### Eclipse Workspace Patch 1.0 #P submissions Index: ajax.js =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/ajax.js,v retrieving revision 1.52 diff -u -r1.52 ajax.js --- ajax.js 8 Feb 2010 23:24:18 -0000 1.52 +++ ajax.js 3 Feb 2011 20:08:30 -0000 @@ -844,7 +844,7 @@ } -function editSlideLink(action,submissoinid,value){ +function editSlideLink(action,submissionid,value){ var node = document.getElementById("slidelink"); var callback = @@ -859,7 +859,7 @@ } }; - YAHOO.util.Connect.asyncRequest('POST', "callbacks/edit_slide.php?action="+action+"&submission_id="+submissoinid+"&value="+encodeURIComponent(value), callback); + YAHOO.util.Connect.asyncRequest('POST', "callbacks/edit_slide.php?action="+action+"&submission_id="+submissionid+"&value="+encodeURIComponent(value), callback); node.innerHTML = "
"; } Index: bigbutton.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/bigbutton.php,v retrieving revision 1.12 diff -u -r1.12 bigbutton.php --- bigbutton.php 11 Feb 2010 17:20:40 -0000 1.12 +++ bigbutton.php 3 Feb 2011 20:08:30 -0000 @@ -45,7 +45,7 @@ /* * ..if not display a message and exit */ - ?>This page is for the conference staff only, nice try.theconference->getConferenceID())."' - and - submission_types.conference_id = '".addslashes($context->theconference->getConferenceID())."' - and - submission_types.type = submissions._type - and - submission_types.internal_type in ('".implode('\',\'',$types)."') - group by - tentative_status, - submission_id - "; + $query = "select /* bigbutton.php:get_submissions_with_actionable_status() */ * + FROM submissions AS S + INNER JOIN submission_types AS T ON T.type = S._type + WHERE tentative_status != '' + AND S.conference_id = '".addslashes($context->theconference->getConferenceID())."' + AND T.conference_id = '".addslashes($context->theconference->getConferenceID())."' + AND T.internal_type in ('".implode('\',\'',$types)."') + GROUP BY tentative_status, submission_id"; }else{ /* * there are no submission to take action on Index: check_speaker_overlap.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/check_speaker_overlap.php,v retrieving revision 1.23 diff -u -r1.23 check_speaker_overlap.php --- check_speaker_overlap.php 1 Feb 2010 18:05:44 -0000 1.23 +++ check_speaker_overlap.php 3 Feb 2011 20:08:30 -0000 @@ -94,7 +94,7 @@ echo $conflict['type'] ?>
    • theuser->getFoundationID() )){ + if(!can_user_edit_submission($_GET['id'],$context->theuser->getBugzillaUserID() )){ ?>

    You are not authorized to edit this talk.

    theuser->getFoundationID(),$auths_assistants)){ + if(!in_array($context->theuser->getBugzillaUserID(),$auths_assistants)){ /* * .. then add them as an author */ - $auths[] = $context->theuser->getFoundationID(); + $auths[] = $context->theuser->getBugzillaUserID(); $_POST['authors'] = implode(",",$auths); } @@ -605,11 +605,11 @@ - + Authors:
    - @@ -810,7 +810,7 @@ $query = "insert into submission_authors set rank = '".addslashes($rank)."', submission_id = '".addslashes($submission_id)."', - PersonID = '".addslashes($auth)."', + BugzillaUserID = '".addslashes($auth)."', role = 'author' "; $res = conference_sql($query); @@ -830,7 +830,7 @@ $query = "insert into submission_authors set rank = 0, submission_id = '".addslashes($submission_id)."', - PersonID = '".addslashes($auth)."', + BugzillaUserID = '".addslashes($auth)."', role = 'assistant' "; $res = conference_sql($query); @@ -861,7 +861,7 @@ if(trim($need_extra_time) != ""){ $query = "insert into submission_comments set submission_id = '".addslashes($submission_id)."', - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', comment = '".addslashes($need_extra_time)."', ts = NOW(), is_private = true"; Index: index.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/index.php,v retrieving revision 1.46 diff -u -r1.46 index.php --- index.php 20 Nov 2009 20:45:04 -0000 1.46 +++ index.php 3 Feb 2011 20:08:30 -0000 @@ -1,4 +1,4 @@ -theuser->getFoundationID()."' - and - submissions.conference_id = ".$context->theconference->getConferenceID()." - and - conference_id = ".$context->theconference->getConferenceID()." - order by submissions.submission_id"; - $res = conference_sql($query); - $title = "Your Submission" . (mysql_num_rows($res) > 1 ? 's' : ''); if(is_user_logged_in()){ - /* - * get all the results - */ + $query = "select /* index.php:13 */ * from submissions AS S + INNER JOIN submission_authors AS A on A.submission_id = S.submission_id + WHERE A.BugzillaUserID = " . $context->theuser->getBugzillaUserID() . " + AND S.conference_id = ".$context->theconference->getConferenceID()." + ORDER BY S.submission_id"; + $res = conference_sql($query); + $title = "Your Submission" . (mysql_num_rows($res) > 1 ? 's' : ''); + $results = array(); while( $row = mysql_fetch_assoc($res) ) { $results[$row['submission_id']] = $row; @@ -47,10 +39,10 @@ theuser->getPicture() == true){ - $_GET['PersonID'] = $context->theuser->getFoundationID(); + $_GET['PersonID'] = $context->theuser->getBugzillaUserID(); include("callbacks/image-upload.php"); }else{ - ?>

    upload your photo

    upload your photo

    @@ -58,20 +50,20 @@

    Your Bio

    - theuser->getFoundationID(),true )?> + theuser->getBugzillaUserID(),true )?> theuser->getFoundationID())){ + if(get_speakers_accepted_submissions($context->theuser->getBugzillaUserID())){ ?>
    - Speaker Agreement + Speaker Agreement
    - bio + bio

    -

    - + Index: schedulingTool.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/schedulingTool.php,v retrieving revision 1.2 diff -u -r1.2 schedulingTool.php --- schedulingTool.php 4 Feb 2009 20:14:20 -0000 1.2 +++ schedulingTool.php 3 Feb 2011 20:08:30 -0000 @@ -22,7 +22,7 @@ - + Index: user.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/user.php,v retrieving revision 1.25 diff -u -r1.25 user.php --- user.php 3 Feb 2010 23:34:05 -0000 1.25 +++ user.php 3 Feb 2011 20:08:30 -0000 @@ -2,32 +2,52 @@ require_once( "classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( false ); -if(isset($_GET['id'])){ - $person = get_people_information($_GET['id']); -} +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_GET['id'])) { + unset($_GET['id']); +} - /* - * From here down, we are generating an HTML page for the user. - */ -conference_include($GLOBALS['FRAGMENTS_DIRECTORY'] . "header.php"); -do_header(false); +# Array of talks for this user +$a_talks = array(); -$bio = ""; -/* - * if the id is set for this user - */ if(isset($_GET['id'])){ /* * load their bio */ - $query = "select * from speakers where PersonID = '".addslashes($_GET['id'])."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from speakers where BugzillaUserID = '".addslashes($_GET['id'])."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $author_info = mysql_fetch_assoc($res); if($author_info['bio'] != ""){ $bio = $author_info['bio']; } + + # Load up talks for this user + $query = "select /* user.php:95 */ S.* + FROM submissions AS S + INNER JOIN submission_authors AS A ON A.submission_id = S.submission_id + AND BugzillaUserID = ".addslashes($_GET['id'])." + AND role IN ('author','assistant') + AND conference_id = ".$context->theconference->getConferenceID()." order by rank asc"; + $res = conference_sql($query); + + while( $row = mysql_fetch_assoc($res) ) { + $a_talks[$row['submission_id']] = $row; + } + } + +conference_include($GLOBALS['FRAGMENTS_DIRECTORY'] . "header.php"); +do_header(false); + + /* + * From here down, we are generating an HTML page for the user. + */ + +$bio = ""; +/* + * if the id is set for this user + */ ?>
    @@ -36,7 +56,7 @@
    theuser->getFoundationID() == $_GET['id'] || current_user_has_role("conference_chair") ){ + if($context->theuser->getBugzillaUserID() == $_GET['id'] || current_user_has_role("conference_chair") ){ $_GET['PersonID'] = $_GET['id']; include("callbacks/image-upload.php"); }else{ @@ -51,7 +71,7 @@

