1<?php 2# MantisBT - A PHP based bugtracking system 3 4# MantisBT is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 2 of the License, or 7# (at your option) any later version. 8# 9# MantisBT is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Return Dynamic Filters 19 * 20 * @package MantisBT 21 * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 22 * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net 23 * @link http://www.mantisbt.org 24 * 25 * @uses core.php 26 * @uses authentication_api.php 27 * @uses compress_api.php 28 * @uses config_api.php 29 * @uses constant_inc.php 30 * @uses current_user_api.php 31 * @uses custom_field_api.php 32 * @uses error_api.php 33 * @uses filter_api.php 34 * @uses filter_constants_inc.php 35 * @uses filter_form_api.php 36 * @uses gpc_api.php 37 * @uses helper_api.php 38 */ 39 40use Mantis\Exceptions\StateException; 41 42# Prevent output of HTML in the content if errors occur 43define( 'DISABLE_INLINE_ERROR_REPORTING', true ); 44 45require_once( 'core.php' ); 46require_api( 'authentication_api.php' ); 47require_api( 'compress_api.php' ); 48require_api( 'config_api.php' ); 49require_api( 'constant_inc.php' ); 50require_api( 'current_user_api.php' ); 51require_api( 'custom_field_api.php' ); 52require_api( 'error_api.php' ); 53require_api( 'filter_api.php' ); 54require_api( 'filter_constants_inc.php' ); 55require_api( 'filter_form_api.php' ); 56require_api( 'gpc_api.php' ); 57require_api( 'helper_api.php' ); 58 59if( !auth_is_user_authenticated() ) { 60 trigger_error( ERROR_ACCESS_DENIED, ERROR ); 61} 62 63compress_enable(); 64 65$f_filter_id = gpc_get( 'filter_id', null ); 66if( null !== $f_filter_id ) { 67 $t_filter = filter_get( $f_filter_id, null ); 68 if( null === $t_filter ) { 69 trigger_error( ERROR_ACCESS_DENIED, ERROR ); 70 } 71} else { 72 $t_filter = current_user_get_bug_filter(); 73} 74 75$f_view_type = gpc_get_string( 'view_type', $t_filter['_view_type'] ); 76$t_filter['_view_type'] = $f_view_type; 77# call to filter_ensure_valid_filter to clean up after adding unsafe values from gpc vars 78$t_filter = filter_ensure_valid_filter( $t_filter ); 79 80/** 81 * Prepend headers to the dynamic filter forms that are sent as the response from this page. 82 * @return void 83 */ 84function return_dynamic_filters_prepend_headers() { 85 if( !headers_sent() ) { 86 header( 'Content-Type: text/html; charset=utf-8' ); 87 } 88} 89 90$f_filter_target = gpc_get_string( 'filter_target' ); 91$filter_target = mb_substr( $f_filter_target, 0, -7 ); # -7 for '_filter' 92$t_found = false; 93try { 94 $t_content = filter_form_get_input( $t_filter, $filter_target ); 95} catch( StateException $e ) { 96 $t_content = false; 97} 98 99if( false !== $t_content ) { 100 return_dynamic_filters_prepend_headers(); 101 $t_found = true; 102 echo $t_content; 103} else if( 'custom_field' == mb_substr( $f_filter_target, 0, 12 ) ) { 104 # Check existence of custom field id, and if the user has access to read and filter by 105 $t_custom_id = mb_substr( $f_filter_target, 13, -7 ); 106 $t_cfdef = custom_field_get_definition( $t_custom_id ); 107 if( $t_cfdef && access_has_any_project_level( $t_cfdef['access_level_r'] ) && $t_cfdef['filter_by'] ) { 108 $t_found = true; 109 return_dynamic_filters_prepend_headers(); 110 print_filter_custom_field( $t_custom_id, $t_filter ); 111 } else { 112 trigger_error( ERROR_ACCESS_DENIED, ERROR ); 113 } 114} else { 115 $t_plugin_filters = filter_get_plugin_filters(); 116 foreach ( $t_plugin_filters as $t_field_name => $t_filter_object ) { 117 if( $t_field_name . '_filter' == $f_filter_target ) { 118 return_dynamic_filters_prepend_headers(); 119 print_filter_plugin_field( $t_field_name, $t_filter_object, $t_filter ); 120 $t_found = true; 121 break; 122 } 123 } 124} 125 126if( !$t_found ) { 127 # error - no function to populate the target (e.g., print_filter_foo) 128 error_parameters( $f_filter_target ); 129 trigger_error( ERROR_FILTER_NOT_FOUND, ERROR ); 130} 131