From 6302f2ab745331d70539469d0adb601f561a72ad Mon Sep 17 00:00:00 2001 From: Erwann PENET Date: Thu, 20 Apr 2017 21:27:14 +0200 Subject: [PATCH 1/8] db_query_bound fixes --- TimeTracking/TimeTracking.php | 18 +++-- TimeTracking/core/timetracking_api.php | 92 +++++++++++++------------- TimeTracking/pages/add_record.php | 9 ++- TimeTracking/pages/delete_record.php | 10 +-- 4 files changed, 68 insertions(+), 61 deletions(-) diff --git a/TimeTracking/TimeTracking.php b/TimeTracking/TimeTracking.php index 1171848..1b17170 100644 --- a/TimeTracking/TimeTracking.php +++ b/TimeTracking/TimeTracking.php @@ -25,7 +25,7 @@ function register() { $this->description = 'Time tracking plugin that supports entering date worked, time and notes. Also includes limited permissions per user.'; $this->page = 'config_page'; - $this->version = '1.0.5'; + $this->version = '1.1.0'; $this->requires = array( 'MantisCore' => '1.2.0' ); @@ -63,25 +63,29 @@ function init() { * @param int Bug ID */ function view_bug_time( $p_event, $p_bug_id ) { - $table = plugin_table('data'); + $t_table = plugin_table('data'); $t_user_id = auth_get_current_user_id(); # Pull all Time-Record entries for the current Bug if( access_has_bug_level( plugin_config_get( 'view_others_threshold' ), $p_bug_id ) ) { - $query_pull_timerecords = "SELECT * FROM $table WHERE bug_id = $p_bug_id ORDER BY timestamp DESC"; + db_param_push(); + $query_pull_timerecords = 'SELECT * FROM '.$t_table.' WHERE bug_id = ' . db_param() . ' ORDER BY timestamp DESC'; + $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($p_bug_id) ); } else if( access_has_bug_level( plugin_config_get( 'admin_own_threshold' ), $p_bug_id ) ) { - $query_pull_timerecords = "SELECT * FROM $table WHERE bug_id = $p_bug_id and user = $t_user_id ORDER BY timestamp DESC"; + db_param_push(); + $query_pull_timerecords = 'SELECT * FROM '.$t_table.' WHERE bug_id = ' . db_param() . ' AND user = ' . db_param() . ' ORDER BY timestamp DESC'; + $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($p_bug_id,$t_user_id) ); } else { // User has no access return; } - $result_pull_timerecords = db_query( $query_pull_timerecords ); $num_timerecords = db_num_rows( $result_pull_timerecords ); # Get Sum for this bug - $query_pull_hours = "SELECT SUM(hours) as hours FROM $table WHERE bug_id = $p_bug_id"; - $result_pull_hours = db_query( $query_pull_hours ); + db_param_push(); + $t_query_pull_hours = 'SELECT SUM(hours) as hours FROM '.$t_table.' WHERE bug_id = '.db_param(); + $result_pull_hours = db_query_bound( $t_query_pull_hours, array($p_bug_id) ); $row_pull_hours = db_fetch_array( $result_pull_hours ); ?> diff --git a/TimeTracking/core/timetracking_api.php b/TimeTracking/core/timetracking_api.php index 1c3893c..d0f5d9e 100644 --- a/TimeTracking/core/timetracking_api.php +++ b/TimeTracking/core/timetracking_api.php @@ -8,52 +8,54 @@ * @access public */ function plugin_TimeTracking_stats_get_project_array( $p_project_id, $p_from, $p_to) { -$c_project_id = db_prepare_int( $p_project_id ); -$c_to = "'" . date("Y-m-d", strtotime("$p_to")+ SECONDS_PER_DAY - 1) . "'"; -$c_from = "'" . $p_from . "'"; //strtotime( $p_from ) -if ( $c_to === false || $c_from === false ) { -error_parameters( array( $p_form, $p_to ) ); -trigger_error( ERROR_GENERIC, ERROR ); -} -$t_timereport_table = plugin_table('data', 'TimeTracking'); -$t_bug_table = db_get_table( 'mantis_bug_table' ); -$t_user_table = db_get_table( 'mantis_user_table' ); -$t_project_table = db_get_table( 'mantis_project_table' ); + $c_project_id = db_prepare_int( $p_project_id ); + $c_to = "'" . date("Y-m-d", strtotime("$p_to")+ SECONDS_PER_DAY - 1) . "'"; + $c_from = "'" . $p_from . "'"; //strtotime( $p_from ) + if ( $c_to === false || $c_from === false ) { + error_parameters( array( $p_form, $p_to ) ); + trigger_error( ERROR_GENERIC, ERROR ); + } + $t_timereport_table = plugin_table('data', 'TimeTracking'); + $t_bug_table = db_get_table( 'mantis_bug_table' ); + $t_user_table = db_get_table( 'mantis_user_table' ); + $t_project_table = db_get_table( 'mantis_project_table' ); -if( !is_blank( $c_from ) ) { -$t_from_where = " AND expenditure_date >= $c_from"; -} else { -$t_from_where = ''; -} -if( !is_blank( $c_to ) ) { -$t_to_where = " AND expenditure_date <= $c_to"; -} else { -$t_to_where = ''; -} -if( ALL_PROJECTS != $c_project_id ) { -$t_project_where = " AND b.project_id = '$c_project_id' "; -} else { -$t_project_where = ''; -} -if ( !access_has_global_level( plugin_config_get( 'view_others_threshold' ) ) ){ -$t_user_id = auth_get_current_user_id(); -$t_user_where = " AND user = '$t_user_id' "; -} else { -$t_user_where = ''; -} + $t_query = 'SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, category, info + FROM '.$t_timereport_table.' tr + LEFT JOIN '.$t_bug_table.' b ON tr.bug_id=b.id + LEFT JOIN '.$t_user_table.' u ON tr.user=u.id + LEFT JOIN '.$t_project_table.' p ON p.id = b.project_id + WHERE 1=1 '; -$t_results = array(); -$query = "SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, info -FROM $t_timereport_table tr, $t_bug_table b, $t_user_table u, $t_project_table p -WHERE tr.bug_id=b.id and tr.user=u.id AND p.id = b.project_id -$t_project_where $t_from_where $t_to_where $t_user_where -ORDER BY user, expenditure_date, bug_id"; + db_param_push(); + $t_query_parameters = array(); -$result = db_query( $query ); -while( $row = db_fetch_array( $result ) ) { -$t_results[] = $row; -} -return $t_results; + if( !is_blank( $c_from ) ) { + $t_query .= " AND expenditure_date >= " . db_param(); + $t_query_parameters[] = $c_from; + } + if( !is_blank( $c_to ) ) { + $t_query .= " AND expenditure_date <= " . db_param(); + $t_query_parameters[] = $c_to; + } + if( ALL_PROJECTS != $c_project_id ) { + $t_query .= " AND b.project_id = " . db_param(); + $t_query_parameters[] = $c_project_id; + } + if ( !access_has_global_level( plugin_config_get( 'view_others_threshold' ) ) ){ + $t_user_id = auth_get_current_user_id(); + $t_query .= " AND user = " . db_param(); + $t_query_parameters[] = $t_user_id; + } + $t_query .= ' ORDER BY user, expenditure_date, bug_id'; + + $t_results = array(); + + $result = db_query_bound( $t_query, $t_query_parameters ); + while( $row = db_fetch_array( $result ) ) { + $t_results[] = $row; + } + return $t_results; } /** @@ -65,7 +67,7 @@ function plugin_TimeTracking_stats_get_project_array( $p_project_id, $p_from, $p * @access public */ function plugin_TimeTracking_hhmm_to_minutes( $p_hhmm) { -sscanf($p_hhmm, "%d:%d", $hours, $minutes); -return $hours * 60 + $minutes; + sscanf($p_hhmm, "%d:%d", $hours, $minutes); + return $hours * 60 + $minutes; } ?