    Bio

    - + theuser->getFoundationID() == $_GET['id'] || current_user_has_role("conference_chair") || current_user_has_role("program_committee") || current_user_has_role("registration_master") ){ @@ -84,35 +104,8 @@
    - - - - theconference->getConferenceID()." - - order by rank asc - "; - $res = conference_sql($query); - /* - * get all the results - */ - $results = array(); - while( $row = mysql_fetch_assoc($res) ) { - $results[$row['submission_id']] = $row; - } - show_table_of_talks($results,"Submissions","view_talk.php"); +
    @@ -141,11 +134,6 @@ } ?>
    - - - \ No newline at end of file Index: view_talk.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/view_talk.php,v retrieving revision 1.62 diff -u -r1.62 view_talk.php --- view_talk.php 26 Jan 2011 22:00:08 -0000 1.62 +++ view_talk.php 3 Feb 2011 20:08:30 -0000 @@ -2,6 +2,11 @@ require_once( "classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( false ); +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_GET['id'])) { + unset($_GET['id']); +} + /* * Create a work flow object for processing submissions */ @@ -20,7 +25,7 @@ $errors = ""; if($_GET['cancel_id'] != ""){ - if(can_user_edit_submission($a_talk['submission_id'], $context->theuser->getFoundationID() ) ){ + if(can_user_edit_submission($a_talk['submission_id'], $context->theuser->getBugzillaUserID() ) ){ $query = "update submissions set status = 'withdrawn' where submission_id = '".addslashes($_GET['cancel_id'])."'"; conference_sql($query); } @@ -73,9 +78,9 @@ if(get_magic_quotes_gpc()) { $_POST['comment'] = stripslashes($_POST['comment']); } - $query = "insert into submission_comments set + $query = "insert /* view_talk.php:81 */ into submission_comments set submission_id = '".addslashes($_POST['submission_id'])."', - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', comment = '".mysql_real_escape_string($_POST['comment'])."', ts = NOW() $private"; @@ -87,7 +92,7 @@ * remove them from the list for this talk * NOTE: a check to make sure they are already on the list is NOT required before attempting to remove them */ - $query = "delete from watching_submissions where submission_id = '".addslashes($_POST['submission_id'])."' and PersonID = '".addslashes($context->theuser->getFoundationID())."'"; + $query = "delete from watching_submissions where submission_id = '".addslashes($_POST['submission_id'])."' and BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."'"; conference_sql($query); $workflow->on_remove_cc_list($context,$_POST['submission_id']); }elseif($_POST['ADD'] == "add to cc"){ @@ -95,13 +100,13 @@ * .. if the user asked to be added to the CC list * and they are not already on the list for this talk... */ - $query = "select * from watching_submissions where submission_id = '".addslashes($_POST['submission_id'])."' and PersonID = '".addslashes($context->theuser->getFoundationID())."'"; + $query = "select * from watching_submissions where submission_id = '".addslashes($_POST['submission_id'])."' and BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."'"; $res = conference_sql($query); if(mysql_num_rows($res) == 0){ /* * .. add the user to the CC list for this talk */ - $query = "insert into watching_submissions set submission_id = '".addslashes($_POST['submission_id'])."', PersonID = '".addslashes($context->theuser->getFoundationID())."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts= now()"; + $query = "insert into watching_submissions set submission_id = '".addslashes($_POST['submission_id'])."', BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts= now()"; conference_sql($query); $workflow->on_add_cc_list($context,$_POST['submission_id']); } @@ -281,7 +286,7 @@ /* * If this talk is the current users talk */ - if(can_user_edit_submission($a_talk['submission_id'], $context->theuser->getFoundationID() ) ){ + if(can_user_edit_submission($a_talk['submission_id'], $context->theuser->getBugzillaUserID() ) ){ /* * .. then show an 'edit submission' button to allow the to make changes to their talk */ @@ -443,8 +448,7 @@ /* * Show all non private the comments (if any) */ - $query = "select - * + $query = "select * from submission_comments where @@ -457,7 +461,7 @@ $people = array(); while($comment = mysql_fetch_assoc($res)){ $comments[] = $comment; - $people[] = $comment['PersonID']; + $people[] = $comment['BugzillaUserID']; } /* @@ -475,7 +479,7 @@ } ?>
    -
    +
    **private comment**"; @@ -521,7 +525,7 @@ /* * If you are the author of this talk you will NOT see the add/remove cc buttons */ - if(!can_user_edit_submission($a_talk['submission_id'],$context->theuser->getFoundationID())){ + if(!can_user_edit_submission($a_talk['submission_id'],$context->theuser->getBugzillaUserID())){ /* * if the user is on the cc list.. */ @@ -574,7 +578,7 @@ function is_user_on_cc_list($sub_id){ global $context; - $query = "select * from watching_submissions where submission_id = '".addslashes($sub_id)."' and PersonID = '".addslashes($context->theuser->getFoundationID())."'"; + $query = "select * from watching_submissions where submission_id = '".addslashes($sub_id)."' and BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."'"; $res = conference_sql($query); if(mysql_num_rows($res) == 1){ return true; Index: watch_lists.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/watch_lists.php,v retrieving revision 1.9 diff -u -r1.9 watch_lists.php --- watch_lists.php 16 Nov 2009 21:45:23 -0000 1.9 +++ watch_lists.php 3 Feb 2011 20:08:30 -0000 @@ -28,7 +28,7 @@ * Gather data for types/categories */ $types = $context->theconference->getTalkTypes(); - $query = "select * from watching_types where PersonID = '".addslashes($context->theuser->getFoundationID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from watching_types where BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $watching_types = array(); while($row = mysql_fetch_assoc($res)){ @@ -36,7 +36,7 @@ } $categories = get_talk_categories(); - $query = "select * from watching_categories,categories where PersonID = '".addslashes($context->theuser->getFoundationID())."' and watching_categories.category_id = categories.category_id and watching_categories.conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from watching_categories,categories where BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and watching_categories.category_id = categories.category_id and watching_categories.conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $watching_categories = array(); while($row = mysql_fetch_assoc($res)){ @@ -44,7 +44,7 @@ } $tags = get_tags('talk_tag'); - $query = "select * from watching_tags,tags where PersonID = '".addslashes($context->theuser->getFoundationID())."' and watching_tags.tag_id = tags.tag_id and watching_tags.conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from watching_tags,tags where BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and watching_tags.tag_id = tags.tag_id and watching_tags.conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $watching_tags = array(); while($row = mysql_fetch_assoc($res)){ @@ -52,14 +52,14 @@ } - $query = "select * from watching_new_submissions where PersonID = '".addslashes($context->theuser->getFoundationID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from watching_new_submissions where BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $watching_new_submissions = false; if(mysql_num_rows($res) > 0){ $watching_new_submissions = true; } - $query = "select * from watching_everything where PersonID = '".addslashes($context->theuser->getFoundationID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; + $query = "select * from watching_everything where BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $watching_everything = false; if(mysql_num_rows($res) > 0){ @@ -90,7 +90,7 @@ ?>
    - +

    Talk Tags
    Receive email notification when changes occur to talk tags.

