mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/webtools/update/developers/additem.php

778 строки
32 KiB
PHP
Executable File
Исходник Ответственный История

<?php
require"../core/config.php";
require"core/sessionconfig.php";
$function = $_GET["function"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
<HTML>
<HEAD>
<TITLE>Mozilla Update :: Developer Control Panel :: Add Item</TITLE>
<?php
include"$page_header";
include"inc_sidebar.php";
include"parse_install_manifest.php";
?>
<?php
if (!$function or $function=="additem") {
if (!$_GET["type"]) {$_GET["type"] = "E"; }
$typearray = array("E"=>"Extension","T"=>"Theme");
$typename = $typearray[$_GET["type"]];
?>
<h1>Add New <?php echo"$typename"; ?></h1>
<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN=CENTER STYLE="border: solid 0px #000000; width: 100%">
<FORM NAME="additem" METHOD="POST" ACTION="?function=additem2" enctype="multipart/form-data">
<INPUT NAME="type" TYPE="hidden" VALUE="<?php echo"$_GET[type]"; ?>">
<TR><TD style="padding-left: 20px">
Your <?php echo"$typename"?> File:<BR>
<INPUT NAME="file" SIZE=40 TYPE="FILE"><BR>
<BR>
<INPUT NAME="button" TYPE="BUTTON" VALUE="Cancel" onclick="javascript:history.back()"> <INPUT NAME="submit" TYPE="SUBMIT" VALUE="Next &#187;">
</TD></TR>
</FORM>
</TABLE>
<?php
} else if ($function=="additem2") {
$filename=$_FILES['file']['name'];
$filetype=$_FILES['file']['type'];
$filesize=$_FILES['file']['size'];
$uploadedfile=$_FILES['file']['tmp_name'];
$status=$_FILES['file']['error'];
//Convert File-Size to Kilobytes
$filesize = round($filesize/1024, 1);
//Status
if ($status==0) {$statusresult="Success!";
} else if ($status==1) {$statusresult="Error: File Exceeds upload_max_filesize (PHP)";
} else if ($status==2) {$statusresult="Error: File Exceeds max_file_size (HTML)";
} else if ($status==3) {$statusresult="Error: File Incomplete, Partial File Received";
} else if ($status==4) {$statusresult="Error: No File Was Uploaded";
}
$manifest_exists = "FALSE";
$destination = "$repositorypath/temp/$filename";
if (move_uploaded_file($uploadedfile, $destination)) {
$uploadedfile = $destination;
$chmod_result = chmod("$uploadedfile", 0644); //Make the file world readable. prevent nasty permissions issues.
}
//If this was legacy mode, we're coming back from step1b so the file wasn't just submitted and we need to just pick it up again.
if ($_POST["legacy"]=="TRUE") {
$filename = escape_string($_POST["filename"]);
$filesize = escape_string($_POST["filesize"]);
$uploadedfile="$repositorypath/temp/$filename";
}
$zip = @zip_open("$uploadedfile");
if ($zip) {
while ($zip_entry = zip_read($zip)) {
if (zip_entry_name($zip_entry)=="install.rdf") {
$manifest_exists = "TRUE";
// echo "Name: " . zip_entry_name($zip_entry) . "\n";
// echo "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\n";
// echo "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\n";
// echo "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\n";
if (zip_entry_open($zip, $zip_entry, "r")) {
// echo "File Contents:\n";
$buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry));
// echo "$buf\n";
zip_entry_close($zip_entry);
}
echo "\n";
}
}
zip_close($zip);
}
if ($manifest_exists=="TRUE" or $_POST["legacy"]=="TRUE") {
//echo"install.rdf is present, use standard mode...<BR>\n";
//------------------
// Construct $manifestdata[] array from install.rdf info.
//-------------------
$manifestdata = parse_install_manifest($buf);
if(is_null($manifestdata)) {
echo"Errors were encountered during install.rdf parsing...<br>\n";
die("Aborting...");
}
// this is a temporary function
// until we support multiple locales for
// name / description
function default_l10n($array)
{
if($array["en-US"]) {
return $array["en-US"];
}
else {
foreach($array as $val) {
return $val;
}
}
return "";
}
//echo"<h1>Adding Extension... Checking file...</h1>\n";
//echo"<pre>"; print_r($manifestdata); echo"</pre>\n";
//Populate Form Variables from manifestdata.
