); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete task"; back_href.HRef = "tasks.aspx?bugid=" + string_bugid; sql = new SQLString(@"select tsk_description from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", string_tsk_id); sql = sql.AddParameterWithValue("bugid", string_bugid); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of task: " + Convert.ToString(dr["tsk_description"]); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanDeleteBugs()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } string id = Util.sanitize_integer(Request["id"]); int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(id), User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } if (IsPostBack) { Bug.delete_bug(Convert.ToInt32(row_id.Value)); Server.Transfer("bugs.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete " + Util.get_setting("SingularBugLabel", "bug"); back_href.HRef = "edit_bug.aspx?id=" + id; sql = new SQLString(@"select bg_short_desc from bugs where bg_id = @bugId"); sql = sql.AddParameterWithValue("bugId", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of " + Util.get_setting("SingularBugLabel", "bug") + ": " + Convert.ToString(dr["bg_short_desc"]); row_id.Value = id; } }
/////////////////////////////////////////////////////////////////////// void on_update() { Boolean good = validate(); if (good) { sql = new SQLString(@"update bug_posts set bp_comment = @cm, bp_comment_search = @cs, bp_content_type = @cn, bp_hidden_from_external_users = @internal where bp_id = @id select bg_short_desc from bugs where bg_id = @bugid"); if (use_fckeditor) { string text = Util.strip_dangerous_tags(comment.Value); sql = sql.AddParameterWithValue("cm", text.Replace("'", "'")); sql = sql.AddParameterWithValue("cs", Util.strip_html(comment.Value).Replace("'", "''")); sql = sql.AddParameterWithValue("cn", "text/html"); } else { sql = sql.AddParameterWithValue("cm", HttpUtility.HtmlDecode(comment.Value).Replace("'", "''")); sql = sql.AddParameterWithValue("cs", comment.Value.Replace("'", "''")); sql = sql.AddParameterWithValue("cn", "text/plain"); } sql = sql.AddParameterWithValue("id", Convert.ToString(id)); sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid)); sql = sql.AddParameterWithValue("internal", Util.bool_to_string(internal_only.Checked)); DataRow dr = DbUtil.get_datarow(sql); // Don't send notifications for internal only comments. // We aren't putting them the email notifications because it that makes it // easier for them to accidently get forwarded to the "wrong" people... if (!internal_only.Checked) { Bug.send_notifications(Bug.UPDATE, bugid, User.Identity); WhatsNew.add_news(bugid, (string)dr["bg_short_desc"], "updated", User.Identity); } Response.Redirect("edit_bug.aspx?id=" + Convert.ToString(bugid)); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete priorities where pr_id = @prid"); sql = sql.AddParameterWithValue("prid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("priorities.aspx"); } else { Master.Menu.SelectedItem = "admin"; Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete priority"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_priority = @id select pr_name, @cnt [cnt] from priorities where pr_id = @id" ); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete priority \"" + Convert.ToString(dr["pr_name"]) + "\" because some bugs still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["pr_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (IsPostBack) { // do delete here sql = new SQLString(@"delete orgs where og_id = @orgid"); sql = sql.AddParameterWithValue("orgid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("orgs.aspx"); } else { Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete organization"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"declare @cnt int select @cnt = count(1) from users where us_org = @orgid; select @cnt = @cnt + count(1) from queries where qu_org = @orgid; select @cnt = @cnt + count(1) from bugs where bg_org = @orgid; select og_name, @cnt [cnt] from orgs where og_id = @orgid" ); sql = sql.AddParameterWithValue("orgid", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete organization \"" + Convert.ToString(dr["og_name"]) + "\" because some bugs, users, queries still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["og_name"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } SQLString sql; if (IsPostBack) { // do delete here sql = new SQLString(@" delete reports where rp_id = @reportId; delete dashboard_items where ds_report = @reportId"); sql = sql.AddParameterWithValue("reportId", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("reports.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete report"; string id = Util.sanitize_integer(Request["id"]); sql = new SQLString(@"select rp_desc from reports where rp_id = @id"); sql = sql.AddParameterWithValue("id", id); DataRow dr = DbUtil.get_datarow(sql); confirm_href.InnerText = "confirm delete of report: " + Convert.ToString(dr["rp_desc"]); row_id.Value = id; } }
/////////////////////////////////////////////////////////////////////// public static System.Data.DataRow get_bug_defaults() { string sql = @"/*fetch defaults*/ declare @pj int declare @ct int declare @pr int declare @st int declare @udf int set @pj = 0 set @ct = 0 set @pr = 0 set @st = 0 set @udf = 0 select @pj = pj_id from projects where pj_default = 1 order by pj_name select @ct = ct_id from categories where ct_default = 1 order by ct_name select @pr = pr_id from priorities where pr_default = 1 order by pr_name select @st = st_id from statuses where st_default = 1 order by st_name select @udf = udf_id from user_defined_attribute where udf_default = 1 order by udf_name select @pj pj, @ct ct, @pr pr, @st st, @udf udf"; return(DbUtil.get_datarow(sql)); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); msg.InnerText = ""; string string_bugid = Util.sanitize_integer(Request["bugid"]); bugid = Convert.ToInt32(string_bugid); int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit tasks for this item"); Response.End(); } if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditTasks()) { // allowed } else { Response.Write("You are not allowed to edit