CVE-2011-3357

@@ -20,34 +20,15 @@
 	 * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
 	 * @link http://www.mantisbt.org
 	 */
-	 /**
-	  * MantisBT Core API's
-	  */
-	require_once( 'core.php' );
 
+	require_once( 'core.php' );
 	require_once( 'bug_group_action_api.php' );
 
-	auth_ensure_user_authenticated();
-
-	$f_action = gpc_get_string( 'action' );
-	$f_bug_arr = gpc_get_int_array( 'bug_arr', array() );
-
-	# redirect to view issues if nothing is selected
-	if ( is_blank( $f_action ) || ( 0 == count( $f_bug_arr ) ) ) {
-		print_header_redirect( 'view_all_bug_page.php' );
-	}
-
-  # redirect to view issues page if action doesn't have ext_* prefix.
-  # This should only occur if this page is called directly.
-	$t_external_action_prefix = 'EXT_';
-	if ( strpos( $f_action, $t_external_action_prefix ) !== 0 ) {
-		print_header_redirect( 'view_all_bug_page.php' );
-  }
-
 	$t_external_action = utf8_strtolower( utf8_substr( $f_action, utf8_strlen( $t_external_action_prefix ) ) );
-	$t_form_fields_page = 'bug_actiongroup_' . $t_external_action . '_inc.php';
 	$t_form_name = 'bug_actiongroup_' . $t_external_action;
 
+	bug_group_action_init( $t_external_action );
+
 	bug_group_action_print_top();
 ?>
 

@@ -35,12 +35,11 @@
 	$f_action = gpc_get_string( 'action' );
 	$f_bug_arr	= gpc_get_int_array( 'bug_arr', array() );
 
-	$t_action_include_file = 'bug_actiongroup_' . $f_action . '_inc.php';
 	$t_form_name = 'bug_actiongroup_' . $f_action;
 
 	form_security_validate( $t_form_name );
 
-	require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . $t_action_include_file );
+	bug_group_action_init( $f_action );
 
 	# group bugs by project
 	$t_projects_bugs = array();

@@ -42,6 +42,7 @@
 	# run through the issues to see if they are all from one project
 	$t_project_id = ALL_PROJECTS;
 	$t_multiple_projects = false;
+	$t_projects = array();
 
 	bug_cache_array_rows( $f_bug_arr );
 
@@ -52,11 +53,13 @@
 				$t_multiple_projects = true;
 			} else {
 				$t_project_id = $t_bug->project_id;
+				$t_projects[$t_project_id] = $t_project_id;
 			}
 		}
 	}
 	if ( $t_multiple_projects ) {
 		$t_project_id = ALL_PROJECTS;
+		$t_projects[ALL_PROJECTS] = ALL_PROJECTS;
 	}
 	# override the project if necessary
 	if( $t_project_id != helper_get_current_project() ) {