$id = $manifestdata["id"];
$version = $manifestdata["version"];
$homepage = $manifestdata["homepageURL"];
// $names, $descriptions are arrays keyed by locale
$names = $manifestdata["name"];
$descriptions = $manifestdata["description"];
//TODO: support multiple locale names/descriptions
// right now we just use en-US or the first one
$name = default_l10n($names);
$description = default_l10n($descriptions);
//Check GUID for validity/existance, if it exists, check the logged in author for permission
$sql = "SELECT ID, GUID from `main` WHERE `GUID` = '".escape_string($manifestdata[id])."' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result)=="1") {
// echo"This is a updated extension... Checking author data...<br>\n";
$mode = "update";
$row = mysql_fetch_array($sql_result);
$item_id = $row["ID"];
if ($_POST["legacy"]=="TRUE") {
if ($_POST["mode"]=="update") {
$item_id = escape_string($_POST["existingitems"]);
} else {
$item_id="";
}
}
$sql = "SELECT `UserID` from `authorxref` WHERE `ID`='$item_id' AND `UserID` = '$_SESSION[uid]' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result)=="1" or ($_SESSION["level"]=="admin" or $_SESSION["level"]=="editor")) {
// echo"This extension belongs to the author logged in<br>\n";
} else {
echo"ERROR!! This extension does NOT belong to the author logged in.<br>\n";
die("Terminating...");
}
} else {
$mode = "new";
// echo"This is a new extension...<br>\n";
}
//Verify MinAppVer and MaxAppVer per app for validity, if they're invalid, reject the file.
if ($_POST["legacy"]=="TRUE" AND !$manifestdata["targetApplication"]) {$manifestdata["targetApplication"]=array(); }
foreach ($manifestdata["targetApplication"] as $key=>$val) {
$esckey = escape_string($key);
$i=0;
$sql = "SELECT `AppName`, `major`, `minor`, `release`, `SubVer` FROM `applications` WHERE `GUID`='$esckey' ORDER BY `major` DESC, `minor` DESC, `release` DESC, `SubVer` DESC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$i++;
$appname = $row["AppName"];
$subver = $row["SubVer"];
$release = $row["major"] . "." . $row["minor"];
if ($row["release"]) {$release = "$release." . $row["release"];}
if ($subver !=="final") {$release="$release$subver";}
if ($release == $val["minVersion"]) { $versioncheck[$key]["minVersion_valid"] = "true"; }
if ($release == $val["maxVersion"]) { $versioncheck[$key]["maxVersion_valid"] = "true"; }
}
if (!$versioncheck[$key]["minVersion_valid"]) {
$versioncheck[$key]["minVersion_valid"]="false";
echo"Error! The MinAppVer for $appname of " . $val["minVersion"] . " in install.rdf is invalid.<br>\n";
$versioncheck["errors"]="true";
}
if (!$versioncheck[$key]["maxVersion_valid"]) {
$versioncheck[$key]["maxVersion_valid"]="false";
echo"Error! The MaxAppVer for $appname of ". $val["maxVersion"] . " in install.rdf is invalid.<br>\n";
$versioncheck["errors"]="true";
}
}
if ($versioncheck["errors"]=="true") {
echo"Errors were encountered during install.rdf checking...<br>\n";
die("Aborting...");
} else {
// echo"install.rdf minAppVer and maxAppVer valid...<br>\n";
}
} else {
echo"<h1>Add Step 1b: Legacy Item Data Entry: ($filename)</h1>\n";
