/bug_update.php
PHP | 406 lines | 270 code | 42 blank | 94 comment | 67 complexity | 733cd17d98a53ea450075e5a074b1ef6 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1
- <?php
- # MantisBT - A PHP based bugtracking system
- # MantisBT is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation, either version 2 of the License, or
- # (at your option) any later version.
- #
- # MantisBT is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
- /**
- * Update bug data then redirect to the appropriate viewing page
- *
- * @package MantisBT
- * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
- * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
- * @link http://www.mantisbt.org
- *
- * @uses core.php
- * @uses access_api.php
- * @uses authentication_api.php
- * @uses bug_api.php
- * @uses bugnote_api.php
- * @uses config_api.php
- * @uses constant_inc.php
- * @uses custom_field_api.php
- * @uses email_api.php
- * @uses error_api.php
- * @uses event_api.php
- * @uses form_api.php
- * @uses gpc_api.php
- * @uses helper_api.php
- * @uses history_api.php
- * @uses lang_api.php
- * @uses print_api.php
- * @uses relationship_api.php
- * @uses twitter_api.php
- */
- require_once( 'core.php' );
- require_api( 'access_api.php' );
- require_api( 'authentication_api.php' );
- require_api( 'bug_api.php' );
- require_api( 'bugnote_api.php' );
- require_api( 'config_api.php' );
- require_api( 'constant_inc.php' );
- require_api( 'custom_field_api.php' );
- require_api( 'email_api.php' );
- require_api( 'error_api.php' );
- require_api( 'event_api.php' );
- require_api( 'form_api.php' );
- require_api( 'gpc_api.php' );
- require_api( 'helper_api.php' );
- require_api( 'history_api.php' );
- require_api( 'lang_api.php' );
- require_api( 'print_api.php' );
- require_api( 'relationship_api.php' );
- require_api( 'twitter_api.php' );
- form_security_validate( 'bug_update' );
- $f_bug_id = gpc_get_int( 'bug_id' );
- $t_existing_bug = bug_get( $f_bug_id, true );
- if ( helper_get_current_project() !== $t_existing_bug->project_id ) {
- $g_project_override = $t_existing_bug->project_id;
- }
- # Ensure that the user has permission to update bugs. This check also factors
- # in whether the user has permission to view private bugs. The
- # $g_limit_reporters option is also taken into consideration.
- access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
- # Check if the bug is in a read-only state and whether the current user has
- # permission to update read-only bugs.
- if ( bug_is_readonly( $f_bug_id ) ) {
- error_parameters( $f_bug_id );
- trigger_error( ERROR_BUG_READ_ONLY_ACTION_DENIED, ERROR );
- }
- $t_updated_bug = clone $t_existing_bug;
- $t_updated_bug->additional_information = gpc_get_string( 'additional_information', $t_existing_bug->additional_information );
- $t_updated_bug->build = gpc_get_string( 'build', $t_existing_bug->build );
- $t_updated_bug->category_id = gpc_get_int( 'category_id', $t_existing_bug->category_id );
- $t_updated_bug->description = gpc_get_string( 'description', $t_existing_bug->description );
- $t_due_date = gpc_get_string( 'due_date', null );
- if ( $t_due_date !== null) {
- if ( is_blank ( $t_due_date ) ) {
- $t_updated_bug->due_date = 1;
- } else {
- $t_updated_bug->due_date = strtotime( $t_due_date );
- }
- }
- $t_updated_bug->duplicate_id = gpc_get_int( 'duplicate_id', 0 );
- $t_updated_bug->eta = gpc_get_int( 'eta', $t_existing_bug->eta );
- $t_updated_bug->fixed_in_version = gpc_get_string( 'fixed_in_version', $t_existing_bug->fixed_in_version );
- $t_updated_bug->handler_id = gpc_get_int( 'handler_id', $t_existing_bug->handler_id );
- $t_updated_bug->os = gpc_get_string( 'os', $t_existing_bug->os );
- $t_updated_bug->os_build = gpc_get_string( 'os_build', $t_existing_bug->os_build );
- $t_updated_bug->platform = gpc_get_string( 'platform', $t_existing_bug->platform );