tasks"); Response.End(); } string string_tsk_id = Util.sanitize_integer(Request["id"]); tsk_id_static.InnerHtml = string_tsk_id; tsk_id = Convert.ToInt32(string_tsk_id); if (!IsPostBack) { Master.Menu.SelectedItem = "admin"; Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit task"; bugid_label.InnerHtml = Util.capitalize_first_letter(Util.get_setting("SingularBugLabel", "bug")) + " ID:"; bugid_static.InnerHtml = Convert.ToString(bugid); load_users_dropdowns(bugid); if (Util.get_setting("ShowTaskAssignedTo", "1") == "0") { assigned_to_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedStartDate", "1") == "0") { planned_start_date_tr.Visible = false; } if (Util.get_setting("ShowTaskActualStartDate", "1") == "0") { actual_start_date_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedEndDate", "1") == "0") { planned_end_date_tr.Visible = false; } if (Util.get_setting("ShowTaskActualEndDate", "1") == "0") { actual_end_date_tr.Visible = false; } if (Util.get_setting("ShowTaskPlannedDuration", "1") == "0") { planned_duration_tr.Visible = false; } if (Util.get_setting("ShowTaskActualDuration", "1") == "0") { actual_duration_tr.Visible = false; } if (Util.get_setting("ShowTaskDurationUnits", "1") == "0") { duration_units_tr.Visible = false; } if (Util.get_setting("ShowTaskPercentComplete", "1") == "0") { percent_complete_tr.Visible = false; } if (Util.get_setting("ShowTaskStatus", "1") == "0") { status_tr.Visible = false; } if (Util.get_setting("ShowTaskSortSequence", "1") == "0") { sort_sequence_tr.Visible = false; } // add or edit? if (tsk_id == 0) { tsk_id_tr.Visible = false; sub.Value = "Create"; string default_duration_units = Util.get_setting("TaskDefaultDurationUnits", "hours"); duration_units.Items.FindByText(default_duration_units).Selected = true; string default_hour = Util.get_setting("TaskDefaultHour", "09"); planned_start_hour.Items.FindByText(default_hour).Selected = true; actual_start_hour.Items.FindByText(default_hour).Selected = true; planned_end_hour.Items.FindByText(default_hour).Selected = true; actual_end_hour.Items.FindByText(default_hour).Selected = true; string default_status = Util.get_setting("TaskDefaultStatus", "[no status]"); status.Items.FindByText(default_status).Selected = true; } else { // Get this entry's data from the db and fill in the form sql = new SQLString(@"select * from bug_tasks where tsk_id = @tsk_id and tsk_bug = @bugid"); sql = sql.AddParameterWithValue("tsk_id", Convert.ToString(tsk_id)); sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugid)); DataRow dr = DbUtil.get_datarow(sql); assigned_to.Items.FindByValue(Convert.ToString(dr["tsk_assigned_to_user"])).Selected = true; duration_units.Items.FindByText(Convert.ToString(dr["tsk_duration_units"])).Selected = true; status.Items.FindByValue(Convert.ToString(dr["tsk_status"])).Selected = true; planned_duration.Value = Util.format_db_value(dr["tsk_planned_duration"]); actual_duration.Value = Util.format_db_value(dr["tsk_actual_duration"]); percent_complete.Value = Convert.ToString(dr["tsk_percent_complete"]); sort_sequence.Value = Convert.ToString(dr["tsk_sort_sequence"]); desc.Value = Convert.ToString(dr["tsk_description"]); load_date_hour_min( planned_start_date, planned_start_hour, planned_start_min, dr["tsk_planned_start_date"]); load_date_hour_min( actual_start_date, actual_start_hour, actual_start_min, dr["tsk_actual_start_date"]); load_date_hour_min( planned_end_date, planned_end_hour, planned_end_min, dr["tsk_planned_end_date"]); load_date_hour_min( actual_end_date, actual_end_hour, actual_end_min, dr["tsk_actual_end_date"]); sub.Value = "Update"; } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs"); Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } if (IsPostBack) { // do delete here sql = new SQLString(@"delete bug_posts where bp_id = @bpid"); sql = sql.AddParameterWithValue("bpid", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Response.Redirect("edit_bug.aspx?id=" + Util.sanitize_integer(redirect_bugid.Value)); } else { string bug_id = Util.sanitize_integer(Request["bug_id"]); redirect_bugid.Value = bug_id; int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id), User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete comment"; string id = Util.sanitize_integer(Request["id"]); back_href.HRef = "edit_bug.aspx?id=" + bug_id; sql = new SQLString(@"select bp_comment from bug_posts where bp_id = @bpid"); sql = sql.AddParameterWithValue("bpid", id); DataRow dr = DbUtil.get_datarow(sql); // show the first few chars of the comment string s = Convert.ToString(dr["bp_comment"]); int len = 20; if (s.Length < len) { len = s.Length; } confirm_href.InnerText = "confirm delete of comment: " + s.Substring(0, len) + "..."; row_id.Value = id; } }
//************************************************************* public static bool fetch_messages(string project_user, string project_password, int projectid) { // experimental, under construction POP3Client.POP3client client = new POP3Client.POP3client(Pop3ReadInputStreamCharByChar); string[] SubjectCannotContainStrings = Util.rePipes.Split(Pop3SubjectCannotContain); string[] FromCannotContainStrings = Util.rePipes.Split(Pop3FromCannotContain); //try { System.Data.DataRow defaults = Bug.get_bug_defaults(); //int projectid = (int)defaults["pj"]; int categoryid = (int)defaults["ct"]; int priorityid = (int)defaults["pr"]; int statusid = (int)defaults["st"]; int udfid = (int)defaults["udf"]; Util.write_to_log("pop3:" + client.connect(Pop3Server, Pop3Port, Pop3UseSSL)); Util.write_to_log("pop3:sending POP3 command USER"); Util.write_to_log("pop3:" + client.USER(project_user)); Util.write_to_log("pop3:sending POP3 command PASS"); Util.write_to_log("pop3:" + client.PASS(project_password)); Util.write_to_log("pop3:sending POP3 command STAT"); Util.write_to_log("pop3:" + client.STAT()); Util.write_to_log("pop3:sending POP3 command LIST"); string list; list = client.LIST(); Util.write_to_log("pop3:list follows:"); Util.write_to_log(list); string[] messages = null; System.Text.RegularExpressions.Regex regex = new System.Text.RegularExpressions.Regex("\r\n"); messages = regex.Split(list); int end = messages.Length - 1; // loop through the