?>
<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN=CENTER STYLE="border: solid 0px #000000; width: 100%">
<FORM NAME="additem" METHOD="POST" ACTION="?function=additem2" enctype="multipart/form-data">
<INPUT NAME="type" TYPE="hidden" VALUE="<?php echo"$_POST[type]"; ?>">
<TR><TD style="padding-left: 20px">
<INPUT NAME="legacy" TYPE="HIDDEN" VALUE="TRUE">
<INPUT NAME="mode" TYPE="RADIO" VALUE="new"<?php if ($_GET["mode"] != "update") {echo" CHECKED"; }?>> New <?php echo"$typename"; ?><br>
<INPUT NAME="mode" TYPE="RADIO" VALUE="update"<?php if ($_GET["mode"] == "update") {echo" CHECKED"; } ?>> Update to:
<SELECT NAME="existingitems">
<?php
$type = escape_string($_POST["type"]);
$sql = "SELECT TM.ID, TM.Name FROM `main` TM
LEFT JOIN authorxref TAX ON TM.ID = TAX.ID
INNER JOIN userprofiles TU ON TAX.UserID = TU.UserID
WHERE TM.Type = '$type'";
if ($_SESSION["level"] =="editor" OR $_SESSION["level"] =="admin") {} else { $sql .= "AND TU.UserEmail = '$_SESSION[email]'"; }
$sql .="GROUP BY `name` ORDER BY `Name` ASC ";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$id = $row["ID"];
$name = $row["Name"];
echo"<OPTION value=\"$id\""; if ($_GET[id]==$id) {echo" SELECTED"; } echo">$name</OPTION>\n";
}
?>
</SELECT><BR>
Your file: <?php echo"$filename"; ?> <INPUT name="filename" TYPE=HIDDEN VALUE="<?php echo"$filename"; ?>"> <INPUT name="filesize" TYPE=HIDDEN VALUE="<?php echo"$filesize"; ?>">
<BR>
<INPUT NAME="button" TYPE="BUTTON" VALUE="&#171;&nbsp;Back" onclick="javascript:history.back()"> <INPUT NAME="submit" TYPE="SUBMIT" VALUE="Next &#187;">
</TD></TR>
</FORM>
</TABLE>
<?php
exit;
}
$typearray = array("E"=>"Extension","T"=>"Theme");
$type = escape_string($_POST["type"]);
$typename = $typearray[$type];
if ($mode=="update") {
$sql = "SELECT `Name`, `Homepage`, `Description` FROM `main` WHERE `ID` = '$item_id' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
if (!$name) { $name=$row["Name"]; }
$homepage = $row["Homepage"];
$description = $row["Description"];
$authors = ""; $i="";
$sql = "SELECT TU.UserEmail FROM `authorxref` TAX INNER JOIN userprofiles TU ON TAX.UserID = TU.UserID WHERE `ID` = '$item_id'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$numresults = mysql_num_rows($sql_result);
while ($row = mysql_fetch_array($sql_result)) {
$i++;
$email = $row["UserEmail"];
$authors .= "$email";
if ($i < $numresults) { $authors .=", "; }
}
//Get Currently Set Categories for this Object...
$sql = "SELECT TCX.CategoryID, TC.CatName FROM `categoryxref` TCX
INNER JOIN categories TC ON TCX.CategoryID = TC.CategoryID
WHERE TCX.ID = '$item_id'
ORDER BY `CatName` ASC ";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$n++;
$catid = $row["CategoryID"];
$categories[$n] = $catid;
}
unset($n);
}
if (!$categories) {$categories = array(); }
?>
<h1>Add New <?php echo"$typename"; ?> &#187;&#187; Step 2:</h2>
<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN=CENTER STYLE="border: solid 0px #000000; width: 100%">
<FORM NAME="addstep2" METHOD="POST" ACTION="?function=additem3">
<INPUT NAME="mode" TYPE="HIDDEN" VALUE="<?php echo"$mode"; ?>">