@@ -22,6 +22,25 @@
  *	@subpackage BugGroupActionAPI
  */
 
+/**
+ * Initialise bug action group api
+ */
+function bug_group_action_init( $p_action ) {
+	$t_valid_actions = bug_group_action_get_commands( current_user_get_accessible_projects() );
+	$t_action = strtoupper( $p_action );
+
+	if ( !isset( $t_valid_actions[$t_action] ) && !isset ( $t_valid_actions['EXT_' . $t_action] ) ) {
+		trigger_error( ERROR_GENERIC, ERROR );
+	}
+
+	$t_include_file = config_get_global( 'absolute_path' ) . 'bug_actiongroup_' . $p_action . '_inc.php';
+	if ( !file_exists( $t_include_file ) ) {
+		trigger_error( ERROR_GENERIC, ERROR );
+	} else {
+		require_once( $t_include_file );
+	}
+}
+
 /**
  * Print the top part for the bug action group page.
  */
@@ -94,7 +113,6 @@ function bug_group_action_print_hidden_fields( $p_bug_ids_array ) {
  * @param $p_action   The custom action name without the "EXT_" prefix.
  */
 function bug_group_action_print_action_fields( $p_action ) {
-	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_print_fields';
 	$t_function_name();
 }
@@ -106,7 +124,6 @@ function bug_group_action_print_action_fields( $p_action ) {
  * @param $p_action   The custom action name without the "EXT_" prefix.
  */
 function bug_group_action_print_title( $p_action ) {
-	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_print_title';
 	$t_function_name();
 }
@@ -121,7 +138,6 @@ function bug_group_action_print_title( $p_action ) {
  * @returns true|array true if action can be applied or array of ( bug_id => reason for failure to validate )
  */
 function bug_group_action_validate( $p_action, $p_bug_id ) {
-	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_validate';
 	return $t_function_name( $p_bug_id );
 }
@@ -136,7 +152,6 @@ function bug_group_action_validate( $p_action, $p_bug_id ) {
  * @returns true|array Action can be applied., ( bug_id => reason for failure to process )
  */
 function bug_group_action_process( $p_action, $p_bug_id ) {
-	require_once( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'bug_actiongroup_' . $p_action . '_inc.php' );
 	$t_function_name = 'action_' . $p_action . '_process';
 	return $t_function_name( $p_bug_id );
 }