    Index: callbacks/add_author.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/add_author.php,v retrieving revision 1.9 diff -u -r1.9 add_author.php --- callbacks/add_author.php 8 Feb 2010 23:22:30 -0000 1.9 +++ callbacks/add_author.php 3 Feb 2011 20:08:30 -0000 @@ -25,7 +25,7 @@ if( isset($_POST['role']) and isset($_POST['PersonID']) and isset($_POST['submission_id']) and - can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ + can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ /* * Find max rank for this submission @@ -34,14 +34,13 @@ /* * insert the data into the database */ - $query = "insert into + $query = "insert /* add_author.php:37 */ INTO submission_authors set submission_id = '".addslashes($_POST['submission_id'])."', - PersonID = '".addslashes($_POST['PersonID'])."', + BugzillaUserID = '".addslashes($_POST['PersonID'])."', rank = '".addslashes($rank)."', - role = '".addslashes($_POST['role'])."' - "; + role = '".addslashes($_POST['role'])."'"; $res = conference_sql($query); /* Index: callbacks/add_conference_queen.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/add_conference_queen.php,v retrieving revision 1.1 diff -u -r1.1 add_conference_queen.php --- callbacks/add_conference_queen.php 18 Nov 2009 22:50:47 -0000 1.1 +++ callbacks/add_conference_queen.php 3 Feb 2011 20:08:30 -0000 @@ -2,18 +2,19 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( true ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_POST['PersonID'])) { + unset($_POST['PersonID']); +} /* * Check to see if the person accessing this page is the conference chair */ -if(!current_user_has_role("conference_chair")){ +if(!current_user_has_role("conference_chair") || !isset($_POST['PersonID'])) { /* * ..if not display a message and exit */ - ?>errortheconference->getConferenceID())."'"; +$query = "insert into people_roles set BugzillaUserID = '".addslashes($_POST['PersonID'])."', role='registration_master', conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); //$workflow->on_add_program_committee($context,$_POST['PersonID']); Index: callbacks/add_program_committee.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/add_program_committee.php,v retrieving revision 1.3 diff -u -r1.3 add_program_committee.php --- callbacks/add_program_committee.php 28 Aug 2008 23:18:24 -0000 1.3 +++ callbacks/add_program_committee.php 3 Feb 2011 20:08:30 -0000 @@ -2,18 +2,19 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( true ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_POST['PersonID'])) { + unset($_POST['PersonID']); +} /* * Check to see if the person accessing this page is the conference chair */ -if(!current_user_has_role("conference_chair")){ +if(!current_user_has_role("conference_chair") || !isset($_POST['PersonID'])) { /* * ..if not display a message and exit */ - ?>errortheconference->getConferenceID())."'"; +$query = "insert into people_roles set BugzillaUserID = '".addslashes($_POST['PersonID'])."', role='program_committee', conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); -$workflow->on_add_program_committee($context,$_POST['PersonID']); +$workflow->on_add_program_committee($context,$_POST['BugzillaUserID']); show_program_committee_list(); ?> \ No newline at end of file Index: callbacks/edit_abstract.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_abstract.php,v retrieving revision 1.9 diff -u -r1.9 edit_abstract.php --- callbacks/edit_abstract.php 16 Nov 2009 20:38:18 -0000 1.9 +++ callbacks/edit_abstract.php 3 Feb 2011 20:08:30 -0000 @@ -12,7 +12,7 @@ conference_require_once($GLOBALS['WORKFLOW_DIRECTORY']."talk_workflow.class.php"); $workflow = new talk_workflow(); -if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ +if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ $a_talk = get_submission_details($_POST['submission_id']); if(isset($_POST['abstract'])){ Index: callbacks/edit_bio.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_bio.php,v retrieving revision 1.3 diff -u -r1.3 edit_bio.php --- callbacks/edit_bio.php 20 Nov 2009 20:45:04 -0000 1.3 +++ callbacks/edit_bio.php 3 Feb 2011 20:08:30 -0000 @@ -5,17 +5,19 @@ * By the time we get, there is a user logged in. */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_GET['PersonID'])) { + unset($_GET['id']); +} +if(!preg_match("/^[a-z]+$/", $_GET['action'])) { + unset($_GET['id']); +} + if(isset($_GET['action']) and isset($_GET['PersonID'])){ - if($context->theuser->getFoundationID() == $_GET['PersonID'] or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ - $query = "select - * - from - speakers - where + if($context->theuser->getBugzillaUserID() == $_GET['PersonID'] or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ + $query = "select * from speakers where conference_id = ".$context->theconference->getConferenceID()." - and - PersonID = '".addslashes($_GET['PersonID'])."' - "; + and BugzillaUserID = '".addslashes($_GET['PersonID'])."'"; $res = conference_sql($query); $speaker = mysql_fetch_assoc($res); $bio = $speaker['bio']; @@ -55,33 +57,29 @@ } if(empty($speaker)){ - $query = "insert into - speakers + $query = "insert into speakers set bio = '".addslashes($value)."', conference_id = ".$context->theconference->getConferenceID().", - PersonID = '".addslashes($_GET['PersonID'])."' + BugzillaUserID = '".addslashes($_GET['PersonID'])."' "; conference_sql($query); }else{ - $query = "update - speakers + $query = "update speakers set bio = '".addslashes($value)."' - where - conference_id = ".$context->theconference->getConferenceID()." - and - PersonID = '".addslashes($_GET['PersonID'])."' + where conference_id = ".$context->theconference->getConferenceID()." + and BugzillaUserID = '".addslashes($_GET['PersonID'])."' "; conference_sql($query); } //LOG BIO CHANGES if($bio){ - log_conference_action($context->theconference->getConferenceID(),$context->theuser->getFoundationID(),"update bio","",$_GET['PersonID'],$_GET['value']); + log_conference_action($context->theconference->getConferenceID(),$context->theuser->getBugzillaUserID(),"update bio","",$_GET['PersonID'],$_GET['value']); }else{ - log_conference_action($context->theconference->getConferenceID(),$context->theuser->getFoundationID(),"create bio","",$_GET['PersonID'],$_GET['value']); + log_conference_action($context->theconference->getConferenceID(),$context->theuser->getBugzillaUserID(),"create bio","",$_GET['PersonID'],$_GET['value']); } ?>edit bio
    theuser->getFoundationID())){ +if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ $a_talk = get_submission_details($_POST['submission_id']); if(isset($_POST['category'])){ if($_POST['category'] != $a_talk['_category']){ Index: callbacks/edit_difficulty.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_difficulty.php,v retrieving revision 1.1 diff -u -r1.1 edit_difficulty.php --- callbacks/edit_difficulty.php 21 Oct 2008 23:24:29 -0000 1.1 +++ callbacks/edit_difficulty.php 3 Feb 2011 20:08:30 -0000 @@ -12,7 +12,7 @@ conference_require_once($GLOBALS['WORKFLOW_DIRECTORY']."talk_workflow.class.php"); $workflow = new talk_workflow(); -if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ +if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ $a_talk = get_submission_details($_POST['submission_id']); $a_talk['difficulties'] = get_talk_difficulties(); Index: callbacks/edit_file_link.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_file_link.php,v retrieving revision 1.2 diff -u -r1.2 edit_file_link.php --- callbacks/edit_file_link.php 30 Oct 2008 17:09:45 -0000 1.2 +++ callbacks/edit_file_link.php 3 Feb 2011 20:08:30 -0000 @@ -1,9 +1,11 @@ theuser->getFoundationID()) or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ + if(can_user_edit_submission($_GET['submission_id'],$context->theuser->getBugzillaUserID()) or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ $link = getFileLink($_GET['submission_id']); Index: callbacks/edit_slide.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_slide.php,v retrieving revision 1.10 diff -u -r1.10 edit_slide.php --- callbacks/edit_slide.php 29 Oct 2009 23:21:45 -0000 1.10 +++ callbacks/edit_slide.php 3 Feb 2011 20:08:30 -0000 @@ -1,9 +1,11 @@ theuser->getFoundationID()) or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ + if(can_user_edit_submission($_GET['submission_id'],$context->theuser->getBugzillaUserID()) or current_user_has_role("conference_chair") or current_user_has_role("program_committee")){ $link = getSlideLink($_GET['submission_id']); Index: callbacks/edit_title.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_title.php,v retrieving revision 1.7 diff -u -r1.7 edit_title.php --- callbacks/edit_title.php 18 Sep 2009 17:58:04 -0000 1.7 +++ callbacks/edit_title.php 3 Feb 2011 20:08:30 -0000 @@ -12,7 +12,7 @@ conference_require_once($GLOBALS['WORKFLOW_DIRECTORY']."talk_workflow.class.php"); $workflow = new talk_workflow(); -if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ +if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ $a_talk = get_submission_details($_POST['submission_id']); if(isset($_POST['title'])){ $_POST['title'] = stripslashes($_POST['title']); Index: callbacks/edit_type.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/edit_type.php,v retrieving revision 1.5 diff -u -r1.5 edit_type.php --- callbacks/edit_type.php 6 Oct 2008 23:58:08 -0000 1.5 +++ callbacks/edit_type.php 3 Feb 2011 20:08:30 -0000 @@ -12,7 +12,7 @@ conference_require_once($GLOBALS['WORKFLOW_DIRECTORY']."talk_workflow.class.php"); $workflow = new talk_workflow(); -if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ +if( isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ $a_talk = get_submission_details($_POST['submission_id']); if(isset($_POST['type'])){ if($_POST['type'] != $a_talk['_type']){ Index: callbacks/find_author.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/find_author.php,v retrieving revision 1.14 diff -u -r1.14 find_author.php --- callbacks/find_author.php 8 Feb 2010 23:24:18 -0000 1.14 +++ callbacks/find_author.php 3 Feb 2011 20:08:30 -0000 @@ -28,7 +28,7 @@ /* * .. then author is going to be added to a new submission */ - $exclude[$context->theuser->getFoundationID()] = $context->theuser->getFoundationID(); + $exclude[$context->theuser->getBugzillaUserID()] = $context->theuser->getBugzillaUserID(); /* * Figure out if we are finding a author or a assistant */ @@ -45,7 +45,7 @@ $exclude[$k] = $k; } }elseif( isset($_POST['role']) and isset($_POST['submission_id']) and - can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID()) ){ + can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID()) ){ /* * get all the authors on this talk * use this list to remove them from the list @@ -69,7 +69,7 @@ ?>
    - Search for people by their first or last name
    + Search for a person by their first or last name
    (already author)
    (already author)