messages for (int i = 1; i < end; i++) { int space_pos = messages[i].IndexOf(" "); int message_number = Convert.ToInt32(messages[i].Substring(0, space_pos)); string message_raw_string = client.RETR(message_number); if (Pop3WriteRawMessagesToLog) { Util.write_to_log("raw email message:"); Util.write_to_log(message_raw_string); } SharpMimeMessage mime_message = MyMime.get_sharp_mime_message(message_raw_string); string from_addr = MyMime.get_from_addr(mime_message); string subject = MyMime.get_subject(mime_message); if (Pop3SubjectMustContain != "" && subject.IndexOf(Pop3SubjectMustContain) < 0) { Util.write_to_log("skipping because subject does not contain: " + Pop3SubjectMustContain); continue; } bool bSkip = false; for (int k = 0; k < SubjectCannotContainStrings.Length; k++) { if (SubjectCannotContainStrings[k] != "") { if (subject.IndexOf(SubjectCannotContainStrings[k]) >= 0) { Util.write_to_log("skipping because subject cannot contain: " + SubjectCannotContainStrings[k]); bSkip = true; break; // done checking, skip this message } } } if (bSkip) { continue; } if (Pop3FromMustContain != "" && from_addr.IndexOf(Pop3FromMustContain) < 0) { Util.write_to_log("skipping because from does not contain: " + Pop3FromMustContain); continue; // that is, skip to next message } for (int k = 0; k < FromCannotContainStrings.Length; k++) { if (FromCannotContainStrings[k] != "") { if (from_addr.IndexOf(FromCannotContainStrings[k]) >= 0) { Util.write_to_log("skipping because from cannot contain: " + FromCannotContainStrings[k]); bSkip = true; break; // done checking, skip this message } } } if (bSkip) { continue; } int bugid = MyMime.get_bugid_from_subject(ref subject); string cc = MyMime.get_cc(mime_message); string comment = MyMime.get_comment(mime_message); string headers = MyMime.get_headers_for_comment(mime_message); if (headers != "") { comment = headers + "\n" + comment; } Security security = MyMime.get_synthesized_security(mime_message, from_addr, Pop3ServiceUsername); int orgid = security.user.org; if (bugid == 0) { if (security.user.forced_project != 0) { projectid = security.user.forced_project; } if (subject.Length > 200) { subject = subject.Substring(0, 200); } Bug.NewIds new_ids = Bug.insert_bug( subject, security, "", // tags projectid, orgid, categoryid, priorityid, statusid, 0, // assignedid, udfid, "", "", "", // project specific dropdown values comment, comment, from_addr, cc, "text/plain", false, // internal only null, // custom columns false); MyMime.add_attachments(mime_message, new_ids.bugid, new_ids.postid, security); // your customizations Bug.apply_post_insert_rules(new_ids.bugid); Bug.send_notifications(Bug.INSERT, new_ids.bugid, security); WhatsNew.add_news(new_ids.bugid, subject, "added", security); MyPop3.auto_reply(new_ids.bugid, from_addr, subject, projectid); } else // update existing { string StatusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0"); string sql = ""; if (StatusResultingFromIncomingEmail != "0") { sql = @"update bugs set bg_status = $st where bg_id = $bg " ; sql = sql.Replace("$st", StatusResultingFromIncomingEmail); } sql += "select bg_short_desc from bugs where bg_id = $bg"; sql = sql.Replace("$bg", Convert.ToString(bugid)); DataRow dr2 = DbUtil.get_datarow(sql); // Add a comment to existing bug. int postid = Bug.insert_comment( bugid, security.user.usid, // (int) dr["us_id"], comment, comment, from_addr, cc, "text/plain", false); // internal only MyMime.add_attachments(mime_message, bugid, postid, security); Bug.send_notifications(Bug.UPDATE, bugid, security); WhatsNew.add_news(bugid, (string)dr2["bg_short_desc"], "updated", security); } if (Pop3DeleteMessagesOnServer) { Util.write_to_log("sending POP3 command DELE"); Util.write_to_log(client.DELE(message_number)); } } } //catch (Exception ex) //{ // Util.write_to_log("pop3:exception in fetch_messages: " + ex.Message); // error_count++; // if (error_count > Pop3TotalErrorsAllowed) // { // return false; // } //} Util.write_to_log("pop3:quit"); Util.write_to_log("pop3:" + client.QUIT()); return(true); }
// update an existing index static void threadproc_update(object obj) { // just to be safe, make the worker threads wait for each other //System.Console.Beep(540, 20); lock (my_lock) // prevent contention between searching and writing? { //System.Console.Beep(840, 20); try { if (searcher != null) { try { searcher.Close(); } catch (Exception e) { Util.write_to_log("Exception closing lucene searcher:" + e.Message); Util.write_to_log(e.StackTrace); } searcher = null; } Lucene.Net.Index.IndexModifier modifier = new Lucene.Net.Index.IndexModifier(index_path, anal, false); // same as buid, but uses "modifier" instead of write. // uses additional "where" clause for bugid int bug_id = (int)obj; Util.write_to_log("started updating Lucene index using folder " + MyLucene.index_path); modifier.DeleteDocuments(new Lucene.Net.Index.Term("bg_id", Convert.ToString(bug_id))); string sql = @" select bg_id, $custom_cols isnull(bg_tags,'') bg_tags, bg_short_desc from bugs where bg_id = $bugid"; sql = sql.Replace("$bugid", Convert.ToString(bug_id)); DataSet ds_text_custom_cols = get_text_custom_cols(); sql = sql.Replace("$custom_cols", get_text_custom_cols_names(ds_text_custom_cols)); // index the bugs DataRow dr = DbUtil.get_datarow(sql); modifier.AddDocument(MyLucene.create_doc( (int)dr["bg_id"], 0, "desc", (string)dr["bg_short_desc"])); // tags string tags = (string)dr["bg_tags"]; if (tags != "") { modifier.AddDocument(MyLucene.create_doc( (int)dr["bg_id"], 0, "tags", tags)); } // custom text fields foreach (DataRow dr_custom_col in ds_text_custom_cols.Tables[0].Rows) { string name = (string)dr_custom_col["name"]; string val = Convert.ToString(dr[name]); if (val != "") { modifier.AddDocument(MyLucene.create_doc( (int)dr["bg_id"], 0, name.Replace("'", "''"), val)); } } // index the bug posts DataSet ds = DbUtil.get_dataset(@" select bp_bug, bp_id, isnull(bp_comment_search,bp_comment) [text] from bug_posts where bp_type <> 'update' and bp_hidden_from_external_users = 0 and bp_bug = " + Convert.ToString(bug_id)); foreach (DataRow dr2 in ds.Tables[0].Rows) { modifier.AddDocument(MyLucene.create_doc( (int)dr2["bp_bug"], (int)dr2["bp_id"], "post", (string)dr2["text"])); } modifier.Flush(); modifier.Close(); Util.write_to_log("done updating Lucene index"); } catch (Exception e) { Util.write_to_log("exception updating Lucene index: " + e.Message); Util.write_to_log(e.StackTrace); } } }
