Issues in ProjectQuotaHtml.class.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

statistics/include/ProjectQuotaHtml.class.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright (c) STMicroelectronics 2012. All rights reserved
 *
 * Tuleap is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Tuleap is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
 */

require_once('ProjectQuotaManager.class.php');
require_once('common/include/CSRFSynchronizerToken.class.php');

/**
 * Management of custom quota by project
 */
class ProjectQuotaHtml {

    /**
     * ProjectManager instance
     */
    protected $projectManager;

    /**
     * ProjectQuotaManager instance
     */
    protected $projectQuotaManager;

    /**
     * Constructor of the class
     *
     * @return Void

     */
    public function __construct() {
        $this->projectManager      = ProjectManager::instance();
        $this->projectQuotaManager = new ProjectQuotaManager();
        $this->csrf                = new CSRFSynchronizerToken('project_quota.php');
    }

    /**
     * Validate project quota offset param used for display formatting.
     *
     * @param HTTPRequest $request HTTP request
     *
     * @return Integer
     */
    private function validateOffset(HTTPRequest $request) {
        $valid = new Valid('offset');
        $valid->setErrorMessage('Invalid offset submitted. Force it to 0 (zero).');
        $valid->addRule(new Rule_Int());
        $valid->addRule(new Rule_GreaterOrEqual(0));
        if ($request->valid($valid)) {
            $offset = $request->get('offset');
        } else {
            $offset = 0;
        }
        return $offset;
    }

    /**
     * Validate project quota filtering param used for display formatting.
     *
     * @param HTTPRequest $request HTTP request
     *
     * @return String
     */
    private function validateProjectFilter(HTTPRequest $request) {
        $validFilter = new Valid_String('project_filter');
        $filter      = null;
        if ($request->valid($validFilter)) {
            $filter = $request->get('project_filter');
        }
        return $filter;
    }

    /**
     * Validate project quota ordering params used for display formatting.
     *
     * @param HTTPRequest $request HTTP request
     *
     * @return Array
     */
    private function validateOrderByFilter(HTTPRequest $request) {
        $validSort = new Valid_String('sort');
        $sortBy    = null;
        $validRequest = array();
        if ($request->valid($validSort)) {
            $sortBy  = $request->get('sort');
            $validRequest['sort'] = $sortBy;
            $validOrderBy = new Valid_String('order');
            if ($request->valid($validOrderBy)) {
                if ($request->get('order') == "ASC" || $request->get('order') == "DESC") {
                    $orderBy = $request->get('order');
                } else {
                    $orderBy = null;
                }
                $validRequest['order'] = $orderBy;
            }
        }
        return $validRequest;
    }

    /**
     * Toggler used to sort records in a descending/ascending order.
     *
     * @param String $order Current order sens
     *
     * @return String
     */
    private function toggleOrderBy($order) {
        if ($order == "ASC") {
            $order = "DESC";
        } else {
            $order = "ASC";
        }
        return $order;
    }

    /**
     * Display the list of projects having a custom quota
     *
     * @param HTTPRequest $request HTTP request
     *
     * @return String
     */
    public function displayProjectQuota(HTTPRequest $request) {
        $output      = '';
        $count       = 50;
        $offset      = $this->validateOffset($request);
        $filter      = $this->validateProjectFilter($request);
        $orderParams = $this->validateOrderByFilter($request);
        $sortBy      = $orderParams['sort'];
        $orderBy     = $orderParams['order'];
        $list        = $this->getListOfProjectsIds($filter);

        $projectFilterParam = '';
        if ($filter) {
            if (empty($list)) {
                $output .= $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('plugin_statistics', 'no_search_result'));
            }
            $projectFilterParam = '&project_filter='.urlencode($filter);
        }

