1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Handler to store a filter
19 *
20 * @package MantisBT
21 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses authentication_api.php
27 * @uses compress_api.php
28 * @uses config_api.php
29 * @uses filter_api.php
30 * @uses form_api.php
31 * @uses gpc_api.php
32 * @uses helper_api.php
33 * @uses lang_api.php
34 * @uses print_api.php
35 * @uses utility_api.php
36 */
37
38require_once( 'core.php' );
39require_api( 'authentication_api.php' );
40require_api( 'compress_api.php' );
41require_api( 'config_api.php' );
42require_api( 'filter_api.php' );
43require_api( 'form_api.php' );
44require_api( 'gpc_api.php' );
45require_api( 'helper_api.php' );
46require_api( 'lang_api.php' );
47require_api( 'print_api.php' );
48require_api( 'utility_api.php' );
49
50form_security_validate( 'query_store' );
51
52auth_ensure_user_authenticated();
53compress_enable();
54
55$f_query_name = strip_tags( gpc_get_string( 'query_name' ) );
56$f_is_public = gpc_get_bool( 'is_public' );
57$f_all_projects = gpc_get_bool( 'all_projects' );
58
59$t_query_redirect_url = 'query_store_page.php';
60
61# We can't have a blank name
62if( is_blank( $f_query_name ) ) {
63	$t_query_redirect_url = $t_query_redirect_url . '?error_msg='
64		. urlencode( lang_get( 'query_blank_name' ) );
65	print_header_redirect( $t_query_redirect_url );
66}
67
68# mantis_filters_table.name has a length of 64. Not allowing longer.
69if( !filter_name_valid_length( $f_query_name ) ) {
70	$t_query_redirect_url = $t_query_redirect_url . '?error_msg='
71		. urlencode( lang_get( 'query_name_too_long' ) );
72	print_header_redirect( $t_query_redirect_url );
73}
74
75# Check and make sure they don't already have a
76# query with the same name
77$t_query_arr = filter_db_get_available_queries();
78foreach( $t_query_arr as $t_id => $t_name )	{
79	if( $f_query_name == $t_name ) {
80		$t_query_redirect_url = $t_query_redirect_url . '?error_msg='
81			. urlencode( lang_get( 'query_dupe_name' ) );
82		print_header_redirect( $t_query_redirect_url );
83		exit;
84	}
85}
86
87$t_project_id = helper_get_current_project();
88if( $f_all_projects ) {
89	$t_project_id = 0;
90}
91
92# Get the filter in use
93$t_filter = current_user_get_bug_filter();
94
95# named filters must not reference source query id
96if( isset( $t_filter['_source_query_id'] ) ) {
97	unset( $t_filter['_source_query_id'] );
98}
99
100# Check that the user has permission to create stored filters
101if( !access_has_project_level( config_get( 'stored_query_create_threshold' ) ) ) {
102	access_denied();
103}
104
105# ensure that we're not making this filter public if we're not allowed
106if( $f_is_public && !access_has_project_level( config_get( 'stored_query_create_shared_threshold' ) ) ) {
107	access_denied();
108}
109
110$t_filter_string = filter_serialize( $t_filter );
111$t_new_row_id = filter_db_create_filter( $t_filter_string, auth_get_current_user_id(), $t_project_id, $f_query_name , $f_is_public );
112
113form_security_purge( 'query_store' );
114
115if( $t_new_row_id == -1 ) {
116	$t_query_redirect_url = $t_query_redirect_url . '?error_msg='
117		. urlencode( lang_get( 'query_store_error' ) );
118	print_header_redirect( $t_query_redirect_url );
119} else {
120	# Build a redirect to view_all_set to load the filter that was saved.
121	# This will make the filter name appear as selected in the filter selection box.
122	$t_params = array(
123		'type' => 3,
124		'source_query_id' => $t_new_row_id
125	);
126	if( filter_is_temporary( $t_filter ) ) {
127		$t_params['filter'] = filter_get_temporary_key( $t_filter );
128	}
129	$t_redirect = 'view_all_set.php?' . http_build_query( $t_params );
130	print_header_redirect( $t_redirect );
131}
132