@@ -155,3 +155,139 @@ function bug_group_action_process( $p_action, $p_bug_id ) {
 	$t_function_name = 'action_' . $p_action . '_process';
 	return $t_function_name( $p_bug_id );
 }
+
+/**
+ * Get a list of bug group actions available to the current user for one or
+ * more projects.
+ * @param array $p_projects An array containing one or more project IDs
+ * @return null
+ */
+function bug_group_action_get_commands( $p_project_ids = null ) {
+	if ( $p_project_ids === null || count( $p_project_ids ) == 0 ) {
+		$p_project_ids = array( ALL_PROJECTS );
+	}
+
+	$t_commands = array();
+	foreach( $p_project_ids as $t_project_id ) {
+
+		if( !isset( $t_commands['MOVE'] ) &&
+			access_has_project_level( config_get( 'move_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['MOVE'] = lang_get( 'actiongroup_menu_move' );
+		}
+
+		if( !isset( $t_commands['COPY'] ) &&
+			access_has_any_project( config_get( 'report_bug_threshold', null, null, $t_project_id ) ) ) {
+			$t_commands['COPY'] = lang_get( 'actiongroup_menu_copy' );
+		}
+
+		if( !isset( $t_commands['ASSIGN'] ) &&
+			access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			if( ON == config_get( 'auto_set_status_to_assigned', null, null, $t_project_id ) &&
+				access_has_project_level( access_get_status_threshold( config_get( 'bug_assigned_status', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
+				$t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
+			} else {
+				$t_commands['ASSIGN'] = lang_get( 'actiongroup_menu_assign' );
+			}
+		}
+
+		if( !isset( $t_commands['CLOSE'] ) &&
+			access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
+			( access_has_project_level( access_get_status_threshold( config_get( 'bug_closed_status_threshold', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ||
+				access_has_project_level( config_get( 'allow_reporter_close', null, null, $t_project_id ), $t_project_id ) ) ) {
+			$t_commands['CLOSE'] = lang_get( 'actiongroup_menu_close' );
+		}
+
+		if( !isset( $t_commands['DELETE'] ) &&
+			access_has_project_level( config_get( 'delete_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['DELETE'] = lang_get( 'actiongroup_menu_delete' );
+		}
+
+		if( !isset( $t_commands['RESOLVE'] ) &&
+			access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) &&
+			access_has_project_level( access_get_status_threshold( config_get( 'bug_resolved_status_threshold', null, null, $t_project_id ), $t_project_id ), $t_project_id ) ) {
+			$t_commands['RESOLVE'] = lang_get( 'actiongroup_menu_resolve' );
+		}
+
+		if( !isset( $t_commands['SET_STICKY'] ) &&
+			access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['SET_STICKY'] = lang_get( 'actiongroup_menu_set_sticky' );
+		}
+
+		if( !isset( $t_commands['UP_PRIOR'] ) &&
+			access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['UP_PRIOR'] = lang_get( 'actiongroup_menu_update_priority' );
+		}
+
+		if( !isset( $t_commands['EXT_UPDATE_SEVERITY'] ) &&
+			access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['EXT_UPDATE_SEVERITY'] = lang_get( 'actiongroup_menu_update_severity' );
+		}
+
+		if( !isset( $t_commands['UP_STATUS'] ) &&
+			access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['UP_STATUS'] = lang_get( 'actiongroup_menu_update_status' );
+		}
+
+		if( !isset( $t_commands['UP_CATEGORY'] ) &&
+			access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['UP_CATEGORY'] = lang_get( 'actiongroup_menu_update_category' );
+		}
+
+		if( !isset( $t_commands['VIEW_STATUS'] ) &&
+			access_has_project_level( config_get( 'change_view_status_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['VIEW_STATUS'] = lang_get( 'actiongroup_menu_update_view_status' );
+		}
+
+		if( !isset( $t_commands['EXT_UPDATE_PRODUCT_BUILD'] ) &&
+			config_get( 'enable_product_build', null, null, $t_project_id ) == ON &&
+			access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['EXT_UPDATE_PRODUCT_BUILD'] = lang_get( 'actiongroup_menu_update_product_build' );
+		}
+
+		if( !isset( $t_commands['EXT_ADD_NOTE'] ) &&
+			access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['EXT_ADD_NOTE'] = lang_get( 'actiongroup_menu_add_note' );
+		}
+
+		if( !isset( $t_commands['EXT_ATTACH_TAGS'] ) &&
+			access_has_project_level( config_get( 'tag_attach_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['EXT_ATTACH_TAGS'] = lang_get( 'actiongroup_menu_attach_tags' );
+		}
+
+		if( !isset( $t_commands['UP_FIXED_IN_VERSION'] ) &&
+			version_should_show_product_version( $t_project_id ) &&
+			access_has_project_level( config_get( 'update_bug_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
+		}
+
+		if( !isset( $t_commands['UP_TARGET_VERSION'] ) &&
+			version_should_show_product_version( $t_project_id ) &&
+			access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $t_project_id ), $t_project_id ) ) {
+			$t_commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
+		}
+
+		$t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
+		foreach( $t_custom_field_ids as $t_custom_field_id ) {
+			if( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id ) ) {
+				continue;
+			}
+			$t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
+			$t_command_id = 'custom_field_' . $t_custom_field_id;
+			$t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
+			$t_commands[$t_command_id] = string_display( $t_command_caption );
+		}
+	}
+
+	$t_custom_group_actions = config_get( 'custom_group_actions' );
+
+	foreach( $t_custom_group_actions as $t_custom_group_action ) {
+		# use label if provided to get the localized text, otherwise fallback to action name.
+		if( isset( $t_custom_group_action['label'] ) ) {
+			$t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
+		} else {
+			$t_commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
+		}
+	}
+
+	return $t_commands;
+}

@@ -836,11 +836,24 @@ function print_column_title_overdue( $p_sort, $p_dir, $p_columns_target = COLUMN
  * @access public
  */
 function print_column_selection( $p_bug, $p_columns_target = COLUMNS_TARGET_VIEW_PAGE ) {
-	global $t_checkboxes_exist, $t_update_bug_threshold;
+	global $g_checkboxes_exist;
 
