search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
SOAP API: do not try to unserialize an invalid filter
[mantis.git] / adm_config_set.php
blob9162c1d08379ddc9f5325b90d9433590216777a4
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This page stores the reported bug
19 *
20 * @package MantisBT
21 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses access_api.php
27 * @uses config_api.php
28 * @uses constant_inc.php
29 * @uses error_api.php
30 * @uses form_api.php
31 * @uses gpc_api.php
32 * @uses print_api.php
33 * @uses project_api.php
34 * @uses utility_api.php
35 */
36
37 /**
38 * MantisBT Core API's
39 */
40 require_once( 'core.php' );
41 require_api( 'access_api.php' );
42 require_api( 'config_api.php' );
43 require_api( 'constant_inc.php' );
44 require_api( 'error_api.php' );
45 require_api( 'form_api.php' );
46 require_api( 'gpc_api.php' );
47 require_api( 'print_api.php' );
48 require_api( 'project_api.php' );
49 require_api( 'utility_api.php' );
50
51 form_security_validate( 'adm_config_set' );
52
53 $f_user_id = gpc_get_int( 'user_id' );
54 $f_project_id = gpc_get_int( 'project_id' );
55 $f_config_option = gpc_get_string( 'config_option' );
56 $f_type = gpc_get_string( 'type' );
57 $f_value = gpc_get_string( 'value' );
58
59 if ( is_blank( $f_config_option ) ) {
60 error_parameters( 'config_option' );
61 trigger_error( ERROR_EMPTY_FIELD, ERROR );
62 }
63
64 access_ensure_global_level( config_get( 'set_configuration_threshold' ) );
65
66 if ( $f_project_id != ALL_PROJECTS ) {
67 project_ensure_exists( $f_project_id );
68 }
69
70 # make sure that configuration option specified is a valid one.
71 $t_not_found_value = '***CONFIG OPTION NOT FOUND***';
72 if ( config_get_global( $f_config_option, $t_not_found_value ) === $t_not_found_value ) {
73 error_parameters( $f_config_option );
74 trigger_error( ERROR_CONFIG_OPT_NOT_FOUND, ERROR );
75 }
76
77 # make sure that configuration option specified can be stored in the database
78 if ( !config_can_set_in_database( $f_config_option ) ) {
79 error_parameters( $f_config_option );
80 trigger_error( ERROR_CONFIG_OPT_CANT_BE_SET_IN_DB, ERROR );
81 }
82
83 if ( $f_type === 'default' ) {
84 $t_config_global_value = config_get_global( $f_config_option );
85 if ( is_string( $t_config_global_value ) ) {
86 $t_type = 'string';
87 } else if ( is_int( $t_config_global_value ) ) {
88 $t_type = 'integer';
89 } else { # note that we consider bool and float as complex. We use ON/OFF for bools which map to numeric.
90 $t_type = 'complex';
91 }
92 } else {
93 $t_type = $f_type;
94 }
95
96 if ( $t_type === 'string' ) {
97 $t_value = $f_value;
98 } else if ( $t_type === 'integer' ) {
99 $t_value = (integer)$f_value;
100 } else {
101 # We support these kind of variables here:
102 # 1. constant values (like the ON/OFF switches): they are defined as constants mapping to numeric values
103 # 2. simple arrays with the form: array( a, b, c, d )
104 # 3. associative arrays with the form: array( a=>1, b=>2, c=>3, d=>4 )
105 # TODO: allow multi-dimensional arrays, allow commas and => within strings
106 $t_full_string = trim( $f_value );
107 if ( preg_match('/array[\s]*\((.*)\)/s', $t_full_string, $t_match ) === 1 ) {
108 // we have an array here
109 $t_values = explode( ',', trim( $t_match[1] ) );
110 foreach ( $t_values as $key => $value ) {
111 if ( !trim( $value ) ) {
112 continue;
113 }
114 $t_split = explode( '=>', $value, 2 );
115 if ( count( $t_split ) == 2 ) {
116 // associative array
117 $t_new_key = constant_replace( trim( $t_split[0], " \t\n\r\0\x0B\"'" ) );
118 $t_new_value = constant_replace( trim( $t_split[1], " \t\n\r\0\x0B\"'" ) );
119 $t_value[ $t_new_key ] = $t_new_value;
120 } else {
121 // regular array
122 $t_value[ $key ] = constant_replace( trim( $value, " \t\n\r\0\x0B\"'" ) );
123 }
124 }
125 } else {
126 // scalar value
127 $t_value = constant_replace( trim( $t_full_string ) );
128 }
129 }
130
131 config_set( $f_config_option, $t_value, $f_user_id, $f_project_id );
132
133 form_security_purge( 'adm_config_set' );
134
135 print_successful_redirect( 'adm_config_report.php' );
136
137
138 /**
139 * Check if the passed string is a constant and return its value
140 */
141 function constant_replace( $p_name ) {
142 $t_result = $p_name;
143 if ( is_string( $p_name ) && defined( $p_name ) ) {
144 // we have a constant
145 $t_result = constant( $p_name );
146 }
147 return $t_result;
148 }