        $resultExist  = false;
        $customQuotas = $this->projectQuotaManager->getAllCustomQuota($list, $offset, $count, $sortBy, $orderBy);
        if ($customQuotas && !$customQuotas->isError() && $customQuotas->rowCount() > 0) {
            $resultExist = true;
        } else {
            if ($filter) {
                $output .= $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('plugin_statistics', 'no_search_result'));
            }
            $customQuotas = $this->projectQuotaManager->getAllCustomQuota(array(), $offset, $count, $sortBy, $orderBy);
            if ($customQuotas && !$customQuotas->isError() && $customQuotas->rowCount() > 0) {
                $resultExist = true;
            }
        }
        if ($resultExist) {
            $output .= $this->fetchFilterForm();
            $output .= $this->fetchCustomQuotaTable($customQuotas, $offset, $count, $sortBy, $orderBy, $projectFilterParam, $list);
            $output .= '<br />';
        } else {
            $output .= '<p><em>'. $GLOBALS['Language']->getText('plugin_statistics', 'no_projects', $this->projectQuotaManager->getDefaultQuota()) .'</em></p>';
        }

        $output .= $this->renderNewCustomQuotaForm();
        return $output;
    }

    /**
     * Get the HTML of the filter form
     *
     * @return string html
     */
    private function fetchFilterForm() {
        $output  = '';
        $output .= '<form method="get">';
        $output .= $GLOBALS['Language']->getText('plugin_statistics', 'search_projects').' ';
        $output .= '<input name="project_filter" /><input type="submit" />';
        $output .= '</form>';
        return $output;
    }

    /**
     * Get the html output of the table of projects having custom quota
     *
     * @param Iterator $customQuotas       Database result of the projects custom quota
     * @param Integer  $offset             Pagination offset
     * @param Integer  $count              Items to display by page
     * @param String   $sortBy             Property used for the sort
     * @param String   $orderBy            Ascending or descending
     * @param String   $projectFilterParam Project filter
     * @param Array    $list               List of project Id's
     *
     * @return String html
     */
    private function fetchCustomQuotaTable(Iterator $customQuotas, $offset, $count, $sortBy, $orderBy, $projectFilterParam, $list) {
        $paginationParams = $this->getPagination($offset, $count, $sortBy, $orderBy, $projectFilterParam, $customQuotas);
        $nextHref = $paginationParams['nextHref'];
        $prevHref = $paginationParams['prevHref'];
        $orderBy  = $this->toggleOrderBy($orderBy);

        $output   = '';
        $i        = 0;
        $purifier = Codendi_HTMLPurifier::instance();
        $um       = UserManager::instance();
        $titles   = array($GLOBALS['Language']->getText('global', 'Project'), $GLOBALS['Language']->getText('plugin_statistics', 'requester'), $GLOBALS['Language']->getText('plugin_statistics', 'quota'), $GLOBALS['Language']->getText('plugin_statistics', 'motivation'), $GLOBALS['Language']->getText('plugin_statistics', 'date'), $GLOBALS['Language']->getText('global', 'delete'));
        $links    = array(null, null, '?sort=quota&order='.urlencode($orderBy).$projectFilterParam.'&offset='.urlencode($offset), null, '?sort=date&order='.urlencode($orderBy).$projectFilterParam.'&offset='.urlencode($offset), null);
        $output  .= '<form method="post">';
        $output  .= html_build_list_table_top($titles, $links);
        foreach ($customQuotas as $row) {
            $project     = $this->projectManager->getProject($row[Statistics_ProjectQuotaDao::GROUP_ID]);
            $projectName = (empty($project)) ? '' : $project->getPublicName();
            $user        = $um->getUserById($row[Statistics_ProjectQuotaDao::REQUESTER_ID]);
            $username    = (empty($user)) ? '' : $user->getUserName();
            