    theconference->getConferenceID())."'"; + $query = "select BugzillaUserID from people_roles where role='registration_master' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); while($row = mysql_fetch_assoc($res)){ $exclude[$row['PersonID']] = $row['PersonID']; @@ -36,7 +36,7 @@ * Parse the search string with our search parser */ $keywords = full_text_keywords( $_POST['search'] ); - $searchable_fields = array('FName',"LName"); + $searchable_fields = array('realname'); $ands = array(); foreach( $keywords as $keyword ) { $pieces = array(); @@ -50,16 +50,12 @@ /* * Perform the query to find all the matching people */ - $query = "select - PersonID,FName,LName - from - People - where - " . + $query = "select /* find_people_for_conference_queen.php:53 */ userid AS BugzillaUserID, realname + from profiles + where " . implode( " AND ", $ands )." - order by LName,FName - "; - $res = foundation_sql($query); + order by realname"; + $res = bugzilla_sql($query); ?>
    No results found for ''
    (already selected)
    (already selected)


    theconference->getConferenceID())."'"; + $query = "select BugzillaUserID from people_roles where role='program_committee' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); while($row = mysql_fetch_assoc($res)){ - $exclude[$row['PersonID']] = $row['PersonID']; + $exclude[$row['BugzillaUserID']] = $row['BugzillaUserID']; } /* * Parse the search string with our search parser */ $keywords = full_text_keywords( $_POST['search'] ); - $searchable_fields = array('FName',"LName"); + $searchable_fields = array("realname"); $ands = array(); foreach( $keywords as $keyword ) { $pieces = array(); @@ -47,19 +47,12 @@ $ands[] = $str; } - /* - * Perform the query to find all the matching people - */ - $query = "select - PersonID,FName,LName - from - People - where - " . + $query = "select /* find_people_for_program_committee.php:50 */ userid AS BugzillaUserID, realname + from profiles + where " . implode( " AND ", $ands )." - order by LName,FName - "; - $res = foundation_sql($query); + order by realname"; + $res = bugzilla_sql($query); ?>
    No results found for ''
    (already selected)
    (already selected)


    theuser->getFoundationID() != $PersonID and !current_user_has_role("conference_chair")){ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_GET['PersonID'])) { + unset($_GET['PersonID']); +} +$BugzillaUserID = $_GET['PersonID']; + +if($context->theuser->getBugzillaUserID() != $BugzillaUserID and !current_user_has_role("conference_chair")){ /* * show their image */ ?> - + theuser->getPicture(); $picture = $picture['Picture']; @@ -51,7 +56,7 @@ /* * then try and caputre the new image */ - if(uploadNewImage($_FILES['image_path']['tmp_name'],$PersonID)){ + if(uploadNewImage($_FILES['image_path']['tmp_name'],$BugzillaUserID)){ $picture = true; }else{ /* @@ -66,7 +71,7 @@ if( ($picture == false || $_GET['upload_new_image'] == 'true') ){ if($picture != false){ - ?>backback