/////////////////////////////////////////////////////////////////////// public static void print_bug (HttpResponse Response, DataRow dr, Security security, bool include_style, bool images_inline, bool history_inline, bool internal_posts) { int bugid = Convert.ToInt32(dr["id"]); string string_bugid = Convert.ToString(bugid); if (include_style) // when sending emails { Response.Write("\n<style>\n"); // If this file exists, use it. string map_path = (string) HttpRuntime.Cache["MapPath"]; string css_for_email_file = map_path + "\\custom\\btnet_css_for_email.css"; try { if (System.IO.File.Exists(css_for_email_file)) { Response.WriteFile(css_for_email_file); Response.Write("\n"); } else { css_for_email_file = map_path + "\\Content\\bootstrap.min.css"; Response.WriteFile(css_for_email_file); Response.Write("\n"); //css_for_email_file = map_path + "\\custom\\" + "btnet_custom.css"; //if (System.IO.File.Exists(css_for_email_file)) //{ // Response.WriteFile(css_for_email_file); // Response.Write("\n"); //} } } catch (Exception e) { Util.write_to_log("Exception trying to read css file for email \"" + css_for_email_file + "\":" + e.Message); } // underline links in the emails to make them more obvious Response.Write("\na {text-decoration: underline; }"); Response.Write("\na:visited {text-decoration: underline; }"); Response.Write("\na:hover {text-decoration: underline; }"); Response.Write("\n</style>\n"); } Response.Write ("<body style='background:white'>"); Response.Write ("<b>" + Util.capitalize_first_letter(Util.get_setting("SingularBugLabel","bug")) + " ID: <a href=" + Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/") + "edit_bug.aspx?id=" + string_bugid + ">" + string_bugid + "</a>"); if (Util.get_setting("EnableMobile", "0") == "1") { Response.Write( " Mobile link: <a href=" + Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/") + "mbug.aspx?id=" + string_bugid + ">" + Util.get_setting("AbsoluteUrlPrefix", "http://127.0.0.1/") + "mbug.aspx?id=" + string_bugid + "</a>"); } Response.Write("<br>"); Response.Write ("Short desc: <a href=" + Util.get_setting("AbsoluteUrlPrefix","http://127.0.0.1/") + "edit_bug.aspx?id=" + string_bugid + ">" + HttpUtility.HtmlEncode((string)dr["short_desc"]) + "</a></b><p>"); // start of the table with the bug fields Response.Write ("\n<table class='table'>"); Response.Write("\n<tr><td>Last changed by<td>" + format_username((string)dr["last_updated_user"],(string)dr["last_updated_fullname"]) + " "); Response.Write("\n<tr><td>Reported By<td>" + format_username((string)dr["reporter"],(string)dr["reporter_fullname"]) + " "); Response.Write("\n<tr><td>Reported On<td>" + Util.format_db_date_and_time(dr["reported_date"]) + " "); if (security.user.tags_field_permission_level > 0) Response.Write("\n<tr><td>Tags<td>" + dr["bg_tags"] + " "); if (security.user.project_field_permission_level > 0) Response.Write("\n<tr><td>Project<td>" + dr["current_project"] + " "); if (security.user.org_field_permission_level > 0) Response.Write("\n<tr><td>Organization<td>" + dr["og_name"] + " "); if (security.user.category_field_permission_level > 0) Response.Write("\n<tr><td>Category<td>" + dr["category_name"] + " "); if (security.user.priority_field_permission_level > 0) Response.Write("\n<tr><td>Priority<td>" + dr["priority_name"] + " "); if (security.user.assigned_to_field_permission_level > 0) Response.Write("\n<tr><td>Assigned<td>" + format_username((string)dr["assigned_to_username"],(string)dr["assigned_to_fullname"]) + " "); if (security.user.status_field_permission_level > 0) Response.Write("\n<tr><td>Status<td>" + dr["status_name"] + " "); if (security.user.udf_field_permission_level > 0) if (Util.get_setting("ShowUserDefinedBugAttribute","1") == "1") { Response.Write("\n<tr><td>" + Util.get_setting("UserDefinedBugAttributeName","YOUR ATTRIBUTE") + "<td>" + dr["udf_name"] + " "); } // Get custom column info (There's an inefficiency here - we just did this // same call in get_bug_datarow...) DataSet ds_custom_cols = Util.get_custom_columns(); // Show custom columns foreach (DataRow drcc in ds_custom_cols.Tables[0].Rows) { string column_name = (string) drcc["name"]; if (security.user.dict_custom_field_permission_level[column_name] == Security.PERMISSION_NONE) { continue; } Response.Write("\n<tr><td>"); Response.Write (column_name); Response.Write ("<td>"); if ((string)drcc["datatype"] == "datetime") { object dt = dr[(string)drcc["name"]]; Response.Write (Util.format_db_date_and_time(dt)); } else { string s = ""; if ((string)drcc["dropdown type"] == "users") { object obj = dr[(string)drcc["name"]]; if (obj.GetType() != typeof(System.DBNull)) { int userid = Convert.ToInt32(obj); if (userid != 0) { string sql_get_username = "******"; s = (string) DbUtil.execute_scalar(sql_get_username.Replace("$1", Convert.ToString(userid))); } } } else { s = Convert.ToString(dr[(string)drcc["name"]]); } s = HttpUtility.HtmlEncode(s); s = s.Replace("\n","<br>"); s = s.Replace(" "," "); s = s.Replace("\t"," "); Response.Write (s); } Response.Write (" "); } // create project custom dropdowns if ((int)dr["project"] != 0) { string sql = @"select isnull(pj_enable_custom_dropdown1,0) [pj_enable_custom_dropdown1], isnull(pj_enable_custom_dropdown2,0) [pj_enable_custom_dropdown2], isnull(pj_enable_custom_dropdown3,0) [pj_enable_custom_dropdown3], isnull(pj_custom_dropdown_label1,'') [pj_custom_dropdown_label1], isnull(pj_custom_dropdown_label2,'') [pj_custom_dropdown_label2], isnull(pj_custom_dropdown_label3,'') [pj_custom_dropdown_label3] from projects where pj_id = $pj"; sql = sql.Replace("$pj", Convert.ToString((int)dr["project"])); DataRow project_dr = DbUtil.get_datarow(sql); if (project_dr != null) { for (int i = 1; i < 4; i++) { if ((int)project_dr["pj_enable_custom_dropdown" + Convert.ToString(i)] == 1) { Response.Write("\n<tr><td>"); Response.Write (project_dr["pj_custom_dropdown_label" + Convert.ToString(i)]); Response.Write ("<td>"); Response.Write (dr["bg_project_custom_dropdown_value" + Convert.ToString(i)]); Response.Write (" "); } } } } Response.Write("\n</table><p>"); // end of the table with the bug fields // Relationships if (Util.get_setting("EnableRelationships", "0") == "1") { write_relationships(Response, bugid); } // Tasks if (Util.get_setting("EnableTasks", "0") == "1") { write_tasks(Response, bugid); } DataSet ds_posts = get_bug_posts(bugid, security.user.external_user, history_inline); write_posts ( ds_posts, Response, bugid, 0, false, /* don't write links */ images_inline, history_inline, internal_posts, security.user); Response.Write ("</body>"); }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); string id = Util.sanitize_integer(Request["id"]); if (!User.IsInRole(BtnetRoles.Admin)) { sql = new SQLString(@"select us_created_user, us_admin from users where us_id = @us"); sql = sql.AddParameterWithValue("us", id); DataRow dr = DbUtil.get_datarow(sql); if (User.Identity.GetUserId() != (int)dr["us_created_user"]) { Response.Write("You not allowed to delete this user, because you didn't create it."); Response.End(); } else if ((int)dr["us_admin"] == 1) { Response.Write("You not allowed to delete this user, because it is an admin."); Response.End(); } } if (IsPostBack) { // do delete here sql = new SQLString(@" delete from emailed_links where el_username in (select us_username from users where us_id = @us) delete users where us_id = @us delete project_user_xref where pu_user = @us delete bug_subscriptions where bs_user = @us delete bug_user where bu_user = @us delete queries where qu_user = @us delete queued_notifications where qn_user = @us delete dashboard_items where ds_user = @us"); sql = sql.AddParameterWithValue("us", Util.sanitize_integer(row_id.Value)); DbUtil.execute_nonquery(sql); Server.Transfer("users.aspx"); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete user"; sql = new SQLString(@"declare @cnt int select @cnt = count(1) from bugs where bg_reported_user = @us or bg_assigned_to_user = @us if @cnt = 0 begin select @cnt = count(1) from bug_posts where bp_user = @us end select us_username, @cnt [cnt] from users where us_id = @us"); sql = sql.AddParameterWithValue("us", id); DataRow dr = DbUtil.get_datarow(sql); if ((int)dr["cnt"] > 0) { Response.Write("You can't delete user \"" + Convert.ToString(dr["us_username"]) + "\" because some bugs or bug posts still reference it."); Response.End(); } else { confirm_href.InnerText = "confirm delete of \"" + Convert.ToString(dr["us_username"]) + "\""; row_id.Value = id; } } }
/////////////////////////////////////////////////////////////////////// public static DataRow get_bug_datarow( int bugid, Security security, DataSet ds_custom_cols) { string sql = @" /* get_bug_datarow */"; if (Util.get_setting("EnableSeen", "0") == "1") { sql += @" if not exists (select bu_bug from bug_user where bu_bug = $id and bu_user = $this_usid) insert into bug_user (bu_bug, bu_user, bu_flag, bu_seen, bu_vote) values($id, $this_usid, 0, 1, 0) update bug_user set bu_seen = 1, bu_seen_datetime = getdate() where bu_bug = $id and bu_user = $this_usid and bu_seen <> 1"; } sql += @" declare @svn_revisions int declare @git_commits int declare @hg_revisions int declare @tasks int declare @related int; set @svn_revisions = 0 set @git_commits = 0 set @hg_revisions = 0 set @tasks = 0 set @related = 0"; if (Util.get_setting("EnableSubversionIntegration", "0") == "1") { sql += @" select @svn_revisions = count(1) from svn_affected_paths inner join svn_revisions on svnap_svnrev_id = svnrev_id where svnrev_bug = $id;"; } if (Util.get_setting("EnableGitIntegration", "0") == "1") { sql += @" select @git_commits = count(1) from git_affected_paths inner join git_commits on gitap_gitcom_id = gitcom_id where gitcom_bug = $id;"; } if (Util.get_setting("EnableMercurialIntegration", "0") == "1") { sql += @" select @hg_revisions = count(1) from hg_affected_paths inner join hg_revisions on hgap_hgrev_id = hgrev_id where hgrev_bug = $id;"; } if (Util.get_setting("EnableTasks", "0") == "1") { sql += @" select @tasks = count(1) from bug_tasks where tsk_bug = $id;"; } if (Util.get_setting("EnableRelationships", "0") == "1") { sql += @" select @related = count(1) from bug_relationships where re_bug1 = $id;"; } sql += @" select bg_id [id], bg_short_desc [short_desc], isnull(bg_tags,'') [bg_tags], isnull(ru.us_username,'[deleted user]') [reporter], isnull(ru.us_email,'') [reporter_email], case rtrim(ru.us_firstname) when null then isnull(ru.us_lastname, '') when '' then isnull(ru.us_lastname, '') else isnull(ru.us_lastname + ', ' + ru.us_firstname,'') end [reporter_fullname], bg_reported_date [reported_date], datediff(s,bg_reported_date,getdate()) [seconds_ago], isnull(lu.us_username,'') [last_updated_user], case rtrim(lu.us_firstname) when null then isnull(lu.us_lastname, '') when '' then isnull(lu.us_lastname, '') else isnull(lu.us_lastname + ', ' + lu.us_firstname,'') end [last_updated_fullname], bg_last_updated_date [last_updated_date], isnull(bg_project,0) [project], isnull(pj_name,'[no project]') [current_project], isnull(bg_org,0) [organization], isnull(bugorg.og_name,'') [og_name], isnull(bg_category,0) [category], isnull(ct_name,'') [category_name], isnull(bg_priority,0) [priority], isnull(pr_name,'') [priority_name], isnull(bg_status,0) [status], isnull(st_name,'') [status_name], isnull(bg_user_defined_attribute,0) [udf], isnull(udf_name,'') [udf_name], isnull(bg_assigned_to_user,0) [assigned_to_user], isnull(asg.us_username,'[not assigned]') [assigned_to_username], case rtrim(asg.us_firstname) when null then isnull(asg.us_lastname, '[not assigned]') when '' then isnull(asg.us_lastname, '[not assigned]') else isnull(asg.us_lastname + ', ' + asg.us_firstname,'[not assigned]') end [assigned_to_fullname], isnull(bs_user,0) [subscribed], case when $this_org <> bg_org and userorg.og_other_orgs_permission_level < 2 and userorg.og_other_orgs_permission_level < isnull(pu_permission_level,$dpl) then userorg.og_other_orgs_permission_level else isnull(pu_permission_level,$dpl) end [pu_permission_level], isnull(bg_project_custom_dropdown_value1,'') [bg_project_custom_dropdown_value1], isnull(bg_project_custom_dropdown_value2,'') [bg_project_custom_dropdown_value2], isnull(bg_project_custom_dropdown_value3,'') [bg_project_custom_dropdown_value3], @related [relationship_cnt], @svn_revisions [svn_revision_cnt], @git_commits [git_commit_cnt], @hg_revisions [hg_commit_cnt], @tasks [task_cnt], getdate() [snapshot_timestamp] $custom_cols_placeholder from bugs inner join users this_user on us_id = $this_usid inner join orgs userorg on this_user.us_org = userorg.og_id left outer join user_defined_attribute on bg_user_defined_attribute = udf_id left outer join projects on bg_project = pj_id left outer join orgs bugorg on bg_org = bugorg.og_id left outer join categories on bg_category = ct_id left outer join priorities on bg_priority = pr_id left outer join statuses on bg_status = st_id left outer join users asg on bg_assigned_to_user = asg.us_id left outer join users ru on bg_reported_user = ru.us_id left outer join users lu on bg_last_updated_user = lu.us_id left outer join bug_subscriptions on bs_bug = bg_id and bs_user = $this_usid left outer join project_user_xref on pj_id = pu_project and pu_user = $this_usid where bg_id = $id"; if (ds_custom_cols.Tables[0].Rows.Count == 0) { sql = sql.Replace("$custom_cols_placeholder", ""); } else { string custom_cols_sql = ""; foreach (DataRow drcc in ds_custom_cols.Tables[0].Rows) { custom_cols_sql += ",[" + drcc["name"].ToString() + "]"; } sql = sql.Replace("$custom_cols_placeholder", custom_cols_sql); } sql = sql.Replace("$id", Convert.ToString(bugid)); sql = sql.Replace("$this_usid", Convert.ToString(security.user.usid)); sql = sql.Replace("$this_org", Convert.ToString(security.user.org)); sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2")); return(DbUtil.get_datarow(sql)); }
/////////////////////////////////////////////////////////////////////// public void Page_Load(Object sender, EventArgs e) { Util.set_context(HttpContext.Current); Util.do_not_cache(Response); if (Util.get_setting("ShowForgotPasswordLink", "0") == "0") { Response.Write("Sorry, Web.config ShowForgotPasswordLink is set to 0"); Response.End(); } if (!IsPostBack) { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "forgot password"; } else { msg.InnerHtml = ""; if (email.Value == "" && username.Value == "") { msg.InnerHtml = "Enter either your Username or your Email address."; } else if (email.Value != "" && !Util.validate_email(email.Value)) { msg.InnerHtml = "Format of email address is invalid."; } else { int user_count = 0; int user_id = 0; if (email.Value != "" && username.Value == "") { // check if email exists SQLString sql = new SQLString("select count(1) from users where us_email = @email"); sql.AddParameterWithValue("email", email.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString("select us_id from users where us_email = @email"); sql.AddParameterWithValue("email", email.Value); user_id = (int)DbUtil.execute_scalar(sql); } } else if (email.Value == "" && username.Value != "") { // check if email exists SQLString sql = new SQLString( "select count(1) from users where isnull(us_email,'') != '' and us_username = @username"); sql.AddParameterWithValue("username", username.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString("select us_id from users where us_username = @username"); sql.AddParameterWithValue("username", username.Value); user_id = (int)DbUtil.execute_scalar(sql); } } else if (email.Value != "" && username.Value != "") { // check if email exists SQLString sql = new SQLString( "select count(1) from users where us_username = @username and us_email = @email"); sql.AddParameterWithValue("username", username.Value); sql.AddParameterWithValue("email", email.Value); user_count = (int)DbUtil.execute_scalar(sql); if (user_count == 1) { sql = new SQLString( "select us_id from users where us_username = @username and us_email = @email"); sql.AddParameterWithValue("username", username.Value); sql.AddParameterWithValue("email", email.Value); user_id = (int)DbUtil.execute_scalar(sql); } } if (user_count == 1) { string guid = Guid.NewGuid().ToString(); var sql = new SQLString(@" declare @username nvarchar(255) declare @email nvarchar(255) select @username = us_username, @email = us_email from users where us_id = @user_id insert into emailed_links (el_id, el_date, el_email, el_action, el_user_id) values (@guid, getdate(), @email, N'forgot', @user_id) select @username us_username, @email us_email"); sql = sql.AddParameterWithValue("guid", guid); sql = sql.AddParameterWithValue("user_id", Convert.ToString(user_id)); DataRow dr = DbUtil.get_datarow(sql); string result = Email.send_email( (string)dr["us_email"], Util.get_setting("NotificationEmailFrom", ""), "", // cc "reset password", "Click to <a href='" + Util.get_setting("AbsoluteUrlPrefix", "") + "change_password.aspx?id=" + guid + "'>reset password</a> for user \"" + (string)dr["us_username"] + "\".", MailFormat.Html); if (result == "") { msg.InnerHtml = "An email with password info has been sent to you."; } else { msg.InnerHtml = "There was a problem sending the email."; msg.InnerHtml += "<br>" + result; } } else { msg.InnerHtml = "Unknown username or email address.<br>Are you sure you spelled everything correctly?<br>Try just username, just email, or both."; } } } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); this.Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs"); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeleteBugs()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } string attachment_id_string = Util.sanitize_integer(Request["id"]); string bug_id_string = Util.sanitize_integer(Request["bug_id"]); int permission_level = Bug.get_bug_permission_level(Convert.ToInt32(bug_id_string), User.Identity); if (permission_level != PermissionLevel.All) { Response.Write("You are not allowed to edit this item"); Response.End(); } if (IsPostBack) { // save the filename before deleting the row sql = new SQLString(@"select bp_file from bug_posts where bp_id = @ba"); sql = sql.AddParameterWithValue("ba", attachment_id_string); string filename = (string)DbUtil.execute_scalar(sql); // delete the row representing the attachment sql = new SQLString(@"delete bug_post_attachments where bpa_post = @ba delete bug_posts where bp_id = @ba"); sql = sql.AddParameterWithValue("ba", attachment_id_string); DbUtil.execute_nonquery(sql); // delete the file too string upload_folder = Util.get_upload_folder(); if (upload_folder != null) { StringBuilder path = new StringBuilder(upload_folder); path.Append("\\"); path.Append(bug_id_string); path.Append("_"); path.Append(attachment_id_string); path.Append("_"); path.Append(filename); if (System.IO.File.Exists(path.ToString())) { System.IO.File.Delete(path.ToString()); } } Response.Redirect("edit_bug.aspx?id=" + bug_id_string); } else { Page.Header.