- $t_updated_bug->priority = gpc_get_int( 'priority', $t_existing_bug->priority );
- $t_updated_bug->projection = gpc_get_int( 'projection', $t_existing_bug->projection );
- $t_updated_bug->reporter_id = gpc_get_int( 'reporter_id', $t_existing_bug->reporter_id );
- $t_updated_bug->reproducibility = gpc_get_int( 'reproducibility', $t_existing_bug->reproducibility );
- $t_updated_bug->resolution = gpc_get_int( 'resolution', $t_existing_bug->resolution );
- $t_updated_bug->severity = gpc_get_int( 'severity', $t_existing_bug->severity );
- $t_updated_bug->status = gpc_get_int( 'status', $t_existing_bug->status );
- $t_updated_bug->steps_to_reproduce = gpc_get_string( 'steps_to_reproduce', $t_existing_bug->steps_to_reproduce );
- $t_updated_bug->summary = gpc_get_string( 'summary', $t_existing_bug->summary );
- $t_updated_bug->target_version = gpc_get_string( 'target_version', $t_existing_bug->target_version );
- $t_updated_bug->version = gpc_get_string( 'version', $t_existing_bug->version );
- $t_updated_bug->view_state = gpc_get_int( 'view_state', $t_existing_bug->view_state );
- $t_bug_note = new BugNoteData();
- $t_bug_note->note = gpc_get_string( 'bugnote_text', '' );
- $t_bug_note->view_state = gpc_get_bool( 'private', config_get( 'default_bugnote_view_status' ) );
- $t_bug_note->time_tracking = gpc_get_string( 'time_tracking', '0:00' );
- # Determine whether the new status will reopen, resolve or close the issue.
- # Note that multiple resolved or closed states can exist and thus we need to
- # look at a range of statuses when performing this check.
- $t_resolved_status = config_get( 'bug_resolved_status_threshold' );
- $t_closed_status = config_get( 'bug_closed_status_threshold' );
- $t_resolve_issue = false;
- $t_close_issue = false;
- $t_reopen_issue = false;
- if ( $t_existing_bug->status < $t_resolved_status &&
- $t_updated_bug->status >= $t_resolved_status &&
- $t_updated_bug->status < $t_closed_status ) {
- $t_resolve_issue = true;
- } else if ( $t_existing_bug->status < $t_closed_status &&
- $t_updated_bug->status >= $t_closed_status ) {
- $t_close_issue = true;
- } else if ( $t_existing_bug->status >= $t_resolved_status &&
- $t_updated_bug->status <= config_get( 'bug_reopen_status' ) ) {
- $t_reopen_issue = true;
- }
- # If resolving or closing, ensure that all dependant issues have been resolved.
- if ( ( $t_resolve_issue || $t_close_issue ) &&
- !relationship_can_resolve_bug( $f_bug_id ) ) {
- trigger_error( ERROR_BUG_RESOLVE_DEPENDANTS_BLOCKING, ERROR );
- }
- # Validate any change to the status of the issue.
- if ( $t_existing_bug->status !== $t_updated_bug->status ) {
- access_ensure_bug_level( config_get( 'update_bug_status_threshold' ), $f_bug_id );
- if ( !bug_check_workflow( $t_existing_bug->status, $t_updated_bug->status ) ) {
- error_parameters( lang_get( 'status' ) );
- trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
- }
- if ( !access_has_bug_level( access_get_status_threshold( $t_updated_bug->status, $t_updated_bug->project_id ), $f_bug_id ) ) {
- # The reporter may be allowed to close or reopen the issue regardless.
- $t_can_bypass_status_access_thresholds = false;
- if ( $t_close_issue &&
- $t_existing_bug->status >= $t_resolved_status &&
- $t_existing_bug->reporter_id === auth_get_current_user_id() &&
- config_get( 'allow_reporter_close' ) ) {
- $t_can_bypass_status_access_thresholds = true;
- } else if ( $t_reopen_issue &&
- $t_existing_bug->status < $t_closed_status &&
- $t_existing_bug->reporter_id === auth_get_current_user_id() &&
- config_get( 'allow_reporter_reopen' ) ) {
- $t_can_bypass_status_access_thresholds = true;
- $t_updated_bug->resolution = config_get( 'bug_reopen_resolution' );
- }
- if ( !$t_can_bypass_status_access_thresholds ) {
- trigger_error( ERROR_ACCESS_DENIED, ERROR );
- }
- }
- }
- # Validate any change to the handler of an issue.