<?php if ($mode=="update") { ?>
<INPUT NAME="item_id" TYPE="HIDDEN" VALUE="<?php echo"$item_id"; ?>">
<?php } ?>
<INPUT NAME="guid" TYPE="HIDDEN" VALUE="<?php echo"$id"; ?>">
<INPUT NAME="type" TYPE="HIDDEN" VALUE="<?php echo"$type"; ?>">
<TR><TD><SPAN class="global">Name*</SPAN></TD> <TD><INPUT NAME="name" TYPE="TEXT" VALUE="<?php echo"$name"; ?>" SIZE=45 MAXLENGTH=100></TD>
<?php
//Get the Category Table Data for the Select Box
$sql = "SELECT `CategoryID`, `CatName` FROM `categories` WHERE `CatType` = '$type' GROUP BY `Catname` ORDER BY `CatName` ASC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
?>
<TD ROWSPAN=8 VALIGN=TOP><SPAN class="global">Categories:</SPAN><BR>&nbsp;&nbsp;&nbsp;&nbsp;<SELECT NAME="categories[]" MULTIPLE="YES" SIZE="10">
<?php
while ($row = mysql_fetch_array($sql_result)) {
$catid = $row["CategoryID"];
$catname = $row["CatName"];
echo"<OPTION value=\"$catname\"";
foreach ($categories as $validcat) {
if ($validcat==$catid) { echo" SELECTED"; }
}
echo">$catname</OPTION>\n";
}
?>
</SELECT></TD></TR>
<?php
if (!$authors) {$authors="$_SESSION[email]"; }
?>
<TR><TD><SPAN class="global">Author(s):*</SPAN></TD><TD><INPUT NAME="authors" TYPE="TEXT" VALUE="<?php echo"$authors"; ?>" SIZE=45></TD></TR>
<?php
if ($version) {
echo"<TR><TD><SPAN class=\"file\">Version:*</SPAN></TD><TD>$version<INPUT NAME=\"version\" TYPE=\"HIDDEN\" VALUE=\"$version\"></TD></TR>\n";
} else {
echo"<TR><TD><SPAN class=\"file\">Version:*</SPAN></TD><TD><INPUT NAME=\"version\" TYPE=\"TEXT\" VALUE=\"$version\"></TD></TR>\n";
}
echo"<TR><TD><SPAN class=\"file\">OS*</SPAN></TD><TD><SELECT NAME=\"osid\">";
$sql = "SELECT * FROM `os` ORDER BY `OSName` ASC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$osid = $row["OSID"];
$osname = $row["OSName"];
echo"<OPTION value=\"$osid\">$osname</OPTION>\n";
}
echo"</SELECT></TD></TR>\n";
echo"<TR><TD><SPAN class=\"file\">Filename:</SPAN></TD><TD>$filename ($filesize"."kb) <INPUT name=\"filename\" type=\"hidden\" value=\"$filename\"><INPUT name=\"filesize\" type=\"hidden\" value=\"$filesize\"></TD></TR>\n";
echo"<TR><TD COLSPAN=2><SPAN class=\"file\">Target Application(s):</SPAN></TD></TR>\n";
$sql2 = "SELECT `AppName`,`GUID` FROM `applications` GROUP BY `AppName` ORDER BY `AppName` ASC";
$sql_result2 = mysql_query($sql2, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row2 = mysql_fetch_array($sql_result2)) {
$appname = $row2["AppName"];
$guid = $row2["GUID"];
if ($appname == "Mozilla") { $mozguid = $guid; }
$minappver = $manifestdata["targetApplication"]["$guid"]["minVersion"];
$maxappver = $manifestdata["targetApplication"]["$guid"]["maxVersion"];
echo"<TR><TD></TD><TD>$appname ";
if (($mode=="new" or $mode=="update") and (strtolower($appname) !="mozilla" or $manifestdata["targetApplication"]["$mozguid"])) {
//Based on Extension Manifest (New Mode)
if ($minappver and $maxappver) {
echo"$minappver - $maxappver\n";
echo"<INPUT name=\"$appname-minappver\" TYPE=\"HIDDEN\" VALUE=\"$minappver\">\n";
echo"<INPUT name=\"$appname-maxappver\" TYPE=\"HIDDEN\" VALUE=\"$maxappver\">\n";
} else {
echo"N/A";
}
} else {
//Legacy Mode Code...