    - +

    @@ -90,9 +95,9 @@ * show their image */ ?> - +
    - Upload new Photo + Upload new Photo getImageCacheDir(); @@ -141,10 +146,12 @@ $bits = addslashes( $bits ); - $query = "update People$suffic set Picture_mime = '$mime', Picture = '...' where PersonID = '".addslashes($PersonID)."'"; + # Not sure what $suffic was for + # $query = "update People$suffic set Picture_mime = '$mime', Picture = '...' where PersonID = '".addslashes($PersonID)."'"; + $query = "REPLACE into people set PictureMime = '$mime', Picture = '...', BugzillaUserID = '".addslashes($BugzillaUserID)."'"; $query = str_replace( "...", $bits, $query ); - foundation_sql($query,$dbh); + conference_sql($query,$dbh); return true; } Index: callbacks/manage_cc_list.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/manage_cc_list.php,v retrieving revision 1.4 diff -u -r1.4 manage_cc_list.php --- callbacks/manage_cc_list.php 16 Nov 2009 20:38:18 -0000 1.4 +++ callbacks/manage_cc_list.php 3 Feb 2011 20:08:30 -0000 @@ -2,9 +2,10 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( false ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an string +if(!preg_match("/^[a-zA-Z0-9]+$/", $_POST['id'])) { + unset($_POST['id']); +} /* * Valid input: @@ -20,7 +21,7 @@ case 'category' : $queries['add'] = $query = "insert into watching_categories set - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', category_id = '".addslashes($_POST[id])."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts = now(); @@ -29,7 +30,7 @@ $queries['remove'] = $query = "delete from watching_categories where - PersonID = '".addslashes($context->theuser->getFoundationID())."' + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and category_id = '".addslashes($_POST[id])."' and @@ -39,7 +40,7 @@ case 'talk_tag' : $queries['add'] = $query = "insert into watching_tags set - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', tag_id = '".addslashes($_POST[id])."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts = now(); @@ -48,7 +49,7 @@ $queries['remove'] = $query = "delete from watching_tags where - PersonID = '".addslashes($context->theuser->getFoundationID())."' + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and tag_id = '".addslashes($_POST[id])."' and @@ -57,7 +58,7 @@ break; case 'type' : $queries['add'] = $query = "insert into watching_types set - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', type = '".addslashes($_POST[id])."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts = now(); @@ -66,7 +67,7 @@ $queries['remove'] = $query = "delete from watching_types where - PersonID = '".addslashes($context->theuser->getFoundationID())."' + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and type = '".addslashes($_POST[id])."' and @@ -75,7 +76,7 @@ break; case 'new_submission' : $queries['add'] = $query = "insert into watching_new_submissions set - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts = now(); "; @@ -83,14 +84,14 @@ $queries['remove'] = $query = "delete from watching_new_submissions where - PersonID = '".addslashes($context->theuser->getFoundationID())."' + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."' "; break; case 'everything' : $queries['add'] = $query = "insert into watching_everything set - PersonID = '".addslashes($context->theuser->getFoundationID())."', + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."', conference_id = '".addslashes($context->theconference->getConferenceID())."', ts = now(); "; @@ -98,7 +99,7 @@ $queries['remove'] = $query = "delete from watching_everything where - PersonID = '".addslashes($context->theuser->getFoundationID())."' + BugzillaUserID = '".addslashes($context->theuser->getBugzillaUserID())."' and conference_id = '".addslashes($context->theconference->getConferenceID())."' "; break; Index: callbacks/remove_conference_queen.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/remove_conference_queen.php,v retrieving revision 1.1 diff -u -r1.1 remove_conference_queen.php --- callbacks/remove_conference_queen.php 18 Nov 2009 22:50:47 -0000 1.1 +++ callbacks/remove_conference_queen.php 3 Feb 2011 20:08:30 -0000 @@ -2,18 +2,19 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( true ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_POST['PersonID'])) { + unset($_POST['PersonID']); +} /* * Check to see if the person accessing this page is the conference chair */ -if(!current_user_has_role("conference_chair")){ +if(!current_user_has_role("conference_chair") || !isset($_POST['PersonID'])){ /* * ..if not display a message and exit */ - ?>errortheconference->getConferenceID())."'"; +$query = "delete from people_roles where BugzillaUserID = '".addslashes($_POST['PersonID'])."' and role='registration_master' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); //$workflow->on_remove_program_committee($context,$_POST['PersonID']); Index: callbacks/remove_program_committee.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/remove_program_committee.php,v retrieving revision 1.3 diff -u -r1.3 remove_program_committee.php --- callbacks/remove_program_committee.php 28 Aug 2008 23:18:24 -0000 1.3 +++ callbacks/remove_program_committee.php 3 Feb 2011 20:08:30 -0000 @@ -2,18 +2,19 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( true ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_POST['PersonID'])) { + unset($_POST['PersonIDID']); +} /* * Check to see if the person accessing this page is the conference chair */ -if(!current_user_has_role("conference_chair")){ +if(!current_user_has_role("conference_chair") || !isset($_POST['PersonID'])){ /* * ..if not display a message and exit */ - ?>errortheconference->getConferenceID())."'"; +$query = "delete from people_roles where BugzillaUserID = '".addslashes($_POST['PersonID'])."' and role='program_committee' and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $workflow->on_remove_program_committee($context,$_POST['PersonID']); Index: callbacks/reoder_authors.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/reoder_authors.php,v retrieving revision 1.6 diff -u -r1.6 reoder_authors.php --- callbacks/reoder_authors.php 28 Aug 2008 22:30:19 -0000 1.6 +++ callbacks/reoder_authors.php 3 Feb 2011 20:08:30 -0000 @@ -2,9 +2,13 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( true ); -/* - * By the time we get, there is a user logged in. - */ +# sanitize - incoming should be an integer +if(!preg_match("/^[0-9]+$/", $_POST['PersonID'])) { + unset($_POST['PersonID']); +} +if(!preg_match("/^[0-9]+$/", $_POST['submission_id'])) { + unset($_POST['submission_id']); +} /* * Create a work flow object for processing submissions @@ -12,11 +16,11 @@ conference_require_once($GLOBALS['WORKFLOW_DIRECTORY']."talk_workflow.class.php"); $workflow = new talk_workflow(); -if( isset($_POST['action']) and isset($_POST['PersonID']) and isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getFoundationID())){ +if( isset($_POST['action']) and isset($_POST['PersonID']) and isset($_POST['submission_id']) and can_user_edit_submission($_POST['submission_id'],$context->theuser->getBugzillaUserID())){ /* * Get the 'current rank' of the author we are going to move */ - $query = "select rank from submission_authors where submission_id = '".addslashes($_POST['submission_id'])."' and PersonID = '".$_POST['PersonID']."'"; + $query = "select rank from submission_authors where submission_id = '".addslashes($_POST['submission_id'])."' and BugzillaUserID = '".$_POST['PersonID']."'"; $res = conference_sql($query); $tmp = mysql_fetch_assoc($res); $current_rank = $tmp['rank']; @@ -33,33 +37,21 @@ /* * set the current author with 'new rank' to the 'current rank' */ - $query = "update - submission_authors - set - rank = '".addslashes($current_rank)."' - where - submission_id = '".addslashes($_POST['submission_id'])."' - and - rank = '".addslashes($new_rank)."' - and - role='author' - "; + $query = "update /* reorder_authors.php:36 */ submission_authors + SET rank = '".addslashes($current_rank)."' + WHERE submission_id = '".addslashes($_POST['submission_id'])."' + AND rank = '".addslashes($new_rank)."' + AND role='author'"; $res = conference_sql($query); /* * set the author's rank to 'new rank' */ - $query = "update - submission_authors - set - rank = '".addslashes($new_rank)."' - where - submission_id = '".addslashes($_POST['submission_id'])."' - and - PersonID = '".addslashes($_POST['PersonID'])."' - and - role='author' - "; + $query = "update /* reorder_authors.php:46 */ submission_authors + SET rank = '".addslashes($new_rank)."' + WHERE submission_id = '".addslashes($_POST['submission_id'])."' + AND BugzillaUserID = '".addslashes($_POST['PersonID'])."' + and role='author'"; $res = conference_sql($query); /* Index: callbacks/show_image.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/callbacks/show_image.php,v retrieving revision 1.8 diff -u -r1.8 show_image.php --- callbacks/show_image.php 2 Mar 2009 22:44:56 -0000 1.8 +++ callbacks/show_image.php 3 Feb 2011 20:08:30 -0000 @@ -4,7 +4,6 @@ require_once( "../classes/external_entry_point.php"); // included for globals and disabled check, but not for context or login requirement external_entry( false ); } - if($context->devmode == false){ $image_cache_dir = $context->getImageCacheDir(); @@ -81,9 +80,9 @@ function getPictureFromDB(){ - $query = "select Picture,Picture_mime from People where PersonID = '".addslashes($_GET['PersonID'])."'"; + $query = "select Picture,PictureMime from people where BugzillaUserID = '".addslashes($_GET['PersonID'])."'"; - $result = foundation_sql( $query); + $result = conference_sql( $query); mysql_error_check(); /* * If the user has a photo Index: classes/auth-bugzilladb.class.