            $output .= '<tr class="'. util_get_alt_row_color($i++) .'">';
            $output .= '<td><a href="project_stat.php?group_id='.$row[Statistics_ProjectQuotaDao::GROUP_ID].'" >'.$projectName.'</a></td>';
            $output .= '<td>'.$username.'</td><td>'.$row[Statistics_ProjectQuotaDao::REQUEST_SIZE].' GB</td>';
            $output .= '<td><pre>'.$purifier->purify($row[Statistics_ProjectQuotaDao::EXCEPTION_MOTIVATION], CODENDI_PURIFIER_BASIC, $row[Statistics_ProjectQuotaDao::GROUP_ID]).'</pre></td>';
            $output .= '<td>'.strftime("%d %b %Y", $row[Statistics_ProjectQuotaDao::REQUEST_DATE]).'</td><td><input type="checkbox" name="delete_quota[]" value="'.$row[Statistics_ProjectQuotaDao::GROUP_ID].'" /></td>';
            $output .= '</tr>';
        }
        $output .= '<tr class="'. util_get_alt_row_color($i++) .'">';
        $output .= $this->csrf->fetchHTMLInput();
        $output .= '<input type="hidden" name ="action" value="delete" />';
        $output .= '<td colspan="5" ><td><input type="submit" /></td>';
        $output .= '</tr>';
        $output .= '<tr><td>'.$prevHref.'</td><td colspan="4" ></td><td>'.$nextHref.'</td></tr>';
        $output .= '</table>';
        $output .= '</form>';
        return $output;
    }

    /**
     * Obtain the list of projects id corresponding to the filter
     *
     * @param string $filter The filter
     *
     * @return array of int (groups ids)
     */
    private function getListOfProjectsIds($filter) {
        $list = array();
        if ($filter) {
            $result   = $this->projectManager->getAllProjectsRows(0, 20, false, $filter);
            $projects = $result['projects'];
            foreach ($projects as $entry) {
                $list[] = $entry['group_id'];
            }
        }
        return $list;
    }

    /**
     * Render pagination for project quota display
     *
     * @param int    $offset             From where the result will be displayed.
     * @param int    $count              How many results are returned.
     * @param String $sortBy             Order result set according to this parameter
     * @param String $orderBy            Specifiy if the result set sort is ascending or descending
     * @param String $projectFilterParam Search filter
     * @param Array  $list               List of projects Id corresponding to a given filter
     *
     * @return Array
     */
    private function getPagination($offset, $count, $sortBy, $orderBy, $projectFilterParam, $list) {
        $params       = array();
        $foundRows    = $list->rowCount();
        $prevHref     = '&lt;Previous';
        if ($offset > 0) {
            $prevOffset = $offset - $count;
            if ($prevOffset < 0) {
                $prevOffset = 0;
            }
            $prevHref = '<a href="?sort='.$sortBy.'&amp;order='.$orderBy.$projectFilterParam.'&amp;offset='.$prevOffset.'">'.$prevHref.'</a>';
        }
        $params['prevHref'] = $prevHref;
        $nextHref           = 'Next&gt;';
        $nextOffset         = $offset + $count;
        if ($nextOffset >= $foundRows) {
            $nextOffset = null;
        } else {
            $nextHref = '<a href="?sort='.$sortBy.'&amp;order='.$orderBy.$projectFilterParam.'&amp;offset='.$nextOffset.'">'.$nextHref.'</a>';
        }
        $params['nextHref'] = $nextHref;
        return $params;
    }