if ($appname =="Firefox" or $appname == "Thunderbird") {
echo"<br><SPAN style=\"font-size: 8pt; font-weight: bold\">Incompatable with Legacy Extensions (Requires install.rdf)</SPAN>";
} else {
$sql = "SELECT `version`,`major`,`minor`,`release`,`SubVer` FROM `applications` WHERE `AppName` = '$appname' ORDER BY `major` ASC, `minor` ASC, `release` ASC, `SubVer` ASC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
echo"<SELECT name=\"$appname-minappver\" TITLE=\"Minimum Version* (Required)\">";
echo"<OPTION value\"\"> - </OPTION>\n";
while ($row = mysql_fetch_array($sql_result)) {
$release = "$row[major].$row[minor]";
if ($row["release"]) {$release = "$release.$row[release]";}
$subver = $row["SubVer"];
if ($subver !=="final") {$release="$release$subver";}
echo"<OPTION value=\"$release\">$release</OPTION>\n";
}
echo"</select>\n";
echo"&nbsp;-&nbsp;";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
echo"<SELECT name=\"$appname-maxappver\" TITLE=\"Maximum Version* (Required)\">";
echo"<OPTION value\"\"> - </OPTION>\n";
while ($row = mysql_fetch_array($sql_result)) {
$release = "$row[major].$row[minor]";
if ($row["release"]) {$release = "$release.$row[release]";}
$subver = $row["SubVer"];
if ($subver !=="final") {$release="$release$subver";}
echo"<OPTION value=\"$release\">$release</OPTION>\n";
}
echo"</select>\n";
echo"</TD></TR>\n";
} }
}
?>
<TR><TD><SPAN class="global">Homepage</SPAN></TD> <TD COLSPAN=2><INPUT NAME="homepage" TYPE="TEXT" VALUE="<?php echo"$homepage"; ?>" SIZE=60 MAXLENGTH=200></TD></TR>
<TR><TD><SPAN class="global">Description*</SPAN></TD> <TD COLSPAN=2><TEXTAREA NAME="description" ROWS=3 COLS=55><?php echo"$description"; ?></TEXTAREA></TD></TR>
<?php
echo"<TR><TD><SPAN class=\"file\">Version Notes:</SPAN></TD><TD COLSPAN=2><TEXTAREA NAME=\"notes\" ROWS=4 COLS=55>$notes</TEXTAREA></TD></TR>\n";
?>
<TR><TD COLSPAN="3" ALIGN="CENTER"><INPUT NAME="submit" TYPE="SUBMIT" VALUE="Next &#187;">&nbsp;&nbsp;<INPUT NAME="reset" TYPE="RESET" VALUE="Reset Form"></TD></TR>
</FORM>
</TABLE>
<?php
} else if ($function=="additem3") {
//print_r($_POST);
//exit;
//Verify that there's at least one min/max app value pair...
$sql = "SELECT `AppName`,`AppID` FROM `applications` GROUP BY `AppName` ORDER BY `AppName` ASC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$appname = $row["AppName"];
$appid = $row["AppID"];
if (!$minappver AND $_POST["$appname-minappver"]) {$minappver="true";}
if (!$maxappver AND $_POST["$appname-maxappver"]) {$maxappver="true";}
}
//Author List -- Autocomplete and Verify, if no valid authors, kill add.. otherwise, autocomplete/prompt
$authors = escape_string($_POST["authors"]);
$authors = explode(", ","$authors");
foreach ($authors as $author) {
if (strlen($author)<2) {continue;} //Kills all values that're too short..
$a++;
$sql = "SELECT `UserID`,`UserEmail` FROM `userprofiles` WHERE `UserEmail` LIKE '$author%' ORDER BY `UserMode`, `UserName` ASC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$numresults = mysql_num_rows($sql_result);
while ($row = mysql_fetch_array($sql_result)) {
$userid = $row["UserID"];
$useremail = $row["UserEmail"];
if ($numresults>1) {
//Too many e-mails match, store individual data for error block.
$r++;
$emailerrors[$a]["foundemails"][$r] = $useremail;
}
$authorids[] = $userid;
$authoremails[] = $useremail;
}
if ($numresults !="1") {
//No Valid Entry Found for this E-Mail or too many, kill and store data for error block.
$emailerrors[$a]["author"] = "$author";
$updateauthors = "false"; // Just takes one of these to kill the author update.
}
}
unset($a,$r);
if ($_POST["name"] AND $_POST["type"] AND $_POST["authors"] AND $updateauthors !="false" AND $_POST["version"] AND $_POST["osid"] AND $_POST["filename"] AND $_POST["filesize"] AND $_POST["description"] AND $minappver AND $maxappver) {
//All Needed Info is in the arrays, procceed with inserting...
//Create DIV for Box around the output...
echo"<h1>Adding Item... Please Wait...</h1>\n";
echo"<DIV>\n";
//Phase One, Main Data
$name = escape_string($_POST["name"]);
$homepage = escape_string($_POST["homepage"]);
$description = escape_string($_POST["description"]);
$item_id = escape_string($_POST["item_id"]);
$guid = escape_string($_POST["guid"]);
$type = escape_string($_POST["type"]);
//Check to ensure tha the name isn't already taken, if it is, throw an error and halt.