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/classes/auth-bugzilladb.class.php,v retrieving revision 1.10 diff -u -r1.10 auth-bugzilladb.class.php --- classes/auth-bugzilladb.class.php 23 Aug 2010 19:38:15 -0000 1.10 +++ classes/auth-bugzilladb.class.php 3 Feb 2011 20:08:30 -0000 @@ -11,6 +11,7 @@ * Ward Cunningham - initial API and implementation * Karl Matthias - initial API and implementation, re-implemented for BZ 3.4 * Gabe O'Brien - reworking + * Denis Roy - eliminate link to foundation DB, only use BZ * *******************************************************************************/ require_once("functions.php"); @@ -29,8 +30,8 @@ } if($email != "" && $password != "") { - if (eregi('^[a-zA-Z0-9._+-]+@[a-zA-Z0-9._-]+\.[a-zA-Z.]{2,5}$', $email)) { - $result = bugzilla_sql("SELECT realname, login_name, cryptpassword FROM profiles + if (preg_match('/^[a-zA-Z0-9._+-]+@[a-zA-Z0-9._-]+\.[a-zA-Z.]{2,5}$/', $email)) { + $result = bugzilla_sql("SELECT userid, realname, login_name, cryptpassword FROM profiles WHERE login_name = '$email' AND disabledtext = '' "); Index: classes/conference.class.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/classes/conference.class.php,v retrieving revision 1.8 diff -u -r1.8 conference.class.php --- classes/conference.class.php 17 Nov 2010 15:31:49 -0000 1.8 +++ classes/conference.class.php 3 Feb 2011 20:08:30 -0000 @@ -92,17 +92,17 @@ break; } } - ?>devmode) { if($password == '' && (preg_match('/^\S+@\S+\.\S{2,3}$/', $user))) { return true; Index: classes/functions.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/classes/functions.php,v retrieving revision 1.151 diff -u -r1.151 functions.php --- classes/functions.php 21 Dec 2010 19:08:19 -0000 1.151 +++ classes/functions.php 3 Feb 2011 20:08:30 -0000 @@ -95,6 +95,13 @@ } } + +function php_backtrace() { + echo "
    ";
+	debug_print_backtrace();
+	echo "
    "; exit; +} + // MySQL wrapper function for keeping backtrace information function mysql_remember_query ($statement, $dbh, $logstring = null) { global $query_btrace; @@ -160,7 +167,7 @@ $dbh = $context->database( $dbname ); $statement = str_replace ('%NOW%', $context->now(), $statement); - $statement = str_replace ('%USER%', $context->theuser->getFoundationID() , $statement); + $statement = str_replace ('%USER%', $context->theuser->getBugzillaUserID() , $statement); $result = mysql_remember_query ($statement, $dbh); if( $do_error_check ) mysql_error_check(); @@ -796,11 +803,11 @@ echo $context->theuser->user_email(); } ?> / - logout + Log out
    theuser->getFoundationID()){ + if($person['PersonID'] == $context->theuser->getBugzillaUserID()){ /* * ... then we will show the status of all the speaker signing */ @@ -1008,17 +1015,14 @@ $auths = get_authors_on_a_submission($submission_id); $assistans = get_authors_on_a_submission($submission_id,'assistant'); $is_assistant = false;//in_array($context->theuser->getFoundationID(),array_keys($assistans)); - - $style = ""; + $style = 'border-bottom: 1px dotted grey; padding-bottom: 7px;'; foreach($auths as $author){ ?>
    - + Author:
    +
    theuser->getFoundationID() ) ) { + if( can_user_edit_submission($sub['submission_id'],$context->theuser->getBugzillaUserID() ) ) { /* * .. then show an 'edit submission' button to allow the to make modify the talk */ @@ -1598,11 +1602,9 @@ function get_tags_for_submission($submission_id,$limiter){ global $context; - $PersonID = $context->theuser->getFoundationID(); + $PersonID = $context->theuser->getBugzillaUserID(); - $query = "select - tags.tag, - tags.tag_id + $query = "select /* functions.php:get_tags_for_submission() */ tags.tag, tags.tag_id from tags, submission_tags @@ -1612,9 +1614,7 @@ submission_id = '".addslashes($submission_id)."' and tags.limiter_type = '".addslashes($limiter)."' - order by - tag - "; + order by tag"; $res = conference_sql($query); $tags = array(); @@ -1641,33 +1641,28 @@ } } -function show_a_user_bio($PersonID, $allow_edit = false){ +function show_a_user_bio($BugzillaUserID, $allow_edit = false){ global $context; /* * If this bio is for the current users */ - if($PersonID == $context->theuser->getFoundationID() or $allow_edit){ + if($BugzillaUserID == $context->theuser->getBugzillaUserID() or $allow_edit){ /* * ...show an 'edit bio' button to allow the to make changes to their bio */ ?>
    -
    theconference->getConferenceID())." - "; +$query = "select /* functions.php:show_a_user_bio() */ bio + FROM speakers + WHERE BugzillaUserID = '".addslashes($BugzillaUserID)."' + AND conference_id = ".addslashes($context->theconference->getConferenceID()); $res = conference_sql($query); $bio = mysql_fetch_assoc($res); @@ -1675,7 +1670,7 @@ echo $bio['bio']; }else{ ?> -no bio provided. +No bio provided. @@ -1714,14 +1709,10 @@ return $submission[$subid]; } - $query = "select - * - from - submissions - where - submission_id = '".addslashes($subid)."' - and - conference_id = ".addslashes($context->theconference->getConferenceID())." + $query = "SELECT /* functions.php:get_submission_details() */ * + FROM submissions + WHERE submission_id = '".addslashes($subid)."' + AND conference_id = ".addslashes($context->theconference->getConferenceID())." "; $res = conference_sql($query); $found = mysql_fetch_assoc($res); @@ -1852,53 +1843,42 @@ * in the cache), then look them up and cache them */ if( count($unknowns) > 0 ) { - $sql = "select PersonID, FName, LName,Email from People where PersonID in ('" . implode("','",$unknowns) . "')"; - $result = foundation_sql($sql); + $sql = "select /* functions.php:get_people_information().1 */ userid AS BugzillaUserID, realname, login_name from profiles where userid in ('" . implode("','",$unknowns) . "')"; + $result = bugzilla_sql($sql); $people = array(); while( $row = mysql_fetch_assoc($result) ) { /* * gather the speaker information for this person */ - $query = "select - * - from - speakers - where - PersonID = '".addslashes($row['PersonID'])."' - and - conference_id = '".addslashes($context->theconference->getConferenceID())."' - "; + $query = "select /* functions.php:get_people_information().2 */ * + FROM speakers + WHERE BugzillaUserID = '".addslashes($row['BugzillaUserID'])."' + AND conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $speaker_res = conference_sql($query); $speaker = mysql_fetch_assoc($speaker_res); $p = array(); - $p['name'] = $row['FName'] . ' ' . $row['LName']; - $p['first'] = $row['FName']; - $p['last'] = $row['LName']; - $p['email'] = $row['Email']; - $p['PersonID'] = $row['PersonID']; + $p['name'] = $row['realname']; + $names = split_full_name($row['realname']); + $p['first'] = $names['FName']; + $p['last'] = $names['LName']; + $p['email'] = $row['login_name']; + $p['PersonID'] = $row['BugzillaUserID']; + $p['BugzillaUserID'] = $row['BugzillaUserID']; $p['signed_speaker_agreement'] = $speaker['signed_speaker_agreement']; /* - * find company affiliation + * TODO: find company affiliation */ - $sql = "select Organizations.Name1 from Organizations,OrganizationContacts where OrganizationContacts.PersonID = '".addslashes($row['PersonID'])."' and OrganizationContacts.Relation = 'EMPLY' and Organizations.OrganizationID = OrganizationContacts.OrganizationID"; + $sql = "select /* functions.php:get_people_information().3 */ Organizations.Name1 from Organizations,OrganizationContacts where OrganizationContacts.PersonID = '".addslashes($row['PersonID'])."' and OrganizationContacts.Relation = 'EMPLY' and Organizations.OrganizationID = OrganizationContacts.OrganizationID"; $rescomp = foundation_sql($sql); if($company = mysql_fetch_assoc($rescomp)){ $p['company'] = $company['Name1']; } - /* - * bad bad bad hack - * - */ - if($p['company'] == "Innoopract"){ - $p['company'] = "EclipseSource"; - } - - $rtrn[$row['PersonID']] = $p; - $known_people[$row['PersonID']] = $p; + $rtrn[$row['BugzillaUserID']] = $p; + $known_people[$row['BugzillaUserID']] = $p; } } /* @@ -1943,27 +1923,26 @@ $invited[$k] = array('email'=> $auth); } } - for($i=0; $i < count($authors); $i++){ $person = $authors[$i]; - ?>
  • - + ?>
  • + theuser->getFoundationID()){ + if($person['BugzillaUserID'] == $context->theuser->getBugzillaUserID()){ if(preg_match("/assistant/",$role)){ /* * .. then show the 'become author' option */ - echo "become author"; + echo "become author"; } if(preg_match("/author/",$role)){ /* * .. then show the 'become assistant' option */ - echo "become assistant"; + echo "become assistant"; } } @@ -1977,7 +1956,7 @@ * .. show the remove icon */ ?> - ,'',''); return false;"> -
    +
    -
    +
    theconference->getConferenceID())."' - "; + $query = "select /* functions.php:get_program_committee() */ * + FROM people_roles + WHERE role='program_committee' + AND conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $personids = array(); while($row = mysql_fetch_assoc($res) ){ - $personids[] = $row['PersonID']; + $personids[] = $row['BugzillaUserID']; } return $personids; } @@ -2148,8 +2122,8 @@ foreach($pc as $PersonID){ $person = get_people_information($PersonID); - ?>