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "delete attachment"; back_href.HRef = "edit_bug.aspx?id=" + bug_id_string; sql = new SQLString(@"select bp_file from bug_posts where bp_id = @id"); sql = sql.AddParameterWithValue("id", attachment_id_string); DataRow dr = DbUtil.get_datarow(sql); string s = Convert.ToString(dr["bp_file"]); confirm_href.InnerText = "confirm delete of attachment: " + s; row_id.Value = attachment_id_string; } }
public static bool check_password(string username, string password) { string sql = @" select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active from users where us_username = N'$username'"; sql = sql.Replace("$username", username.Replace("'", "''")); DataRow dr = DbUtil.get_datarow(sql); if (dr == null) { Util.write_to_log("Unknown user " + username + " attempted to login."); return(false); } int us_active = (int)dr["us_active"]; if (us_active == 0) { Util.write_to_log("Inactive user " + username + " attempted to login."); return(false); } bool authenticated = false; LinkedList <DateTime> failed_attempts = null; // Too many failed attempts? // We'll only allow N in the last N minutes. failed_attempts = (LinkedList <DateTime>)HttpRuntime.Cache[username]; if (failed_attempts != null) { // Don't count attempts older than N minutes ago. int minutes_ago = Convert.ToInt32(Util.get_setting("FailedLoginAttemptsMinutes", "10")); int failed_attempts_allowed = Convert.ToInt32(Util.get_setting("FailedLoginAttemptsAllowed", "10")); DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago); while (true) { if (failed_attempts.Count > 0) { if (failed_attempts.First.Value < n_minutes_ago) { Util.write_to_log("removing stale failed attempt for " + username); failed_attempts.RemoveFirst(); } else { break; } } else { break; } } // how many failed attempts in last N minutes? Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count)); if (failed_attempts.Count > failed_attempts_allowed) { Util.write_to_log("Too many failed login attempts in too short a time period: " + username); return(false); } // Save the list of attempts HttpRuntime.Cache[username] = failed_attempts; } if (Util.get_setting("AuthenticateUsingLdap", "0") == "1") { authenticated = check_password_with_ldap(username, password); } else { authenticated = check_password_with_db(username, password, dr); } if (authenticated) { // clear list of failed attempts if (failed_attempts != null) { failed_attempts.Clear(); HttpRuntime.Cache[username] = failed_attempts; } Util.update_most_recent_login_datetime((int)dr["us_id"]); return(true); } else { if (failed_attempts == null) { failed_attempts = new LinkedList <DateTime>(); } // Record a failed login attempt. failed_attempts.AddLast(DateTime.Now); HttpRuntime.Cache[username] = failed_attempts; return(false); } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Master.Menu.SelectedItem = Util.get_setting("PluralBugLabel", "bugs"); Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditAndDeletePosts()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit comment"; msg.InnerText = ""; id = Convert.ToInt32(Request["id"]); if (!IsPostBack) { sql = new SQLString(@"select bp_comment, bp_type, isnull(bp_comment_search,bp_comment) bp_comment_search, isnull(bp_content_type,'') bp_content_type, bp_bug, bp_hidden_from_external_users from bug_posts where bp_id = @id"); } else { sql = new SQLString(@"select bp_bug, bp_type, isnull(bp_content_type,'') bp_content_type, bp_hidden_from_external_users from bug_posts where bp_id = @id"); } sql = sql.AddParameterWithValue("id", Convert.ToString(id)); DataRow dr = DbUtil.get_datarow(sql); bugid = (int)dr["bp_bug"]; int permission_level = Bug.get_bug_permission_level(bugid, User.Identity); if (permission_level == PermissionLevel.None || permission_level == PermissionLevel.ReadOnly || (string)dr["bp_type"] != "comment") { Response.Write("You are not allowed to edit this item"); Response.End(); } string content_type = (string)dr["bp_content_type"]; if (User.Identity.GetUseFCKEditor() && content_type == "text/html" && Util.get_setting("DisableFCKEditor", "0") == "0") { use_fckeditor = true; } else { use_fckeditor = false; } if (User.Identity.GetIsExternalUser() || Util.get_setting("EnableInternalOnlyPosts", "0") == "0") { internal_only.Visible = false; internal_only_label.Visible = false; } if (!IsPostBack) { internal_only.Checked = Convert.ToBoolean((int)dr["bp_hidden_from_external_users"]); if (use_fckeditor) { comment.Value = (string)dr["bp_comment"]; } else { comment.Value = (string)dr["bp_comment_search"]; } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// public void check_security(HttpContext asp_net_context, int level) { Util.set_context(asp_net_context); HttpRequest Request = asp_net_context.Request; HttpResponse Response = asp_net_context.Response; HttpCookie cookie = Request.Cookies["se_id"]; // This logic allows somebody to put a link in an email, like // edit_bug.aspx?id=66 // The user would click on the link, go to the logon page (default.aspx), // and then after logging in continue on to edit_bug.aspx?id=66 string original_url = Request.ServerVariables["URL"].ToString().ToLower(); string original_querystring = Request.ServerVariables["QUERY_STRING"].ToString().ToLower(); string target = "default.aspx"; if (original_url.EndsWith("mbug.aspx")) { target = "mlogin.aspx"; } target += "?url=" + original_url + "&qs=" + HttpUtility.UrlEncode(original_querystring); DataRow dr = null; if (cookie == null) { if (Util.get_setting("AllowGuestWithoutLogin", "0") == "0") { Util.write_to_log("se_id cookie is null, so redirecting"); Response.Redirect(target); } } else { // guard against "Sql Injection" exploit string se_id = cookie.Value.Replace("'", "''"); int user_id = 0; object obj = asp_net_context.Session[se_id]; if (obj != null) { user_id = Convert.ToInt32(obj); } // check for existing session for active user string sql = @" /* check session */ declare @project_admin int select @project_admin = count(1) from sessions inner join project_user_xref on pu_user = se_user and pu_admin = 1 where se_id = '$se'; select us_id, us_admin, us_username, us_firstname, us_lastname, isnull(us_email,'') us_email, isnull(us_bugs_per_page,10) us_bugs_per_page, isnull(us_forced_project,0) us_forced_project, us_use_fckeditor, us_enable_bug_list_popups, og.