$sql = "SELECT `Name` from `main` WHERE `Name`='$name' and `GUID` != '$guid'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result)=="0") {
if ($_POST["mode"]=="update") {
$sql = "UPDATE `main` SET `Name`='$name', `Homepage`='$homepage', `Description`='$description', `DateUpdated`=NOW(NULL) WHERE `ID`='$item_id' LIMIT 1";
} else {
$sql = "INSERT INTO `main` (`GUID`, `Name`, `Type`, `Homepage`,`Description`,`DateAdded`,`DateUpdated`) VALUES ('$guid', '$name', '$type', '$homepage', '$description', NOW(NULL), NOW(NULL));";
}
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {echo"Updating/Adding record for $name...<br>\n";
} else {
//Handle Error Case and Abort
$failure = "true";
echo"Failure to successfully add/update main record. Unrecoverable Error, aborting.<br>\n";
include"$page_footer";
echo"</body>\n</html>\n";
exit;
}
} else {
//Name wasn't unique, error time. :-)
//Handle Error Case and Abort
$failure = "true";
echo"<strong>Error!</strong> The Name for your extension or theme already exists in the Update database.<br>\nCannot Continue, aborting.<br>\n";
include"$page_footer";
echo"</body>\n</html>\n";
exit;
}
//Get ID for inserted row... if we don't know it already
if (!$_POST[item_id] and $_POST["mode"] !=="update") {
$name = escape_string($_POST["name"]);
$guid = escape_string($_POST["guid"]);
$sql = "SELECT `ID` FROM `main` WHERE `GUID`='$guid' AND `Name`='$name' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$id = $row["ID"];
} else {
$id = escape_string($_POST["item_id"]);
}
//Phase 2 -- Commit Updates to AuthorXref tables.. with the ID and UserID.
if ($updateauthors != "false") {
//Remove Current Authors
$sql = "DELETE FROM `authorxref` WHERE `ID` = '$id'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
//Add New Authors based on $authorids
sort($authorids);
foreach ($authorids as $authorid) {
$sql = "INSERT INTO `authorxref` (`ID`, `UserID`) VALUES ('$id', '$authorid');";
$result = mysql_query($sql) or trigger_error("<FONT COLOR=\"#FF0000\"><B>MySQL Error ".mysql_errno().": ".mysql_error()."</B></FONT>", E_USER_NOTICE);
}
if ($result) { echo"Authors added...<br>\n"; }
} else {
echo"ERROR: Could not update Authors list, please fix the errors printed below and try again...<br>\n";
}
unset($authors); //Clear from Post..
// Phase 3, categoryxref
if (!$_POST["categories"]) {
//No Categories defined, need to grab one to prevent errors...
$sql = "SELECT `CategoryID` FROM `categories` WHERE `CatType`='$type' AND `CatName`='Miscellaneous' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$_POST["categories"] = array("$row[CategoryID]");
}
}
//Delete Current Category Linkages...
$sql = "DELETE FROM `categoryxref` WHERE `ID` = '$id'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
//Add New Categories from $_POST["categories"]
foreach ($_POST["categories"] as $categoryname) {
$sql2 = "SELECT `CategoryID` FROM `categories` WHERE `CatType` = '$type' AND `CatName` = '$categoryname' ORDER BY `CategoryID` ASC";
$sql_result2 = mysql_query($sql2, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row2 = mysql_fetch_array($sql_result2)) {
$categoryid = $row2["CategoryID"];
$sql = "INSERT INTO `categoryxref` (`ID`, `CategoryID`) VALUES ('$id', '$categoryid');";
$result = mysql_query($sql) or trigger_error("<FONT COLOR=\"#FF0000\"><B>MySQL Error ".mysql_errno().": ".mysql_error()."</B></FONT>", E_USER_NOTICE);
}
}
if ($result) {echo"Categories added...<br>\n"; }
//Phase 4, version rows
//Construct Internal App_Version Arrays
$i=0;
$sql = "SELECT `AppName`, `int_version`, `major`, `minor`, `release`, `SubVer`, `shortname` FROM `applications` ORDER BY `AppName`, `major` DESC, `minor` DESC, `release` DESC, `SubVer` DESC";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result)) {
$i++;
$appname = $row["AppName"];
$int_version = $row["int_version"];
$subver = $row["SubVer"];
$release = "$row[major].$row[minor]";
if ($row["release"]) {$release = "$release.$row[release]";}