    /**
     * Render form to set custom quota for a given project
     *
     * @return String
     */
    private function renderNewCustomQuotaForm() {
        $max_quota = (int)$this->projectQuotaManager->getMaximumQuota();
        $output  = '';
        $output .= '<table>';
        $output .= '<form method="post" >';
        $output .= $this->csrf->fetchHTMLInput();
        $output .= '<tr valign="top"><td colspan="2"><b>'.$GLOBALS['Language']->getText('plugin_statistics', 'set_quota').'</b></td></tr>';
        $output .= '<tr valign="top">';
        $output .= '<td>'.$GLOBALS['Language']->getText('global', 'Project').' <span class="highlight">*</span></td><td><input id="project" name="project" /></td>';
        $output .= '</tr>';
        $output .= '<tr valign="top">';
        $output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'requester').'</td><td><input id="requester" name="requester" /></td>';
        $output .= '</tr>';
        $output .= '<tr valign="top">';
        $output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'quota').' (GB) <span class="highlight">*</span></td>';
        $output .= '<td><input name="quota" type="number" min="0" max="'. $max_quota .'"/><p class="help-block">'. $GLOBALS['Language']->getText('plugin_statistics', 'max_quota', $max_quota) .'</p></td>';
        $output .= '</tr>';
        $output .= '<tr valign="top">';
        $output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'motivation').'</td><td><textarea name="motivation" rows="5" cols="50" ></textarea></td>';
        $output .= '</tr>';
        $output .= '<tr valign="top">';
        $output .= '<input type="hidden" name ="action" value="add" />';
        $output .= '<td></td><td><input type="submit" /></td>';
        $output .= '</tr>';
        $output .= '</form>';
        $output .= '</table>';
        $output .= '<p><span class="highlight">'.$GLOBALS['Language']->getText('plugin_docman', 'new_mandatory_help').'</span></p>';
        return $output;
    }

    /**
     * Handle the HTTP request
     *
     * @param HTTPRequest $request HTTP request
     *
     * @return Void
     */
    public function handleRequest(HTTPRequest $request) {
        $validAction = new Valid_WhiteList('action', array('add', 'delete'));
        if ($request->valid($validAction)) {
            $action = $request->get('action');
            switch ($action) {
                case 'add' :
                    $this->csrf->check();
                    $validProject = new Valid_String('project');
                    $validProject->required();
                    $project = null;
                    if ($request->valid($validProject)) {
                        $project = $request->get('project');
                    }
                    $validRequester = new Valid_String('requester');
                    $validRequester->required();
                    $requester = null;
                    if ($request->valid($validRequester)) {
                        $requester = $request->get('requester');
                    }
                    $validQuota = new Valid_UInt('quota');
                    $validQuota->required();
                    $quota = null;
                    if ($request->valid($validQuota)) {
                        $quota = $request->get('quota');
                    }
                    $validMotivation = new Valid_Text('motivation');
                    $validMotivation->required();
                    $motivation = null;
                    if ($request->valid($validMotivation)) {
                        $motivation = $request->get('motivation');
                    }
                    $this->projectQuotaManager->addQuota($project, $requester, $quota, $motivation);
                    break;
                case 'delete' :
                    $this->csrf->check();
                    $list = $request->get('delete_quota');
                    if (!empty($list)) {
                        $projects       = array();
                        $validProjectId = new Valid_UInt();
                        foreach ($list as $projectId) {
                            if ($validProjectId->validate($projectId)) {
                                $project = $this->projectManager->getProject($projectId);
                                if ($project) {
                                    $projects[$project->getId()] = $project->getPublicName();
                                }
                            }
                        }
                        $this->projectQuotaManager->deleteCustomQuota($projects);
                    }
                    break;
                default :
                    break;
            }
        } else {
            $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_statistics', 'invalid_action'));
        }
    }

    /**
     * Display the content of the projects over disk quota table
     *
     * @return Void
     */
    private function displayProjectsOverQuotaTableContent() {
        $output            = '';
        $exceedingProjects = $this->projectQuotaManager->getProjectsOverQuota();
        foreach ($exceedingProjects as $key => $value) {
            $output .= '<tr class="'.util_get_alt_row_color($key).'">'.
                       '<td><b><a href="disk_usage.php?func=show_one_project&group_id='.$value['group_id'].'">'.$value['project_name'].'</a></b></td>'.
                       '<td ><b>'.$value['current_disk_space'].'</b></td>'.
                       '<td ><b>'.$value['disk_quota'].'</b></td>'.
                       '<td ><b>'.$value['exceed'].'</b></td>';
            $output .= '<td>';
            $output .= '<a href="#massmail_'.$value['group_id'].'" class="project_home_contact_admins"  data-toggle="modal"><span class="icon-envelope-alt"></span></a>';
            $output .= $this->fetchMailForm($value['group_id'], $value['project_name'], $value['current_disk_space']);
            $output .= '</td>';
            $output .= '</tr>';
        }
        $presenter        = new ProjectsOverQuotaTablePresenter($output);
        $template_factory = TemplateRendererFactory::build();
        $renderer         = $template_factory->getRenderer($presenter->getTemplateDir());
        $renderer->renderToPage('projects-over-quota',$presenter);
    }