*, isnull(us_forced_project, 0 ) us_forced_project, isnull(pu_permission_level, $dpl) pu_permission_level, @project_admin [project_admin] from sessions inner join users on se_user = us_id inner join orgs og on us_org = og_id left outer join project_user_xref on pu_project = us_forced_project and pu_user = us_id where se_id = '$se' and us_active = 1"; sql = sql.Replace("$se", se_id); sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2")); dr = DbUtil.get_datarow(sql); } if (dr == null) { if (Util.get_setting("AllowGuestWithoutLogin", "0") == "1") { // allow users in, even without logging on. // The user will have the permissions of the "guest" user. string sql = @" /* get guest */ select us_id, us_admin, us_username, us_firstname, us_lastname, isnull(us_email,'') us_email, isnull(us_bugs_per_page,10) us_bugs_per_page, isnull(us_forced_project,0) us_forced_project, us_use_fckeditor, us_enable_bug_list_popups, og.*, isnull(us_forced_project, 0 ) us_forced_project, isnull(pu_permission_level, $dpl) pu_permission_level, 0 [project_admin] from users inner join orgs og on us_org = og_id left outer join project_user_xref on pu_project = us_forced_project and pu_user = us_id where us_username = '******' and us_active = 1"; sql = sql.Replace("$dpl", Util.get_setting("DefaultPermissionLevel", "2")); dr = DbUtil.get_datarow(sql); } } // no previous session, no guest login allowed if (dr == null) { Util.write_to_log("no previous session, no guest login allowed"); Response.Redirect(target); } else { user.set_from_db(dr); } if (cookie != null) { asp_net_context.Session["session_cookie"] = cookie.Value; } else { Util.write_to_log("blanking cookie"); asp_net_context.Session["session_cookie"] = ""; } if (level == MUST_BE_ADMIN && !user.is_admin) { Util.write_to_log("must be admin, redirecting"); Response.Redirect("default.aspx"); } else if (level == ANY_USER_OK_EXCEPT_GUEST && user.is_guest) { Util.write_to_log("cant be guest, redirecting"); Response.Redirect("default.aspx"); } else if (level == MUST_BE_ADMIN_OR_PROJECT_ADMIN && !user.is_admin && !user.is_project_admin) { Util.write_to_log("must be project admin, redirecting"); Response.Redirect("default.aspx"); } if (Util.get_setting("WindowsAuthentication", "0") == "1") { auth_method = "windows"; } else { auth_method = "plain"; } }
/////////////////////////////////////////////////////////////////////// protected void Page_Load(Object sender, EventArgs e) { Util.do_not_cache(Response); if (User.IsInRole(BtnetRoles.Admin) || User.Identity.GetCanEditReports()) { // } else { Response.Write("You are not allowed to use this page."); Response.End(); } Master.Menu.SelectedItem = "reports"; Page.Title = Util.get_setting("AppTitle", "BugTracker.NET") + " - " + "edit report"; msg.InnerText = ""; string var = Request.QueryString["id"]; if (var == null) { id = 0; } else { id = Convert.ToInt32(var); } if (!IsPostBack) { // add or edit? if (id == 0) { sub.Value = "Create"; sql_text.Value = Request.Form["sql_text"]; // if coming from search.aspx table.Checked = true; } else { sub.Value = "Update"; // Get this entry's data from the db and fill in the form sql = new SQLString(@"select rp_desc, rp_sql, rp_chart_type from reports where rp_id = @rpid" ); sql = sql.AddParameterWithValue("rpid", Convert.ToString(id)); DataRow dr = DbUtil.get_datarow(sql); // Fill in this form desc.Value = (string)dr["rp_desc"]; sql_text.Value = (string)dr["rp_sql"]; switch ((string)dr["rp_chart_type"]) { case "pie": pie.Checked = true; break; case "bar": bar.Checked = true; break; case "line": line.Checked = true; break; default: table.Checked = true; break; } } } else { on_update(); } }
/////////////////////////////////////////////////////////////////////// public static DataRow get_user_datarow_maybe_using_from_addr(SharpMimeMessage mime_message, string from_addr, string username) { DataRow dr = null; string sql = @" select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project from users inner join orgs on us_org = og_id where us_username = N'$us'"; // Create a new user from the "from" email address string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", ""); if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username) { // We can do a better job of parsing the from_addr here than we did in btnet_service.exe if (mime_message != null) { if (mime_message.Header.From != null && mime_message.Header.From != "") { from_addr = SharpMimeTools.parserfc2047Header(mime_message.Header.From); // handle multiline from from_addr = from_addr.Replace("\t", " "); } } // See if there's already a username that matches this email address username = Email.simplify_email_address(from_addr); // Does a user with this email already exist? sql = sql.Replace("$us", username.Replace("'", "''")); // We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user dr = DbUtil.get_datarow(sql); // We didn't find the user, so let's create him, using the email address as the username. if (dr == null) { bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1"; User.copy_user( username, username, "", "", "", // first, last, signature 0, // salt Guid.NewGuid().ToString(), // random value for password, Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"), use_domain_as_org_name); // now that we have created a user, try again dr = DbUtil.get_datarow(sql); } } else { // Use the btnet_service.exe user as the username sql = sql.Replace("$us", username.Replace("'", "''")); dr = DbUtil.get_datarow(sql); } return(dr); }