if ($subver !=="final") {$release="$release$subver";}
$app_internal_array[$release] = $int_version;
$app_shortname[strtolower($appname)] = $row["shortname"];
}
$sql2 = "SELECT `AppName`,`AppID` FROM `applications` GROUP BY `AppName` ORDER BY `AppName` ASC";
$sql_result2 = mysql_query($sql2, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row2 = mysql_fetch_array($sql_result2)) {
unset($minappver_int,$maxappver_int);
$appname = $row2["AppName"];
$appid = $row2["AppID"];
$minappver = $_POST["$appname-minappver"];
$maxappver = $_POST["$appname-maxappver"];
if ($minappver and $maxappver) {
if ($app_internal_array["$minappver"]) {$minappver_int = $app_internal_array["$minappver"]; }
if ($app_internal_array["$maxappver"]) {$maxappver_int = $app_internal_array["$maxappver"]; }
if (!$minappver_int) {$minappver_int = $minappver;}
if (!$maxappver_int) {$maxappver_int = $maxappver;}
$version = escape_string($_POST["version"]);
$osid = escape_string($_POST["osid"]);
$filesize = escape_string($_POST["filesize"]);
$uri = ""; //we don't have all the parts to set a uri, leave blank and fix when we do.
$notes = escape_string($_POST["notes"]);
//If a record for this item's exact version, OS, and app already exists, find it and delete it, before inserting
$sql3 = "SELECT `vID` from `version` TV INNER JOIN `applications` TA ON TA.AppID=TV.AppID WHERE TV.ID = '$id' AND `OSID`='$osid' AND `AppName` = '$appname' AND TV.Version='$version' ORDER BY `vID` ASC";
$sql_result3 = mysql_query($sql3, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
while ($row = mysql_fetch_array($sql_result3)) {
$sql = "DELETE FROM `version` WHERE `vID`='$row[vID]' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) { echo"<strong>Warning!</strong> A version Record already exists for this item's Application/OS/Version combination. Deleting.<br>\n"; }
}
$sql = "INSERT INTO `version` (`ID`, `Version`, `OSID`, `AppID`, `MinAppVer`, `MinAppVer_int`, `MaxAppVer`, `MaxAppVer_int`, `Size`, `URI`, `Notes`, `DateAdded`, `DateUpdated`) VALUES ('$id', '$version', '$osid', '$appid', '$minappver', '$minappver_int', '$maxappver', '$maxappver_int', '$filesize', '$uri', '$notes', NOW(NULL), NOW(NULL));";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if ($sql_result) {echo"Added $name version $version for $appname<br>\n"; $apps_array[]=$app_shortname[strtolower($appname)];}
$sql = "SELECT `vID` from `version` WHERE `id` = '$id' ORDER BY `vID` DESC LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$vid_array[] = $row["vID"];
}
}
$sql = "SELECT `OSName` FROM `os` WHERE `OSID`='$osid' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
$row = mysql_fetch_array($sql_result);
$osname = $row["OSName"];
//Construct the New Filename
$filename_array = explode(".",$_POST[filename]);
$filename_count = count($filename_array)-1;
$fileext = $filename_array[$filename_count];
$itemname = str_replace(" ","_",$name);
$j=0; $app="";
$app_count = count($apps_array);
foreach ($apps_array as $app_val) {
$j++;
$apps .="$app_val";
if ($j<$app_count) {$apps .="+"; }
}
$newfilename = "$itemname-$version-$apps";
if (strtolower($osname) !=="all") {$newfilename .="-".strtolower($osname).""; }
$newfilename .=".$fileext";
//Move temp XPI to home for approval queue items...
$oldpath = "$repositorypath/temp/$_POST[filename]";
$newpath = "$repositorypath/approval/".strtolower($newfilename);
if (file_exists($oldpath)) {
rename("$oldpath","$newpath");
echo"File $newfilename saved to disk...<br>\n";
}
$uri = str_replace("$repositorypath/approval/","http://$sitehostname/developers/approvalfile.php/",$newpath);
//echo"$newfilename ($oldpath) ($newpath) ($uri)<br>\n";
foreach ($vid_array as $vid) {
$sql = "UPDATE `version` SET `URI`='$uri' WHERE `vID`='$vid'";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
}
//Approval Queue
//Check if the item belongs to the user, (special case for where admins are trusted, the trust only applies to their own work.)