- $t_issue_is_sponsored = sponsorship_get_amount( sponsorship_get_all_ids( $f_bug_id ) ) > 0;
- if ( $t_existing_bug->handler_id !== $t_updated_bug->handler_id ) {
- access_ensure_bug_level( config_get( 'update_bug_assign_threshold' ), $f_bug_id );
- if ( $t_issue_is_sponsored && !access_has_bug_level( config_get( 'handle_sponsored_bugs_threshold' ), $f_bug_id ) ) {
- trigger_error( ERROR_SPONSORSHIP_HANDLER_ACCESS_LEVEL_TOO_LOW, ERROR );
- }
- if ( $t_updated_bug->handler_id !== NO_USER ) {
- if ( !access_has_bug_level( config_get( 'handle_bug_threshold' ), $f_bug_id, $t_updated_bug->handler_id ) ) {
- trigger_error( ERROR_HANDLER_ACCESS_TOO_LOW, ERROR );
- }
- if ( $t_issue_is_sponsored && !access_has_bug_level( config_get( 'assign_sponsored_bugs_threshold' ), $f_bug_id ) ) {
- trigger_error( ERROR_SPONSORSHIP_ASSIGNER_ACCESS_LEVEL_TOO_LOW, ERROR );
- }
- }
- }
- # Check whether the category has been undefined when it's compulsory.
- if ( $t_existing_bug->category_id !== $t_updated_bug->category_id ) {
- if ( $t_updated_bug->category_id === 0 &&
- !config_get( 'allow_no_category' ) ) {
- error_parameters( lang_get( 'category' ) );
- trigger_error( ERROR_EMPTY_FIELD, ERROR );
- }
- }
- # Don't allow resolutions denoting completion of issue to be used if the issue
- # has yet to be resolved or closed.
- if ( $t_existing_bug->resolution !== $t_updated_bug->resolution &&
- $t_updated_bug->resolution >= config_get( 'bug_resolution_fixed_threshold' ) &&
- $t_updated_bug->status < $t_resolved_status ) {
- error_parameters( lang_get( 'resolution' ) );
- trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
- }
- # Ensure that the user has permission to change the target version of the issue.
- if ( $t_existing_bug->target_version !== $t_updated_bug->target_version ) {
- access_ensure_bug_level( config_get( 'roadmap_update_threshold' ), $f_bug_id );
- }
- # Ensure that the user has permission to change the view status of the issue.
- if ( $t_existing_bug->view_state !== $t_updated_bug->view_state ) {
- access_ensure_bug_level( config_get( 'change_view_status_threshold' ), $f_bug_id );
- }
- # Determine the custom field "require check" to use for validating
- # whether fields can be undefined during this bug update.
- if ( $t_close_issue ) {
- $t_cf_require_check = 'require_closed';
- } else if ( $t_resolve_issue ) {
- $t_cf_require_check = 'require_resolved';
- } else {
- $t_cf_require_check = 'require_update';
- }
- $t_related_custom_field_ids = custom_field_get_linked_ids( $t_existing_bug->project_id );
- $t_custom_fields_to_set = array();
- foreach ( $t_related_custom_field_ids as $t_cf_id ) {
- $t_cf_def = custom_field_get_definition( $t_cf_id );
- if ( !gpc_isset_custom_field( $t_cf_id, $t_cf_def['type'] ) ) {
- if ( $t_cf_def[$t_cf_require_check] ) {
- # A value for the custom field was expected however
- # no value was given by the user.
- error_parameters( lang_get_defaulted( custom_field_get_field( $t_cf_id, 'name' ) ) );
- trigger_error( ERROR_EMPTY_FIELD, ERROR );
- } else {
- # The custom field isn't compulsory and the user did
- # not supply a value. Therefore we can just ignore this
- # custom field completely (ie. don't attempt to update
- # the field).
