exit_error('Error',$frsr->getErrorMessage());
}
-//we make sure we are not receiving $sys_ftp_upload_dir by POST or GET, to prevent security problems
-global $sys_ftp_upload_dir;
-if (!$sys_ftp_upload_dir) {
- exit_error('Error','External sys_ftp_upload_dir detected');
-}
-$upload_dir = $sys_ftp_upload_dir . "/" . $g->getUnixName();
+$upload_dir = forge_get_config('ftp_upload_dir') . "/" . $g->getUnixName();
/*
if (!is_uploaded_file($uploaded_changes['tmp_name'])) {
exit_error('Error','Attempted File Upload Attack');
}
- if ($uploaded_notes['type'] !== 'text/plain') {
+ if ($uploaded_changes['type'] !== 'text/plain') {
$feedback .= _('Change Log Is not in Text');
$exec_changes = false;
} else {
$group_unix_name=group_getunixname($group_id);
$ftp_filename = getStringFromRequest('ftp_filename');
- if (($userfile && is_uploaded_file($userfile['tmp_name'])) || ($sys_use_ftpuploads && $ftp_filename)){
- if ($sys_use_ftpuploads && $ftp_filename && util_is_valid_filename($ftp_filename) && is_file($upload_dir.'/'.$ftp_filename)) {
+ if (($userfile && is_uploaded_file($userfile['tmp_name'])) || (forge_get_config('use_ftpuploads') && $ftp_filename)){
+ if (forge_get_config('use_ftpuploads') && $ftp_filename && util_is_valid_filename($ftp_filename) && is_file($upload_dir.'/'.$ftp_filename)) {
//file was uploaded already via ftp
//use setuid prog to chown it
//$cmd = escapeshellcmd("$sys_ftp_upload_chowner $ftp_filename");
<h3><?php echo _('Step 1: Edit Release') ?></h3>
-<form enctype="multipart/form-data" method="post" action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>">
+<form enctype="multipart/form-data" method="post" action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>">
<input type="hidden" name="step1" value="1" />
<table border="0" cellpadding="1" cellspacing="1">
<tr>
- <td width="10%"><strong><?php echo _('Release date') ?>:<strong></td>
+ <td width="10%"><strong><?php echo _('Release date') ?>:</strong></td>
<td><input type="text" name="release_date" value="<?php echo date('Y-m-d H:i',$frsr->getReleaseDate()) ?>" size="16" maxlength="16" /></td>
</tr>
<tr>
- <td><strong><?php echo _('Release name') ?>:<strong></td>
+ <td><strong><?php echo _('Release name') ?>:</strong></td>
<td><input type="text" name="release_name" value="<?php echo htmlspecialchars($frsr->getName()); ?>" /></td>
</tr>
<tr>
<tr>
<td colspan="2">
<strong><?php echo _('Paste The Notes In') ?>:</strong><br />
- <textarea name="release_notes" rows="10" cols="60" wrap="soft"><?php echo $frsr->getNotes(); ?></textarea>
+ <textarea name="release_notes" rows="10" cols="60"><?php echo $frsr->getNotes(); ?></textarea>
</td>
</tr>
<tr>
<td colspan="2">
<strong><?php echo _('Paste The Change Log In') ?>:</strong><br />
- <textarea name="release_changes" rows="10" cols="60" wrap="soft"><?php echo $frsr->getChanges(); ?></textarea>
+ <textarea name="release_changes" rows="10" cols="60"><?php echo $frsr->getChanges(); ?></textarea>
</td>
</tr>
<tr>
<br />
<input type="checkbox" name="preformatted" value="1" <?php echo (($frsr->getPreformatted())?'checked="checked"':''); ?> /> <?php echo _('Preserve my pre-formatted text.') ?>
<p>
- <input type="submit" name="submit" value="<?php echo _('Submit/Refresh') ?>"/></p>
+ <input type="submit" name="submit" value="<?php echo _('Submit/Refresh') ?>"/>
+ </p>
</td>
</tr>
</table>
</form>
-<p> </p>
<hr />
-<h3><?php echo _('Step 2: Add Files To This Release</h3><p>Now, choose a file to upload into the system. The maximum file size is determined by the site administrator, but defaults to 2MB. If you need to upload large files, contact your site administrator.</p>') ?></h3>
-<p>
-<form enctype="multipart/form-data" method="post" action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>">
-<input type="hidden" name="step2" value="1" />
