1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Handler to store a filter 19 * 20 * @package MantisBT 21 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 22 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 23 * @link http://www.mantisbt.org 24 * 25 * @uses core.php 26 * @uses authentication_api.php 27 * @uses compress_api.php 28 * @uses config_api.php 29 * @uses filter_api.php 30 * @uses form_api.php 31 * @uses gpc_api.php 32 * @uses helper_api.php 33 * @uses lang_api.php 34 * @uses print_api.php 35 * @uses utility_api.php 36 */ 37 38require_once( 'core.php' ); 39require_api( 'authentication_api.php' ); 40require_api( 'compress_api.php' ); 41require_api( 'config_api.php' ); 42require_api( 'filter_api.php' ); 43require_api( 'form_api.php' ); 44require_api( 'gpc_api.php' ); 45require_api( 'helper_api.php' ); 46require_api( 'lang_api.php' ); 47require_api( 'print_api.php' ); 48require_api( 'utility_api.php' ); 49 50form_security_validate( 'query_store' ); 51 52auth_ensure_user_authenticated(); 53compress_enable(); 54 55$f_query_name = strip_tags( gpc_get_string( 'query_name' ) ); 56$f_is_public = gpc_get_bool( 'is_public' ); 57$f_all_projects = gpc_get_bool( 'all_projects' ); 58 59$t_query_redirect_url = 'query_store_page.php'; 60 61# We can't have a blank name 62if( is_blank( $f_query_name ) ) { 63 $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' 64 . urlencode( lang_get( 'query_blank_name' ) ); 65 print_header_redirect( $t_query_redirect_url ); 66} 67 68# mantis_filters_table.name has a length of 64. Not allowing longer. 69if( !filter_name_valid_length( $f_query_name ) ) { 70 $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' 71 . urlencode( lang_get( 'query_name_too_long' ) ); 72 print_header_redirect( $t_query_redirect_url ); 73} 74 75# Check and make sure they don't already have a 76# query with the same name 77$t_query_arr = filter_db_get_available_queries(); 78foreach( $t_query_arr as $t_id => $t_name ) { 79 if( $f_query_name == $t_name ) { 80 $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' 81 . urlencode( lang_get( 'query_dupe_name' ) ); 82 print_header_redirect( $t_query_redirect_url ); 83 exit; 84 } 85} 86 87$t_project_id = helper_get_current_project(); 88if( $f_all_projects ) { 89 $t_project_id = 0; 90} 91 92# Get the filter in use 93$t_filter = current_user_get_bug_filter(); 94 95# named filters must not reference source query id 96if( isset( $t_filter['_source_query_id'] ) ) { 97 unset( $t_filter['_source_query_id'] ); 98} 99 100# Check that the user has permission to create stored filters 101if( !access_has_project_level( config_get( 'stored_query_create_threshold' ) ) ) { 102 access_denied(); 103} 104 105# ensure that we're not making this filter public if we're not allowed 106if( $f_is_public && !access_has_project_level( config_get( 'stored_query_create_shared_threshold' ) ) ) { 107 access_denied(); 108} 109 110$t_filter_string = filter_serialize( $t_filter ); 111$t_new_row_id = filter_db_create_filter( $t_filter_string, auth_get_current_user_id(), $t_project_id, $f_query_name , $f_is_public ); 112 113form_security_purge( 'query_store' ); 114 115if( $t_new_row_id == -1 ) { 116 $t_query_redirect_url = $t_query_redirect_url . '?error_msg=' 117 . urlencode( lang_get( 'query_store_error' ) ); 118 print_header_redirect( $t_query_redirect_url ); 119} else { 120 # Build a redirect to view_all_set to load the filter that was saved. 121 # This will make the filter name appear as selected in the filter selection box. 122 $t_params = array( 123 'type' => 3, 124 'source_query_id' => $t_new_row_id 125 ); 126 if( filter_is_temporary( $t_filter ) ) { 127 $t_params['filter'] = filter_get_temporary_key( $t_filter ); 128 } 129 $t_redirect = 'view_all_set.php?' . http_build_query( $t_params ); 130 print_header_redirect( $t_redirect ); 131} 132