 	echo '<td>';
-	if( access_has_bug_level( $t_update_bug_threshold, $p_bug->id ) ) {
-		$t_checkboxes_exist = true;
+	if( access_has_any_project( config_get( 'report_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		# !TODO: check if any other projects actually exist for the bug to be moved to
+		access_has_project_level( config_get( 'move_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		# !TODO: factor in $g_auto_set_status_to_assigned == ON
+		access_has_project_level( config_get( 'update_bug_assign_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'update_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'delete_bug_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		# !TODO: check to see if the bug actually has any different selectable workflow states
+		access_has_project_level( config_get( 'update_bug_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'set_bug_sticky_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'change_view_status_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'add_bugnote_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'tag_attach_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ||
+		access_has_project_level( config_get( 'roadmap_update_threshold', null, null, $p_bug->project_id ), $p_bug->project_id ) ) {
+		$g_checkboxes_exist = true;
 		printf( "<input type=\"checkbox\" name=\"bug_arr[]\" value=\"%d\" />", $p_bug->id );
 	} else {
 		echo "&#160;";

@@ -48,6 +48,8 @@
  */
 require_once( 'file_api.php' );
 
+require_once( 'bug_group_action_api.php' );
+
 # --------------------
 # Print the headers to cause the page to redirect to $p_url
 # If $p_die is true (default), terminate the execution of the script
@@ -945,68 +947,16 @@ function print_language_option_list( $p_language ) {
 	}
 }
 
-# @@@ preliminary support for multiple bug actions.
-function print_all_bug_action_option_list() {
-	$commands = array(
-		'MOVE' => lang_get( 'actiongroup_menu_move' ),
-		'COPY' => lang_get( 'actiongroup_menu_copy' ),
-		'ASSIGN' => lang_get( 'actiongroup_menu_assign' ),
-		'CLOSE' => lang_get( 'actiongroup_menu_close' ),
-		'DELETE' => lang_get( 'actiongroup_menu_delete' ),
-		'RESOLVE' => lang_get( 'actiongroup_menu_resolve' ),
-		'SET_STICKY' => lang_get( 'actiongroup_menu_set_sticky' ),
-		'UP_PRIOR' => lang_get( 'actiongroup_menu_update_priority' ),
-		'EXT_UPDATE_SEVERITY' => lang_get( 'actiongroup_menu_update_severity' ),
-		'UP_STATUS' => lang_get( 'actiongroup_menu_update_status' ),
-		'UP_CATEGORY' => lang_get( 'actiongroup_menu_update_category' ),
-		'VIEW_STATUS' => lang_get( 'actiongroup_menu_update_view_status' ),
-		'EXT_UPDATE_PRODUCT_BUILD' => lang_get( 'actiongroup_menu_update_product_build' ),
-		'EXT_ADD_NOTE' => lang_get( 'actiongroup_menu_add_note' ),
-		'EXT_ATTACH_TAGS' => lang_get( 'actiongroup_menu_attach_tags' ),
-	);
-
-	$t_project_id = helper_get_current_project();
-
-	if( ALL_PROJECTS != $t_project_id ) {
-		$t_user_id = auth_get_current_user_id();
-
-		if( access_has_project_level( config_get( 'update_bug_threshold' ), $t_project_id ) ) {
-			$commands['UP_FIXED_IN_VERSION'] = lang_get( 'actiongroup_menu_update_fixed_in_version' );
-		}
-
-		if( access_has_project_level( config_get( 'roadmap_update_threshold' ), $t_project_id ) ) {
-			$commands['UP_TARGET_VERSION'] = lang_get( 'actiongroup_menu_update_target_version' );
-		}
-
-		$t_custom_field_ids = custom_field_get_linked_ids( $t_project_id );
-
-		foreach( $t_custom_field_ids as $t_custom_field_id ) {
-			# if user has not access right to modify the field, then there is no
-			# point in showing it.
-			if( !custom_field_has_write_access_to_project( $t_custom_field_id, $t_project_id, $t_user_id ) ) {
-				continue;
-			}
-
-			$t_custom_field_def = custom_field_get_definition( $t_custom_field_id );
-			$t_command_id = 'custom_field_' . $t_custom_field_id;
-			$t_command_caption = sprintf( lang_get( 'actiongroup_menu_update_field' ), lang_get_defaulted( $t_custom_field_def['name'] ) );
-			$commands[$t_command_id] = string_display( $t_command_caption );
-		}
-	}
-
-	$t_custom_group_actions = config_get( 'custom_group_actions' );
-
-	foreach( $t_custom_group_actions as $t_custom_group_action ) {
-		# use label if provided to get the localized text, otherwise fallback to action name.
-		if( isset( $t_custom_group_action['label'] ) ) {
-			$commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['label'] );
-		} else {
-			$commands[$t_custom_group_action['action']] = lang_get_defaulted( $t_custom_group_action['action'] );
-		}
-	}
-
-	while( list( $key, $val ) = each( $commands ) ) {
-		echo '<option value="' . $key . '">' . $val . '</option>';
+/**
+ * Print a dropdown list of all bug actions available to a user for a specified
+ * set of projects.
+ * @param array $p_projects An array containing one or more project IDs
+ * @return null
+ */
+function print_all_bug_action_option_list( $p_project_ids = null ) {
+	$t_commands = bug_group_action_get_commands( $p_project_ids);
+	while( list( $t_action_id, $t_action_label ) = each( $t_commands ) ) {
+		echo '<option value="' . $t_action_id . '">' . $t_action_label . '</option>';
 	}
 }
 