-<span class="important">
-<?php echo _('NOTE: In some browsers you must select the file in the file-upload dialog and click "OK". Double-clicking doesn\'t register the file.') ?></span>
-</span><br />
-<?php echo _('Upload a new file') ?>: <input type="file" name="userfile" size="30" />
-<?php if ($sys_use_ftpuploads) {
+<h3><?php echo _('Step 2: Add Files To This Release') ?></h3>
+<p><?php echo _('Now, choose a file to upload into the system.') ?></p>
+
+<form enctype="multipart/form-data" method="post" action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>">
+<input type="hidden" name="step2" value="1" />
+<fieldset><legend><strong><?php echo _("File Name") ?></strong></legend>
+<?php echo _("Upload a new file") ?>: <input type="file" name="userfile" size="30" />
+<?php if (forge_get_config('use_ftpuploads')) {
echo '<p>';
- printf(_('Alternatively, you can use FTP to upload a new file at %1$s'), $sys_ftp_upload_host).'<br />';
+ printf(_('Alternatively, you can use FTP to upload a new file at %1$s'), forge_get_config('ftp_upload_host')).'<br />';
echo _('Choose an FTP file instead of uploading:').'<br />';
$arr[]='';
$ftp_files_arr=array_merge($arr,ls($upload_dir,true));
echo html_build_select_box_from_arrays($ftp_files_arr,$ftp_files_arr,'ftp_filename','',false); ?>
</p>
<?php } ?>
+<p>
+<span class="important">
+<?php echo _('NOTE: In some browsers you must select the file in the file-upload dialog and click "OK". Double-clicking doesn\'t register the file.').' ('._('Maximum upload file size:').' '. ini_get('upload_max_filesize')?>)
+</span>
+</p>
+<p>
+<?php echo _('Specify a new URL') ?>: <input type="text" name="userlink" size="50" />
+</p>
+</fieldset>
<table width="60%">
<tr>
<td>
-<h4><?php echo _('File Type') ?>:</h4>
+<strong><?php echo _('File Type') ?>:</strong>
<?php
print frs_show_filetype_popup ('type_id');
?>
</td>
<td>
-<h4><?php echo _('Processor Type') ?>:</h4>
+<strong><?php echo _('Processor Type') ?>:</strong>
<?php
print frs_show_processor_popup ('processor_id');
?>
</table>
<p>
<input type="submit" name="submit" value="<?php echo _('Add This File') ?>" /></p>
-</form></p>
-<p> </p>
+</form>
<hr />
-<p> </p>
<h3><?php echo _('Step 3: Edit Files In This Release') ?></h3>
<?php
// Get a list of files associated with this release
- $res=db_query("SELECT * FROM frs_file WHERE release_id='$release_id'");
+ $res=db_query_params ('SELECT * FROM frs_file WHERE release_id=$1',
+ array($release_id));
$rows=db_numrows($res);
if($rows < 1) {
print("<span class=\"error\">"._('No Files In This Release')."</span>\n");
for($x=0; $x<$rows; $x++) {
?>
- <form action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>" method="post">
+ <form action="<?php echo getStringFromServer('PHP_SELF')."?group_id=$group_id&release_id=$release_id&package_id=$package_id"; ?>" method="post">
<input type="hidden" name="file_id" value="<?php echo db_result($res,$x,'file_id'); ?>" />
<input type="hidden" name="step3" value="1" />
<tr <?php echo $HTML->boxGetAltRowStyle($x); ?>>
- <td nowrap="nowrap"><?php echo db_result($res,$x,'filename'); ?></td>
+ <td style="white-space: nowrap;"><?php echo db_result($res,$x,'filename'); ?></td>
<td><?php echo frs_show_processor_popup ('processor_id', db_result($res,$x,'processor_id')); ?></td>
<td><?php echo frs_show_filetype_popup ('type_id', db_result($res,$x,'type_id')); ?></td>
</tr>
echo $GLOBALS['HTML']->listTableBottom();
}
-echo '<br />'.sprintf(ngettext('There is %1$s user monitoring this package.', 'There are %1$s users monitoring this package.', $frsp->getMonitorCount()), $frsp->getMonitorCount());
+echo '<p>' . sprintf(ngettext('There is %1$s user monitoring this package.', 'There are %1$s users monitoring this package.', $frsp->getMonitorCount()), $frsp->getMonitorCount()) . '</p>';
echo '<hr />';
frs_admin_footer();