> \ No newline at end of file diff --git a/TimeTracking/pages/add_record.php b/TimeTracking/pages/add_record.php index 71e25ec..52e0c96 100644 --- a/TimeTracking/pages/add_record.php +++ b/TimeTracking/pages/add_record.php @@ -47,13 +47,12 @@ $now = date("Y-m-d G:i:s"); $expend = date("Y-m-d", strtotime("$f_year-$f_month-$f_day")); + db_param_push(); $table = plugin_table('data', 'TimeTracking'); - $query = "INSERT INTO $table ( user, bug_id, expenditure_date, hours, timestamp, info ) - VALUES ( '$user', '$f_bug_id', '$expend', '$t_time_value', '$now', '$t_time_info')"; + $query = 'INSERT INTO '.$table .' ( user, bug_id, expenditure_date, hours, timestamp, info ) + VALUES ( '.db_param().','.db_param().','.db_param().','.db_param().','.db_param().','.db_param().')'; - if(!db_query($query)){ - trigger_error( ERROR_DB_QUERY_FAILED, ERROR ); - } + db_query_bound($query, array($t_user, $f_bug_id, $t_expend, $t_time_value, $t_now, $f_time_info)); # Event is logged in the project history_log_event_direct( $bug_id, plugin_lang_get( 'history' ), "$f_day.$f_month.$f_year: $t_time_value h.", "set", $user ); diff --git a/TimeTracking/pages/delete_record.php b/TimeTracking/pages/delete_record.php index 10162c2..20258e6 100644 --- a/TimeTracking/pages/delete_record.php +++ b/TimeTracking/pages/delete_record.php @@ -25,8 +25,9 @@ $f_delete_id = gpc_get_int( 'delete_id' ); $table = plugin_table('data', 'TimeTracking'); - $query_pull_timerecords = "SELECT * FROM $table WHERE id = $f_delete_id ORDER BY timestamp DESC"; - $result_pull_timerecords = db_query($query_pull_timerecords); + db_param_push(); + $query_pull_timerecords = 'SELECT * FROM '.$table.' WHERE id = '.db_param().' ORDER BY timestamp DESC'; + $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($f_delete_id) ); $row = db_fetch_array( $result_pull_timerecords ); $t_user_id = auth_get_current_user_id(); @@ -35,8 +36,9 @@ } else { access_ensure_bug_level( plugin_config_get( 'admin_threshold' ), $f_bug_id ); } - $query_delete = "DELETE FROM $table WHERE id = $f_delete_id"; - db_query($query_delete); + db_param_push(); + $query_delete = 'DELETE FROM '.$table.' WHERE id = '.db_param(); + db_query_bound( $query_delete, array($f_delete_id) ); history_log_event_direct( $f_bug_id, plugin_lang_get( 'history' ). " " . plugin_lang_get('deleted'), date( config_get("short_date_format"), strtotime($row["expenditure_date"])) . ": " . number_format($row["hours"], 2, ',', '.') . " h.", "deleted", $user ); From d64b0a8ba10f90f15fcc7f0bc45526a428ee3076 Mon Sep 17 00:00:00 2001 From: Erwann PENET Date: Mon, 24 Apr 2017 11:22:56 +0200 Subject: [PATCH 2/8] db_query_bound fixes --- TimeTracking/TimeTracking.php | 6 +++--- TimeTracking/core/timetracking_api.php | 2 +- TimeTracking/pages/add_record.php | 2 +- TimeTracking/pages/delete_record.php | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/TimeTracking/TimeTracking.php b/TimeTracking/TimeTracking.php index 1b17170..5921894 100644 --- a/TimeTracking/TimeTracking.php +++ b/TimeTracking/TimeTracking.php @@ -70,11 +70,11 @@ function view_bug_time( $p_event, $p_bug_id ) { if( access_has_bug_level( plugin_config_get( 'view_others_threshold' ), $p_bug_id ) ) { db_param_push(); $query_pull_timerecords = 'SELECT * FROM '.$t_table.' WHERE bug_id = ' . db_param() . ' ORDER BY timestamp DESC'; - $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($p_bug_id) ); + $result_pull_timerecords = db_query( $query_pull_timerecords, array($p_bug_id) ); } else if( access_has_bug_level( plugin_config_get( 'admin_own_threshold' ), $p_bug_id ) ) { db_param_push(); $query_pull_timerecords = 'SELECT * FROM '.$t_table.' WHERE bug_id = ' . db_param() . ' AND user = ' . db_param() . ' ORDER BY timestamp DESC'; - $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($p_bug_id,$t_user_id) ); + $result_pull_timerecords = db_query( $query_pull_timerecords, array($p_bug_id,$t_user_id) ); } else { // User has no access return; @@ -85,7 +85,7 @@ function view_bug_time( $p_event, $p_bug_id ) { # Get Sum for this bug db_param_push(); $t_query_pull_hours = 'SELECT SUM(hours) as hours FROM '.$t_table.' WHERE bug_id = '.db_param(); - $result_pull_hours = db_query_bound( $t_query_pull_hours, array($p_bug_id) ); + $result_pull_hours = db_query( $t_query_pull_hours, array($p_bug_id) ); $row_pull_hours = db_fetch_array( $result_pull_hours ); ?> diff --git a/TimeTracking/core/timetracking_api.php b/TimeTracking/core/timetracking_api.php index d0f5d9e..f0bb21d 100644 --- a/TimeTracking/core/timetracking_api.php +++ b/TimeTracking/core/timetracking_api.php @@ -51,7 +51,7 @@ function plugin_TimeTracking_stats_get_project_array( $p_project_id, $p_from, $p $t_results = array(); - $result = db_query_bound( $t_query, $t_query_parameters ); + $result = db_query( $t_query, $t_query_parameters ); while( $row = db_fetch_array( $result ) ) { $t_results[] = $row; } diff --git a/TimeTracking/pages/add_record.php b/TimeTracking/pages/add_record.php index 52e0c96..453e29b 100644 --- a/TimeTracking/pages/add_record.php +++ b/TimeTracking/pages/add_record.php @@ -52,7 +52,7 @@ $query = 'INSERT INTO '.$table .' ( user, bug_id, expenditure_date, hours, timestamp, info ) VALUES ( '.db_param().','.db_param().','.db_param().','.db_param().','.db_param().','.db_param().')'; - db_query_bound($query, array($t_user, $f_bug_id, $t_expend, $t_time_value, $t_now, $f_time_info)); + db_query($query, array($t_user, $f_bug_id, $t_expend, $t_time_value, $t_now, $f_time_info)); # Event is logged in the project history_log_event_direct( $bug_id, plugin_lang_get( 'history' ), "$f_day.$f_month.$f_year: $t_time_value h.", "set", $user ); diff --git a/TimeTracking/pages/delete_record.php b/TimeTracking/pages/delete_record.php index 20258e6..6522dae 100644 --- a/TimeTracking/pages/delete_record.php +++ b/TimeTracking/pages/delete_record.php @@ -27,7 +27,7 @@ $table = plugin_table('data', 'TimeTracking'); db_param_push(); $query_pull_timerecords = 'SELECT * FROM '.$table.' WHERE id = '.db_param().' ORDER BY timestamp DESC'; - $result_pull_timerecords = db_query_bound( $query_pull_timerecords, array($f_delete_id) ); + $result_pull_timerecords = db_query( $query_pull_timerecords, array($f_delete_id) ); $row = db_fetch_array( $result_pull_timerecords ); $t_user_id = auth_get_current_user_id(); @@ -38,7 +38,7 @@ } db_param_push(); $query_delete = 'DELETE FROM '.$table.' WHERE id = '.db_param(); - db_query_bound( $query_delete, array($f_delete_id) ); + db_query( $query_delete, array($f_delete_id) ); history_log_event_direct( $f_bug_id, plugin_lang_get( 'history' ). " " . plugin_lang_get('deleted'), date( config_get("short_date_format"), strtotime($row["expenditure_date"])) . ": " . number_format($row["hours"], 2, ',', '.') . " h.", "deleted", $user ); From cc4886b2042be569307b29930881ec7300cec29f Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Fri, 28 Apr 2017 23:08:20 +0200 Subject: [PATCH 3/8] Update mantis requered version Set required mantis core version v1.3 --- TimeTracking/TimeTracking.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TimeTracking/TimeTracking.php b/TimeTracking/TimeTracking.php index 5921894..84a4311 100644 --- a/TimeTracking/TimeTracking.php +++ b/TimeTracking/TimeTracking.php @@ -27,12 +27,12 @@ function register() { $this->version = '1.1.0'; $this->requires = array( - 'MantisCore' => '1.2.0' + 'MantisCore' => '1.3.0' ); $this->author = 'Michael Baker'; $this->contact = 'mykbaker@gmail.com'; - $this->url = ''; + $this->url = 'https://github.com/mantisbt-plugins/timetracking'; } function hooks() { From afc124540bc7e9ef6e18c4089f6d6b3e7000e1c3 Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Fri, 28 Apr 2017 23:24:45 +0200 Subject: [PATCH 4/8] Fix variable names --- TimeTracking/pages/add_record.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/TimeTracking/pages/add_record.php b/TimeTracking/pages/add_record.php index 453e29b..95f1c06 100644 --- a/TimeTracking/pages/add_record.php +++ b/TimeTracking/pages/add_record.php @@ -32,8 +32,7 @@ # Current UserID $user = auth_get_current_user_id(); - $t_time_info = db_prepare_string($f_time_info); - + # Work on Time-Entry so we can eval it $t_time_value = plugin_TimeTracking_hhmm_to_minutes($f_time_value); $t_time_value = doubleval($t_time_value / 60); @@ -47,15 +46,15 @@ $now = date("Y-m-d G:i:s"); $expend = date("Y-m-d", strtotime("$f_year-$f_month-$f_day")); - db_param_push(); + db_param_push(); $table = plugin_table('data', 'TimeTracking'); $query = 'INSERT INTO '.$table .' ( user, bug_id, expenditure_date, hours, timestamp, info ) VALUES ( '.db_param().','.db_param().','.db_param().','.db_param().','.db_param().','.db_param().')'; - db_query($query, array($t_user, $f_bug_id, $t_expend, $t_time_value, $t_now, $f_time_info)); + db_query($query, array($user, $f_bug_id, $expend, $t_time_value, $now, $f_time_info)); # Event is logged in the project - history_log_event_direct( $bug_id, plugin_lang_get( 'history' ), "$f_day.$f_month.$f_year: $t_time_value h.", "set", $user ); + history_log_event_direct( $f_bug_id, plugin_lang_get( 'history' ), "$f_day.$f_month.$f_year: $t_time_value h.", "set", $user ); form_security_purge( 'plugin_TimeTracking_add_record'); From e38f24d963104d31e8778d135d06d7cfbb5a579e Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Fri, 28 Apr 2017 23:28:11 +0200 Subject: [PATCH 5/8] Fix closing tag --- TimeTracking/TimeTracking.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TimeTracking/TimeTracking.php b/TimeTracking/TimeTracking.php index 84a4311..2e49393 100644 --- a/TimeTracking/TimeTracking.php +++ b/TimeTracking/TimeTracking.php @@ -91,7 +91,7 @@ function view_bug_time( $p_event, $p_bug_id ) { ?> -
+