- continue;
- }
- }
- if( !custom_field_has_write_access( $t_cf_id, $f_bug_id ) ) {
- trigger_error( ACCESS_DENIED, ERROR );
- }
- $t_new_custom_field_value = gpc_get_custom_field( "custom_field_$t_cf_id", $t_cf_def['type'], null );
- $t_old_custom_field_value = custom_field_get_value( $t_cf_id, $f_bug_id );
- # Validate the value of the field against current validation rules.
- # This may cause an error if validation rules have recently been
- # modified such that old values that were once OK are now considered
- # invalid.
- if ( !custom_field_validate( $t_cf_id, $t_new_custom_field_value ) ) {
- error_parameters( lang_get_defaulted( custom_field_get_field( $t_cf_id, 'name' ) ) );
- trigger_error( ERROR_CUSTOM_FIELD_INVALID_VALUE, ERROR );
- }
- # Remember the new custom field values so we can set them when updating
- # the bug (done after all data passed to this update page has been
- # validated).
- $t_custom_fields_to_set[] = array( 'id' => $t_cf_id, 'value' => $t_new_custom_field_value );
- }
- # Perform validation of the duplicate ID of the bug.
- if ( $t_updated_bug->duplicate_id !== 0 ) {
- if ( $t_updated_bug->duplicate_id === $f_bug_id ) {
- trigger_error( ERROR_BUG_DUPLICATE_SELF, ERROR );
- }
- bug_ensure_exists( $t_updated_bug->duplicate_id );
- if ( !access_has_bug_level( config_get( 'update_bug_threshold' ), $t_updated_bug->duplicate_id ) ) {
- trigger_error( ERROR_RELATIONSHIP_ACCESS_LEVEL_TO_DEST_BUG_TOO_LOW, ERROR );
- }
- if ( relationship_exists( $f_bug_id, $t_updated_bug->duplicate_id ) ) {
- trigger_error( ERROR_RELATIONSHIP_ALREADY_EXISTS, ERROR );
- }
- }
- # Validate the new bug note (if any is provided).
- if ( $t_bug_note->note ||
- ( config_get( 'time_tracking_enabled' ) &&
- helper_duration_to_minutes( $t_bug_note->time_tracking ) > 0 ) ) {
- access_ensure_bug_level( config_get( 'add_bugnote_threshold' ), $f_bug_id );
- if ( !$t_bug_note->note &&
- !config_get( 'time_tracking_without_note' ) ) {
- error_parameters( lang_get( 'bugnote' ) );
- trigger_error( ERROR_EMPTY_FIELD, ERROR );
- }
- if ( $t_bug_note->view_state !== config_get( 'default_bugnote_view_status' ) ) {
- access_ensure_bug_level( config_get( 'set_view_status_threshold' ), $f_bug_id );
- }
- }
- # Handle the reassign on feedback feature. Note that this feature generally
- # won't work very well with custom workflows as it makes a lot of assumptions
- # that may not be true. It assumes you don't have any statuses in the workflow
- # between 'bug_submit_status' and 'bug_feedback_status'. It assumes you only
- # have one feedback, assigned and submitted status.
- if ( $t_bug_note->note &&
- config_get( 'reassign_on_feedback' ) &&
- $t_existing_bug->status === config_get( 'bug_feedback_status' ) &&
- $t_updated_bug->reporter_id === auth_get_current_user_id() ) {
- if ( $t_updated_bug->handler_id !== NO_USER ) {
- $t_updated_bug->status = config_get( 'bug_assigned_status' );
- } else {
- $t_updated_bug->status = config_get( 'bug_submit_status' );
- }
- }
- # Handle automatic assignment of issues.
- if ( $t_existing_bug->handler_id === NO_USER &&
- $t_updated_bug->handler_id !== NO_USER &&
- $t_updated_bug->status < config_get( 'bug_assigned_status' ) &&
- config_get( 'auto_set_status_to_assigned' ) ) {
- $t_updated_bug->status = config_get( 'bug_assigned_status' );
- }
- # Allow a custom function to validate the proposed bug updates. Note that
- # custom functions are being deprecated in MantisBT. You should migrate to
- # the new plugin system instead.
- helper_call_custom_function( 'issue_update_validate', array( $f_bug_id, $t_updated_bug, $t_bug_note->note ) );
- # Allow plugins to validate/modify the update prior to it being committed.