  •    () @@ -2164,8 +2138,8 @@ foreach($queens as $PersonID){ $person = get_people_information($PersonID); - ?>

  •    () @@ -2176,19 +2150,14 @@ function get_conference_queens(){ global $context; - $query = "select - * - from - people_roles - where - role='registration_master' - and - conference_id = '".addslashes($context->theconference->getConferenceID())."' - "; + $query = "select /* functions.php:show_conference_queen_list() */ * + FROM people_roles + WHERE role='registration_master' + and conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $personids = array(); while($row = mysql_fetch_assoc($res) ){ - $personids[] = $row['PersonID']; + $personids[] = $row['BugzillaUserID']; } return $personids; } @@ -2224,13 +2193,10 @@ if(!isset($roles[$role][$context->theconference->getConferenceID()])){ $roles[$role][$context->theconference->getConferenceID()] = false; - $query = "select * from people_roles where - PersonID = '".addslashes($context->theuser->getFoundationID())."' - and - role = '".addslashes($role)."' - and - conference_id = '".addslashes($context->theconference->getConferenceID())."' - "; + $query = "SELECT /* functions.php:current_user_has_role() */ * FROM people_roles + WHERE BugzillaUserID = '" . $context->theuser->getBugzillaUserID() . "' + AND role = '".addslashes($role)."' + AND conference_id = '".addslashes($context->theconference->getConferenceID()) . "'"; $res = conference_sql($query); if(mysql_num_rows($res) == 1){ @@ -2251,32 +2217,23 @@ $people_to_email = $PersonIDs; /* - * Find all the users watching everything + * Find all the users watching everything and on the CC list for this talk */ - $query = "select PersonID from watching_everything where conference_id = '".$context->theconference->getConferenceID()."'"; + $query = "select /* functions.php:get_people_info_for_a_submission().1 */ BugzillaUserID from watching_everything where conference_id = '".$context->theconference->getConferenceID()."' + UNION + SELECT BugzillaUserID from watching_submissions where submission_id = '".addslashes($submission_id)."' and conference_id = '".$context->theconference->getConferenceID()."'"; $res = conference_sql($query); while($pid = mysql_fetch_assoc($res)){ - $people_to_email[] = $pid['PersonID']; + $people_to_email[] = $pid['BugzillaUserID']; } - /* - * Find all the users who are on the CC list for this talk - */ - $query = "select PersonID from watching_submissions where submission_id = '".addslashes($submission_id)."' and conference_id = '".$context->theconference->getConferenceID()."'"; - $res = conference_sql($query); - while($pid = mysql_fetch_assoc($res)){ - $people_to_email[] = $pid['PersonID']; - } /* * Find all the people who are watching the category for this talk */ - $query = "select - PersonID - from - submissions, - categories, - watching_categories + $query = "select /* functions.php:get_people_info_for_a_submission().2 */ + BugzillaUserID + FROM submissions, categories, watching_categories where submissions.submission_id = '".addslashes($submission_id)."' and @@ -2288,14 +2245,14 @@ "; $res = conference_sql($query); while($pid = mysql_fetch_assoc($res)){ - $people_to_email[] = $pid['PersonID']; + $people_to_email[] = $pid['BugzilllaUserID']; } /* * Find all the people who are watching the type for this talk */ $query = "select - PersonID + BugzillaUserID from submissions, watching_types @@ -2308,22 +2265,21 @@ "; $res = conference_sql($query); while($pid = mysql_fetch_assoc($res)){ - $people_to_email[] = $pid['PersonID']; + $people_to_email[] = $pid['BugzillaUserID']; } /* * Add authors/assistants to the list of people to email */ - $query = "select PersonID from submission_authors where submission_id = '".addslashes($submission_id)."' and role in ('author','assistant')"; + $query = "select BugzillaUserID from submission_authors where submission_id = '".addslashes($submission_id)."' and role in ('author','assistant')"; $res = conference_sql($query); while($person = mysql_fetch_assoc($res)){ - $people_to_email[] = $person['PersonID']; + $people_to_email[] = $person['BugzillaUserID']; } /* * Remove any duplicate people from the list */ $people_to_email = array_unique($people_to_email); - /* * Get all the peoples names and email addresses */ @@ -2396,21 +2352,16 @@ function get_registration_master_email_address(){ global $context; - $query = "select - PersonID - from - people_roles - where - people_roles.role = 'registration_master' - and - people_roles.conference_id = '".addslashes($context->theconference->getConferenceID())."' - "; + $query = "select /* functions.php:get_registration_master_email_address() */ BugzillaUserID + FROM people_roles + WHERE people_roles.role = 'registration_master' + AND people_roles.conference_id = '".addslashes($context->theconference->getConferenceID())."'"; $res = conference_sql($query); $reg_masters = array(); if(mysql_num_rows($res) > 0){ $person = mysql_fetch_assoc($res); - $person = get_people_information($person['PersonID']); + $person = get_people_information($person['BugzillaUserID']); $reg_masters[] = $person['email']; } @@ -2433,7 +2384,7 @@ $reg_masters = array(); if(mysql_num_rows($res) > 0){ $person = mysql_fetch_assoc($res); - $person = get_people_information($person['PersonID']); + $person = get_people_information($person['BugzillaUserID']); $reg_masters[] = $person['email']; } @@ -2521,21 +2472,15 @@ /* * Get all the information about all the authors on this submission */ - $query = "SELECT - submission_id,PersonID,role,rank - from - submission_authors - where - submission_authors.submission_id in ('".implode("','",$no_cache)."') - and - role in ('author','assistant') - order by - rank asc - "; + $query = "SELECT /* functions.php:get_authors_on_a_submission() */ submission_id, PersonID, BugzillaUserID, role, rank + FROM submission_authors + WHERE submission_id in ('".implode("','",$no_cache)."') + AND role IN ('author','assistant') + order by rank asc"; $res = conference_sql($query); while($row = mysql_fetch_assoc($res)){ - $submissions[$row['submission_id']]['role'][$row['role']][] = $row['PersonID']; + $submissions[$row['submission_id']]['role'][$row['role']][] = $row['BugzillaUserID']; } } @@ -2660,41 +2605,31 @@ } -function get_speakers_accepted_submissions($PersonID){ - global $context; - static $people = array(); - - if(isset($people[$PersonID])){ - return $people[$PersonID]; - } - - /* - * find all the accepted talks the specified user is a speaker on - */ - $query = "select - * - from - submissions, - submission_authors - where - submissions.submission_id = submission_authors.submission_id - and - PersonID = '".addslashes($PersonID)."' - and - submissions.conference_id = '".addslashes($context->theconference->getConferenceID())."' - and - status = 'accepted' - and - submission_authors.role = 'author' - order by submissions.submission_id - "; - - $res = conference_sql($query); +function get_speakers_accepted_submissions($BugzillaUserID){ $subs = array(); - while($row = mysql_fetch_assoc($res)){ - $subs[$row['submission_id']] = $row; + if(preg_match("/^[0-9]+$/", $BugzillaUserID)) { + global $context; + static $people = array(); + + if(isset($people[$PersonID])){ + return $people[$PersonID]; + } + + /* + * find all the accepted talks the specified user is a speaker on + */ + $query = "select /* functions.php:get_speakers_accepted_submissions() */ * FROM submissions AS S + INNER JOIN submission_authors AS A ON A.submission_id = S.submission_id + WHERE A.BugzillaUserID = ". mysql_real_escape_string($BugzillaUserID) . " + AND S.conference_id = '".mysql_real_escape_string($context->theconference->getConferenceID())."' + and status = 'accepted' and A.role = 'author' order by S.submission_id"; + + $res = conference_sql($query); + while($row = mysql_fetch_assoc($res)){ + $subs[$row['submission_id']] = $row; + } + $people[$PersonID] = $subs; } - $people[$PersonID] = $subs; return $subs; } Index: classes/search_functions.