@@ -50,8 +50,6 @@
 $t_sort = $t_filter['sort'];
 $t_dir = $t_filter['dir'];
 
-$t_checkboxes_exist = false;
-
 $t_icon_path = config_get( 'icon_path' );
 $t_update_bug_threshold = config_get( 'update_bug_threshold' );
 $t_bug_resolved_status_threshold = config_get( 'bug_resolved_status_threshold' );

@@ -51,9 +51,11 @@
 		$t_users_handlers[] = $rows[$i]->handler_id;
 		$t_project_ids[] = $rows[$i]->project_id;
 	}
-	user_cache_array_rows( array_unique( $t_users_handlers ) );
-	project_cache_array_rows( array_unique( $t_project_ids ) );
-	
+	$t_unique_users_handlers = array_unique( $t_users_handlers );
+	$t_unique_project_ids = array_unique( $t_project_ids );
+	user_cache_array_rows( $t_unique_users_handlers );
+	project_cache_array_rows( $t_unique_project_ids );
+
 	gpc_set_cookie( config_get( 'bug_list_cookie' ), implode( ',', $t_bugslist ) );
 
 	compress_enable();

@@ -55,10 +55,9 @@
 	list( $t_sort, ) = explode( ',', $t_filter['sort'] );
 	list( $t_dir, ) = explode( ',', $t_filter['dir'] );
 
-	$t_checkboxes_exist = false;
+	$g_checkboxes_exist = false;
 
 	$t_icon_path = config_get( 'icon_path' );
-	$t_update_bug_threshold = config_get( 'update_bug_threshold' );
 
 	# Improve performance by caching category data in one pass
 	if ( helper_get_current_project() > 0 ) {
@@ -226,14 +225,14 @@ function write_bug_rows ( $p_rows )
 		<td class="left" colspan="<?php echo $col_count; ?>">
 			<span class="floatleft">
 <?php
-		if ( $t_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
+		if ( $g_checkboxes_exist && ON == config_get( 'use_javascript' ) ) {
 			echo "<input type=\"checkbox\" name=\"all_bugs\" value=\"all\" onclick=\"checkall('bug_action', this.form.all_bugs.checked)\" /><span class=\"small\">" . lang_get( 'select_all' ) . '</span>';
 		}
 
-		if ( $t_checkboxes_exist ) {
+		if ( $g_checkboxes_exist ) {
 ?>
 			<select name="action">
-				<?php print_all_bug_action_option_list() ?>
+				<?php print_all_bug_action_option_list( $t_unique_project_ids ) ?>
 			</select>
 			<input type="submit" class="button" value="<?php echo lang_get( 'ok' ); ?>" />
 <?php