xref: /web-bugs/www/patch-add.php (revision 4a29f1a2) 
1<?php
2
3use App\Repository\BugRepository;
4use App\Repository\PatchRepository;
5use App\Utils\Captcha;
6use App\Utils\PatchTracker;
7
8// Obtain common includes
9require_once '../include/prepend.php';
10
11$patchTracker = $container->get(PatchTracker::class);
12$patchRepository = $container->get(PatchRepository::class);
13
14session_start();
15
16// Authenticate
17bugs_authenticate($user, $pw, $logged_in, $user_flags);
18
19if (!$logged_in) {
20    response_header('Developers only');
21    display_bug_error('Only developers are allowed to add patches');
22    response_footer();
23    exit;
24}
25
26$canpatch = true;
27
28/// Input vars
29$bug_id = !empty($_REQUEST['bug']) ? (int) $_REQUEST['bug'] : 0;
30if (empty($bug_id)) {
31    $bug_id = !empty($_REQUEST['bug_id']) ? (int) $_REQUEST['bug_id'] : 0;
32}
33
34if (empty($bug_id)) {
35    response_header('Error :: no bug selected');
36    display_bug_error('No bug selected to add a patch to (no bug or bug_id!)');
37    response_footer();
38    exit;
39}
40
41$bugRepository = $container->get(BugRepository::class);
42
43if (!($buginfo = $bugRepository->findOneById($bug_id))) {
44    response_header('Error :: invalid bug selected');
45    display_bug_error("Invalid bug #{$bug_id} selected");
46    response_footer();
47    exit;
48}
49
50$package_name = $buginfo['package_name'];
51
52// captcha is not necessary if the user is logged in
53if (!$logged_in) {
54    $captcha = $container->get(Captcha::class);
55}
56
57$show_bug_info = bugs_has_access($bug_id, $buginfo, $pw, $user_flags);
58
59if (!$show_bug_info) {
60    response_header('Private report');
61    display_bug_error("The bug #{$bug_id} is not available to public");
62    response_footer();
63    exit;
64}
65
66$patch_name = (!empty($_GET['patchname']) && is_string($_GET['patchname'])) ? $_GET['patchname'] : '';
67$patch_name = (!empty($_POST['name']) && is_string($_POST['name'])) ? $_POST['name'] : $patch_name;
68$patch_name_url = urlencode($patch_name);
69
70if (isset($_POST['addpatch'])) {
71    if (!isset($_POST['obsoleted'])) {
72        $_POST['obsoleted'] = [];
73    }
74
75    // Check that patch name is given (required always)
76    if (empty($patch_name)) {
77        $patches = $patchRepository->findAllByBugId($bug_id);
78        $errors[] = 'No patch name entered';
79        include "{$ROOT_DIR}/templates/addpatch.php";
80        exit;
81    }
82
83    if (!$logged_in) {
84        try {
85            $errors = [];
86
87            $email = isset($_POST['email']) ? $_POST['email'] : '';
88
89            if (!is_valid_email($email, $logged_in)) {
90                $errors[] = 'Email address must be valid!';
91            }
92
93            /**
94             * Check if session answer is set, then compare
95             * it with the post captcha value. If it's not
96             * the same, then it's an incorrect password.
97             */
98            if (!isset($_SESSION['answer']) || $_POST['captcha'] != $_SESSION['answer']) {
99                $errors[] = 'Incorrect Captcha';
100            }
101
102            if (count($errors)) {
103                throw new \Exception('');
104            }
105
106            try {
107                $revision = $patchTracker->attach($bug_id, 'patch', $patch_name, $email, $_POST['obsoleted']);
108            } catch (\Exception $e) {
109                $patches = $patchRepository->findAllByBugId($bug_id);
110                $errors[] = $e->getMessage();
111                $errors[] = 'Could not attach patch "'.htmlspecialchars($patch_name).'" to Bug #'.$bug_id;
112                include "{$ROOT_DIR}/templates/addpatch.php";
113
114                exit;
115            }
116        } catch (\Exception $e) {
117            $patches = $patchRepository->findAllByBugId($bug_id);
118            include "{$ROOT_DIR}/templates/addpatch.php";
119            exit;
120        }
121    } else {
122        $email = $auth_user->email;
123
124        try {
125            $revision = $patchTracker->attach($bug_id, 'patch', $patch_name, $auth_user->email, $_POST['obsoleted']);
126        } catch (\Exception $e) {
127            $patches = $patchRepository->findAllByBugId($bug_id);
128            $errors = [
129                $e->getMessage(),
130                'Could not attach patch "'.htmlspecialchars($patch_name, ENT_QUOTES).'" to Bug #'.$bug_id
131            ];
132            include "{$ROOT_DIR}/templates/addpatch.php";
133
134            exit;
135        }
136    }
137
138    // Add a comment to the bug report.
139    $patch_url = "{$site_method}://{$site_url}{$basedir}/patch-display.php?bug={$bug_id}&patch={$patch_name_url}&revision={$revision}";
140
141    $text = <<<TXT
142The following patch has been added/updated:
143
144Patch Name: {$patch_name}
145Revision:   {$revision}
146URL:        {$patch_url}
147TXT;
148
149    $res = bugs_add_comment($bug_id, $email, $auth_user->name, $text, 'patch');
150
151    // Send emails
152    mail_bug_updates($buginfo, $buginfo, $email, $text, 4, $bug_id);
153
154    $patches = $patchRepository->findAllByBugId($bug_id);
155    $errors = [];
156    include "{$ROOT_DIR}/templates/patchadded.php";
157    exit;
158}
159
160$email = isset($_GET['email']) ? $_GET['email'] : '';
161$patches = $patchRepository->findAllByBugId($bug_id);
162
163include "{$ROOT_DIR}/templates/addpatch.php";
164