index.php
3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?php
require_once("config.php");
$cookiestr = '_redmine_default=' . $_COOKIE['_redmine_default'] . '; path=/';
function out($ret, $curl_handler, $contenttype) {
header('Content-Type: '.$contenttype);
print $ret;
curl_close($curl_handler);
exit(0);
}
function request($uri, $method=NULL) {
global $cookiestr;
if(is_null($method))
$method = $_SERVER['REQUEST_METHOD'];
$curl_handler = curl_init();
curl_setopt($curl_handler, CURLOPT_URL, REDMINE_URL.REDMINE_WHITEPORT.'/'.$uri);
switch($method) {
case 'GET':
break;
case 'POST':
$post_data = file_get_contents("php://input");
curl_setopt($curl_handler, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($curl_handler, CURLOPT_POST, 1);
break;
case 'PUT';
$post_data = file_get_contents("php://input");
curl_setopt($curl_handler, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($curl_handler, CURLOPT_PUT, 1);
break;
default:
curl_setopt($curl_handler, CURLOPT_CUSTOMREQUEST, $method);
break;
}
curl_setopt($curl_handler, CURLOPT_COOKIE, $cookiestr);
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($curl_handler);
return array($ret, $curl_handler, curl_getinfo($curl_handler, CURLINFO_CONTENT_TYPE));
}
function permit() {
global $path, $dir;
list($ret, $curl_handler, $contenttype) = request($dir.$path);
out($ret, $curl_handler, $contenttype);
}
function login() {
global $path, $dir;
header('Location: '.REDMINE_URL.'/login?back_url='.urlencode(REDMINE_URL.'/'.$dir.$path));
exit(0);
}
function error() {
header('Location: '.REDMINE_URL);
exit(0);
}
//$path = preg_replace('%^.*/attachments/download%', '', $_GET['path']);
if (strstr($_SERVER['REQUEST_URI'], '/attachments/download/')) {
$dir = 'attachments/download';
} else
$dir = 'attachments';
$path = preg_replace('%^.*'.$dir.'%', '', $_SERVER['REQUEST_URI']);
if(preg_match('%^/[0-9]*/private_%', $path) == 0)
permit();
list($ret, $curl_handler) = request('my/account', 'GET');
curl_close($curl_handler);
if(preg_match('%<p>Login:\s*<strong><a href="/users/([0-9]*)" class="user active">([^<]*)</a></strong><br\s*/>%', $ret, $matches) == 0)
login();
$user_id = $matches[1];
$user_login = $matches[2];
@mysql_connect(MYSQL_SERVER, MYSQL_USER, MYSQL_PASSWORD);
mysql_select_db(MYSQL_DB);
$result = mysql_query('SELECT `admin` FROM `users` WHERE `id`="'.mysql_real_escape_string($user_id).'"');
if($result === FALSE)
error();
$row = mysql_fetch_assoc($result);
if($row['admin'] != 0)
permit();
preg_match('%/([0-9]*)/(.*)$%', $path, $matches);
$attachment_id = $matches[1];
$attachment_name = $matches[2];
require_once "lib/php-redmine-api/lib/Redmine/Client.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/AbstractApi.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/User.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Issue.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Project.php";
require_once "lib/php-redmine-api/lib/Redmine/Api/Attachment.php";
$redmine = new Redmine\Client(REDMINE_URL, REDMINE_LOGIN, REDMINE_PASSWORD);
#$user = $redmine->api('user')->show($user_id);
#
#if ($user['user']['admin'] != 0)
# permit();
$result = mysql_query('SELECT `container_id` FROM `attachments` WHERE `id`="'.mysql_real_escape_string($attachment_id).'"');
if($result === FALSE)
error();
$row = mysql_fetch_assoc($result);
if(!$row)
error();
$issue = $redmine->api('issue')->show($row['container_id']);
$project = $redmine->api('project')->show($issue['issue']['project']['id']);
$result = mysql_query('SELECT 1 FROM `members` WHERE `project_id`="'.mysql_real_escape_string($project['project']['id']).'" AND `user_id`="'.mysql_real_escape_string($user_id).'"');
if($result !== FALSE)
permit();
error();
?>