Date: Sat, 29 Apr 2017 00:03:11 +0200 Subject: [PATCH 6/8] Fix plugin_requere_api includes --- TimeTracking/TimeTracking.php | 3 +-- TimeTracking/pages/add_record.php | 1 - TimeTracking/pages/show_report.php | 3 --- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/TimeTracking/TimeTracking.php b/TimeTracking/TimeTracking.php index 2e49393..b2fb8be 100644 --- a/TimeTracking/TimeTracking.php +++ b/TimeTracking/TimeTracking.php @@ -52,8 +52,7 @@ function config() { } function init() { - $t_path = config_get_global('plugin_path' ). plugin_get_current() . DIRECTORY_SEPARATOR . 'core' . DIRECTORY_SEPARATOR; - set_include_path(get_include_path() . PATH_SEPARATOR . $t_path); + plugin_require_api( 'core/timetracking_api.php' ); } diff --git a/TimeTracking/pages/add_record.php b/TimeTracking/pages/add_record.php index 95f1c06..2664080 100644 --- a/TimeTracking/pages/add_record.php +++ b/TimeTracking/pages/add_record.php @@ -18,7 +18,6 @@ 2005 by Elmar Schumacher - GAMBIT Consulting GmbH http://www.mantisbt.org/forums/viewtopic.php?f=4&t=589 */ - require_once( 'timetracking_api.php' ); form_security_validate( 'plugin_TimeTracking_add_record' ); $f_bug_id = gpc_get_int( 'bug_id' ); diff --git a/TimeTracking/pages/show_report.php b/TimeTracking/pages/show_report.php index e34016f..c312eeb 100644 --- a/TimeTracking/pages/show_report.php +++ b/TimeTracking/pages/show_report.php @@ -1,8 +1,5 @@ date_submitted ) : $t_today; From ccbf35df91986a67de3b42aa36c084b01934136e Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Sat, 29 Apr 2017 00:11:01 +0200 Subject: [PATCH 7/8] Fix report query --- TimeTracking/core/timetracking_api.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/TimeTracking/core/timetracking_api.php b/TimeTracking/core/timetracking_api.php index f0bb21d..b8d2e6f 100644 --- a/TimeTracking/core/timetracking_api.php +++ b/TimeTracking/core/timetracking_api.php @@ -9,8 +9,8 @@ */ function plugin_TimeTracking_stats_get_project_array( $p_project_id, $p_from, $p_to) { $c_project_id = db_prepare_int( $p_project_id ); - $c_to = "'" . date("Y-m-d", strtotime("$p_to")+ SECONDS_PER_DAY - 1) . "'"; - $c_from = "'" . $p_from . "'"; //strtotime( $p_from ) + $c_to = date("Y-m-d", strtotime($p_to)+ SECONDS_PER_DAY - 1); + $c_from = date("Y-m-d", strtotime($p_from)); if ( $c_to === false || $c_from === false ) { error_parameters( array( $p_form, $p_to ) ); trigger_error( ERROR_GENERIC, ERROR ); @@ -20,11 +20,11 @@ function plugin_TimeTracking_stats_get_project_array( $p_project_id, $p_from, $p $t_user_table = db_get_table( 'mantis_user_table' ); $t_project_table = db_get_table( 'mantis_project_table' ); - $t_query = 'SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, category, info + $t_query = 'SELECT u.username, p.name as project_name, bug_id, expenditure_date, hours, timestamp, info FROM '.$t_timereport_table.' tr - LEFT JOIN '.$t_bug_table.' b ON tr.bug_id=b.id - LEFT JOIN '.$t_user_table.' u ON tr.user=u.id - LEFT JOIN '.$t_project_table.' p ON p.id = b.project_id + LEFT JOIN {bug} b ON tr.bug_id=b.id + LEFT JOIN {user} u ON tr.user=u.id + LEFT JOIN {project} p ON p.id = b.project_id WHERE 1=1 '; db_param_push(); From 03d59fd6dc1bb2b8c5b15ed23087b7616b1a3544 Mon Sep 17 00:00:00 2001 From: Carlos Proensa Date: Sat, 29 Apr 2017 00:15:52 +0200 Subject: [PATCH 8/8] Update readme --- README | 0 readme.md | 4 ++++ 2 files changed, 4 insertions(+) delete mode 100644 README create mode 100644 readme.md diff --git a/README b/README deleted file mode 100644 index e69de29..0000000 diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..b8d3e4a --- /dev/null +++ b/readme.md @@ -0,0 +1,4 @@ +Time Tracking Plugin for MantisBT +================================= + +version 1.1 has been made compatible with MantisBT v1.3.x \ No newline at end of file