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/classes/search_functions.php,v retrieving revision 1.26 diff -u -r1.26 search_functions.php --- classes/search_functions.php 9 Sep 2010 20:04:02 -0000 1.26 +++ classes/search_functions.php 3 Feb 2011 20:08:30 -0000 @@ -254,7 +254,7 @@ array_pop($filters['keywords']); } - if($context->theuser->getFoundationID() == $_GET['PersonID'] or current_user_has_role("conference_chair") or current_user_has_role("program_committee") or current_user_has_role("registration_master") ){ + if($context->theuser->getBugzillaUserID() == $_GET['PersonID'] or current_user_has_role("conference_chair") or current_user_has_role("program_committee") or current_user_has_role("registration_master") ){ return $filters; }else{ /* Index: classes/user.class.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/classes/user.class.php,v retrieving revision 1.16 diff -u -r1.16 user.class.php --- classes/user.class.php 24 Aug 2010 14:59:12 -0000 1.16 +++ classes/user.class.php 3 Feb 2011 20:08:30 -0000 @@ -14,7 +14,7 @@ require_once( $GLOBALS['CLASSES_DIRECTORY'] . "functions.php" ); class user { - public $user_id; + public $user_id; // email address public $first_name; public $last_name; public $full_name; @@ -22,7 +22,8 @@ public $email_addresses; public $is_committer; public $PersonID; - public $bugzilla_id; + public $bugzilla_id; // also the email address + public $bugzilla_userid; // integer... bugs.profiles.userid public $unknown_from_address = 'portal-noreply@eclipse.org'; @@ -49,19 +50,19 @@ //CHECK IF BUGZILLA EMAIL MATCHES THE PRIMARY FOUNDATION EMAIL ADDRESS //FOR SERCURITY REASONS NEVER MATCH ON ANY EMAIL BUT THE PRIMARY FOUNDATION EMAIL $this->foundation_login = false; - $query = "SELECT PersonID FROM People WHERE EMail = '" . addslashes($this->primary_email) . "'"; - $res = foundation_sql($query); + #$query = "SELECT PersonID FROM People WHERE EMail = '" . addslashes($this->primary_email) . "'"; + #$res = foundation_sql($query); - if($row = mysql_fetch_assoc($res)){ - $this->getUserInfoFromFoundationID($row['PersonID']); - } + #if($row = mysql_fetch_assoc($res)){ + # $this->getUserInfoFromFoundationID($row['PersonID']); + #} } - if($this->getUserInfoFromFoundationID($user_id)){ + #if($this->getUserInfoFromFoundationID($user_id)){ //CHECK IF THE PRIMARY FOUNDATION EMAIL ADDRESS MATCHES A BUGZILLA EMAIL //FOR SERCURITY REASONS NEVER MATCH ON ANY EMAIL BUT THE PRIMARY FOUNDATION EMAIL - $this->getUserInfoFromBugzillaID($this->primary_email); - } + # $this->getUserInfoFromBugzillaID($this->primary_email); + #} /* Check to see if the speaker has been created for this conference * If not the ceate one in the conference database @@ -71,18 +72,16 @@ } } + function getBugzillaUserID() { + return $this->bugzilla_userid; + } + function getSpeakerInfo(){ global $context; if(!isset($this->speakerinfo)){ - $query = "select - * - from - speakers - where - conference_id = ".$context->theconference->getConferenceID()." - and - PersonID = '".$this->getFoundationID(true)."' - "; + $query = "SELECT /* user.class.php:getSpeakerInfo*/ * from speakers + where conference_id = ".$context->theconference->getConferenceID()." + and BugzillaUserID = ".$this->getBugzillaUserID(); $res = conference_sql($query); $speaker = mysql_fetch_assoc($res); if(empty($speaker)){ @@ -180,6 +179,7 @@ public function getFoundationID($force_creation_if_use_is_nobdoy = false){ + php_backtrace(); if (isset($this->PersonID)) { return $this->PersonID; } else { @@ -284,6 +284,7 @@ $this->last_name = $names['LName']; $this->addEmail($row['login_name']); $this->bugzilla_id = $user_id; + $this->bugzilla_userid = $row['userid']; $this->bugzilla_login = true; return true; } @@ -291,29 +292,31 @@ } private function getUserInfoFromFoundationID($user_id){ + # We're not doing this anymore. if(check_bugzilla_profiles_table_exists() === false){ return false; } - $query = "select * from People where PersonID = '".addslashes($user_id)."'"; - $res = foundation_sql($query); - if(mysql_num_rows($res)){ - $row = mysql_fetch_assoc($res); - $this->first_name = $row['FName']; - $this->last_name = $row['LName']; - $this->full_name = $this->first_name." ".$this->last_name; - $this->addEmail($row['EMail']); - //TODO - CONFIRM IF THEIR PRIMAMRY SHOULD BE FOUNDATION IN A CASES (IE BUGZILLA LOGIN) - $this->primary_email = $row['EMail']; - $this->PersonID = $user_id; - $this->foundation_login = true; + #$query = "select * from People where PersonID = '".addslashes($user_id)."'"; + #$res = foundation_sql($query); + #if(mysql_num_rows($res)){ + # $row = mysql_fetch_assoc($res); + # $this->first_name = $row['FName']; + # $this->last_name = $row['LName']; +# $this->full_name = $this->first_name." ".$this->last_name; +# $this->addEmail($row['EMail']); + # //TODO - CONFIRM IF THEIR PRIMAMRY SHOULD BE FOUNDATION IN A CASES (IE BUGZILLA LOGIN) + #$this->primary_email = $row['EMail']; + #$this->PersonID = $user_id; + # $this->foundation_login = true; return true; - } - return false; + #} + #return false; } public function makeFoundationID($fname, $lname, $email) { + php_backtrace(); $salt = ''; // Create Foundation DB ID and make sure it's unique if(strlen($lname) > 0) { @@ -362,8 +365,8 @@ } function getPicture(){ - $sql = "SELECT Picture FROM People WHERE PersonID = '".$this->PersonID."'"; - $res = foundation_sql($sql); + $sql = "SELECT Picture FROM people WHERE BugzillaUserID = '".$this->bugzilla_userid."'"; + $res = conference_sql($sql); $row = mysql_fetch_assoc($res); if($row['Picture'] != ""){ return $row['Picture']; Index: conferences/2011/fragments/header.php =================================================================== RCS file: /cvsroot/technology/org.eclipse.dash/submissions/conferences/2011/fragments/header.php,v retrieving revision 1.1 diff -u -r1.1 header.php --- conferences/2011/fragments/header.php 6 Oct 2010 00:44:55 -0000 1.1 +++ conferences/2011/fragments/header.php 3 Feb 2011 20:08:30 -0000 @@ -25,7 +25,7 @@
    • -
    +