$sql = "SELECT `UserID` from `authorxref` WHERE `ID`='$id' AND `UserID` = '$_SESSION[uid]' LIMIT 1";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
if (mysql_num_rows($sql_result)=="1" AND $_SESSION["trusted"]=="TRUE") {
//User is trusted and the item they're modifying inheirits that trust.
include"inc_approval.php"; //Get the resuable process_approval() function.
$action = "Approval+";
$file = $uri;
$comments = "Auto-Approval for Trusted User";
$approval_result = process_approval($type, $file, "approve");
} else {
$action="Approval?";
$comments="";
}
//Firstly, log the comments and action taken..
$userid = $_SESSION["uid"];
if (!$vid_array) { $vid_array = array(); }
foreach ($vid_array as $vid) {
$sql = "INSERT INTO `approvallog` (`ID`, `vID`, `UserID`, `action`, `date`, `comments`) VALUES ('$id', '$vid', '$userid', '$action', NOW(NULL), '$comments');";
$sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
}
echo"Process Complete...<br><br>\n";
echo"$name version $version has been added to the Mozilla Update database";
if ($_SESSION["trusted"]=="FALSE") { echo" and is awaiting review by an editor, you will be notified when an editor reviews it.";
} else if ($_SESSION["trusted"]=="TRUE") {
echo" and has been auto-approved. It should be up on the website within the next half-hour.";
}
echo"<br>\n";
echo"To review or make changes to your submission, visit the <A HREF=\"itemoverview.php?id=$id\">Item Details page</A>...<br>\n";
echo"<br><br>\n";
echo"<A HREF=\"/developers/\">&#171;&#171; Back to Home</A>";
echo"</div>\n";
}
//Author Error Handling/Display Block for Form Post...
if ($emailerrors) {
echo"
<h1>Adding Item... Error Found while processing authors</h1>\n
<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=2 ALIGN=CENTER STYLE=\"border: 0px; width: 100%\">
<FORM NAME=\"addstep2b\" METHOD=\"POST\" ACTION=\"?function=additem3\">";
foreach ($_POST as $key => $val) {
if ($key=="authors" or $key=="submit") {continue; }
if ($key=="categories") {
foreach ($_POST["categories"] as $val) {
echo"<INPUT name=\"categories[]\" type=\"hidden\" value=\"$val\">\n";
}
continue;
}
echo"<INPUT name=\"$key\" type=\"hidden\" value=\"$val\">\n";
}
echo"<TR><TD COLSPAN=2 STYLE=\"\">\n";
echo"<DIV style=\"margin-left 2px; border: 1px dotted #CCC;\">";
foreach ($emailerrors as $authorerror) {
$author = $authorerror["author"];
$count = count($authorerror["foundemails"]);
if ($count=="0") {
//Error for No Entry Found
echo"<SPAN STYLE=\"color: #FF0000;\"><strong>Error! Entry '$author': No Matches Found.</strong></SPAN> Please check your entry and try again.<BR>\n";
} else {
//Error for Too Many Entries Found
echo"<SPAN STYLE=\"color: #FF0000;\"><strong>Error! Entry '$author': Too Many Matches.</strong></SPAN> Please make your entry more specific.<BR>\n";
}
if ($count>0 AND $count<6) {
echo"&nbsp;&nbsp;&nbsp;&nbsp;Possible Addresses found: ";
foreach ($authorerror["foundemails"] as $foundemails) {
$a++;
echo"$foundemails";
if ($a != $count) {echo", "; } else {echo"<br>\n";}
}
}
}
echo"</font></DIV></TD></TR>\n";
$authors = $_POST["authors"];
?>
<TR><TD><SPAN class="global">Author(s):*</SPAN></TD><TD><INPUT NAME="authors" TYPE="TEXT" VALUE="<?php echo"$authors"; ?>" SIZE=70><INPUT NAME="submit" TYPE="SUBMIT" VALUE="Next &#187;"></TD></TR>
</FORM></TABLE>
<?php
}
} else {}
?>
<!-- close #mBody-->
</div>
<?php
include"$page_footer";
?>
</BODY>
</HTML>
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку