1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Manage filter edit update page
19 *
20 * @package MantisBT
21 * @copyright Copyright 2016  MantisBT Team - mantisbt-dev@lists.sourceforge.net
22 * @link http://www.mantisbt.org
23 *
24 * @uses core.php
25 * @uses filter_api.php
26 */
27
28require_once( 'core.php' );
29require_api( 'filter_api.php' );
30
31form_security_validate( 'manage_filter_edit_update' );
32
33auth_ensure_user_authenticated();
34
35$t_errors = array();
36
37$f_filter_id = gpc_get_int( 'filter_id', null );
38if( null === $f_filter_id ) {
39	error_parameters( 'FILTER_ID' );
40	trigger_error( ERROR_EMPTY_FIELD, ERROR );
41}
42
43$t_filter = filter_get( $f_filter_id, null );
44if( null === $t_filter ) {
45	access_denied();
46}
47
48$f_filter_name = gpc_get_string( 'filter_name', null );
49# Check if filter name has been modified
50# The filter name is now trimmed of white spaces before being saved, if the filter name
51# had untrimmed spaces but the user did not change it, we keep it as is for compatibility
52if( $f_filter_name != filter_get_field( $f_filter_id, 'name' ) ) {
53	$f_filter_name = string_normalize( strip_tags( gpc_get_string( 'filter_name' ) ) );
54	# Check for a blank name
55	if( is_blank( $f_filter_name ) ) {
56		$t_errors[] = lang_get( 'query_blank_name' );
57	}
58	# Check name length
59	if( !filter_name_valid_length( $f_filter_name ) ) {
60		$t_errors[] = lang_get( 'query_name_too_long' );
61	}
62	# Check and make sure they don't already have a query with the same name
63	$t_query_arr = filter_db_get_available_queries();
64	foreach( $t_query_arr as $t_name )	{
65		if( $f_filter_name == string_normalize( $t_name ) ) {
66			$t_errors[] = lang_get( 'query_dupe_name' );
67			break;
68		}
69	}
70} else {
71	# filter name will not be updated
72	$f_filter_name = null;
73}
74
75if( access_has_project_level( config_get( 'stored_query_create_shared_threshold' ) ) ) {
76	$f_is_public = gpc_get_bool( 'is_public' );
77} else {
78	# don't modify it
79	$f_is_public = null;
80}
81
82$f_project_id = gpc_get_int( 'filter_project_id', null );
83
84$t_editable = filter_db_can_delete_filter( $f_filter_id );
85if( !$t_editable ) {
86	access_denied();
87}
88
89$t_filter = filter_gpc_get( $t_filter );
90
91form_security_purge( 'manage_filter_edit_update' );
92
93if( empty( $t_errors ) ) {
94	filter_db_update_filter( $f_filter_id, filter_serialize( $t_filter ), $f_project_id, $f_is_public, $f_filter_name );
95	print_header_redirect( 'manage_filter_page.php' );
96}
97
98# If there is any error message:
99$t_error_html = '<li>' . implode( '</li><li>', $t_errors ) . '</li>';
100
101layout_page_header();
102layout_admin_page_begin();
103echo '<div class="space-10"></div>';
104html_operation_failure(
105				helper_mantis_url( 'manage_filter_edit_page.php?filter_id=' . $f_filter_id ),
106				$t_error_html
107			);
108layout_admin_page_end();
109