- $t_event_updated_bug = event_signal( 'EVENT_UPDATE_BUG_DATA', array( $t_existing_bug, $t_updated_bug ) );
- $t_existing_bug = $t_event_updated_bug[0];
- $t_updated_bug = $t_event_updated_bug[1];
- # Commit the bug updates to the database.
- $t_text_field_update_required = ( $t_existing_bug->description !== $t_updated_bug->description ) ||
- ( $t_existing_bug->additional_information !== $t_updated_bug->additional_information ) ||
- ( $t_existing_bug->steps_to_reproduce !== $t_updated_bug->steps_to_reproduce );
- $t_updated_bug->update( $t_text_field_update_required, true );
- # Update custom field values.
- foreach ( $t_custom_fields_to_set as $t_custom_field_to_set ) {
- custom_field_set_value( $t_custom_field_to_set['id'], $f_bug_id, $t_custom_field_to_set['value'] );
- }
- # Add a bug note if there is one.
- if ( $t_bug_note->note || helper_duration_to_minutes( $t_bug_note->time_tracking ) > 0 ) {
- bugnote_add( $f_bug_id, $t_bug_note->note, $t_bug_note->time_tracking, $t_bug_note->view_state, 0, '', null, false );
- }
- # Add a duplicate relationship if requested.
- if ( $t_updated_bug->duplicate_id !== 0 ) {
- relationship_add( $f_bug_id, $t_updated_bug->duplicate_id, BUG_DUPLICATE );
- history_log_event_special( $f_bug_id, BUG_ADD_RELATIONSHIP, BUG_DUPLICATE, $t_updated_bug->duplicate_id );
- history_log_event_special( $t_updated_bug->duplicate_id, BUG_ADD_RELATIONSHIP, BUG_HAS_DUPLICATE, $f_bug_id );
- if ( user_exists( $t_existing_bug->reporter_id ) ) {
- bug_monitor( $f_bug_id, $t_existing_bug->reporter_id );
- }
- if ( user_exists ( $t_existing_bug->handler_id ) ) {
- bug_monitor( $f_bug_id, $t_existing_bug->handler_id );
- }
- bug_monitor_copy( $f_bug_id, $t_updated_bug->duplicate_id );
- }
- event_signal( 'EVENT_UPDATE_BUG', array( $t_existing_bug, $t_updated_bug ) );
- # Allow a custom function to respond to the modifications made to the bug. Note
- # that custom functions are being deprecated in MantisBT. You should migrate to
- # the new plugin system instead.
- helper_call_custom_function( 'issue_update_notify', array( $f_bug_id ) );
- # Send a notification of changes via email.
- if ( $t_resolve_issue ) {
- email_resolved( $f_bug_id );
- email_relationship_child_resolved( $f_bug_id );
- } else if ( $t_close_issue ) {
- email_close( $f_bug_id );
- email_relationship_child_closed( $f_bug_id );
- } else if ( $t_reopen_issue ) {
- email_reopen( $f_bug_id );
- } else if ( $t_existing_bug->handler_id === NO_USER &&
- $t_updated_bug->handler_id !== NO_USER ) {
- email_assign( $f_bug_id );
- } else if ( $t_existing_bug->status !== $t_updated_bug->status ) {
- $t_new_status_label = MantisEnum::getLabel( config_get( 'status_enum_string' ), $t_updated_bug->status );
- $t_new_status_label = str_replace( ' ', '_', $t_new_status_label );
- email_generic( $f_bug_id, $t_new_status_label, 'email_notification_title_for_status_bug_' . $t_new_status_label );
- } else {
- email_generic( $f_bug_id, 'updated', 'email_notification_title_for_action_bug_updated' );
- }
- # Twitter notification of bug update.
- if ( $t_resolve_issue &&
- $t_updated_bug->resolution >= config_get( 'bug_resolution_fixed_threshold' ) &&
- $t_updated_bug->resolution < config_get( 'bug_resolution_not_fixed_threshold' ) ) {
- twitter_issue_resolved( $f_bug_id );
- }
- form_security_purge( 'bug_update' );
- print_successful_redirect_to_bug( $f_bug_id );