    /**
     * Display the header of the projects over disk quota table
     *
     * @return Void
     */
    private function displayProjectsOverQuotaTableHeader() {
        $header_presenter = new ProjectsOverQuotaTableHeaderPresenter();
        $template_factory = TemplateRendererFactory::build();
        $renderer         = $template_factory->getRenderer($header_presenter->getTemplateDir());
        $renderer->renderToPage('projects-over-quota-table-header',$header_presenter);
    }

    /**
     * Display the list of the projects over disk quota
     *
     * @return Void
     */
    public function displayProjectsOverQuota() {
        $this->displayProjectsOverQuotaTableHeader();
        $this->displayProjectsOverQuotaTableContent();
    }

    /**
     * Display a modal mass mail form with the default warning content
     * to be sent to project administrators.
     *
     * @param Integer $group_id Id of the project we want to warn its admins
     * @param String  $project_name The unix name of the project
     * @param String  $current_disk_space The current disk size we want reduce
     *
     * @return String
     */
    private function fetchMailForm($group_id, $project_name, $current_disk_space) {
        $token           = new CSRFSynchronizerToken('');
        $subject_content = $GLOBALS['Language']->getText('plugin_statistics', 'disk_quota_warning_subject', array($project_name));
        $body_content    = $GLOBALS['Language']->getText('plugin_statistics', 'disk_quota_warning_body', array($project_name, $current_disk_space));
        $presenter       = new DiskQuotaWarningFormPresenter(
                                $group_id,
                                $token,
                                'Massmail to project administrators',
                                '/include/massmail_to_project_admins.php',
                                $subject_content,
                                $body_content
                            );
        $template_factory = TemplateRendererFactory::build();
        $renderer         = $template_factory->getRenderer($presenter->getTemplateDir());
        return $renderer->renderToString('disk-quota-warning',$presenter);
    }

}

?>


GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

statistics/include/ProjectQuotaHtml.class.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Copyright (c) STMicroelectronics 2012. All rights reserved
4			*
5			* Tuleap is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* Tuleap is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License
16			* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
17			*/
18
19			require_once('ProjectQuotaManager.class.php');
20			require_once('common/include/CSRFSynchronizerToken.class.php');
21
22			/**
23			* Management of custom quota by project
24			*/
25			class ProjectQuotaHtml {
26
27			/**
28			* ProjectManager instance
29			*/
30			protected $projectManager;
31
32			/**
33			* ProjectQuotaManager instance
34			*/
35			protected $projectQuotaManager;
36
37			/**
38			* Constructor of the class
39			*
40			* @return Void
			0 ignored issues – show Comprehensibility Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
41			*/
42			public function __construct() {
43			$this->projectManager = ProjectManager::instance();
44			$this->projectQuotaManager = new ProjectQuotaManager();
45			$this->csrf = new CSRFSynchronizerToken('project_quota.php');
46			}
47
48			/**
49			* Validate project quota offset param used for display formatting.
50			*
51			* @param HTTPRequest $request HTTP request
52			*
53			* @return Integer
54			*/
55			private function validateOffset(HTTPRequest $request) {
56			$valid = new Valid('offset');
57			$valid->setErrorMessage('Invalid offset submitted. Force it to 0 (zero).');
58			$valid->addRule(new Rule_Int());
59			$valid->addRule(new Rule_GreaterOrEqual(0));
60			if ($request->valid($valid)) {
61			$offset = $request->get('offset');
62			} else {
63			$offset = 0;
64			}
65			return $offset;
66			}
67
68			/**
69			* Validate project quota filtering param used for display formatting.
70			*
71			* @param HTTPRequest $request HTTP request
72			*
73			* @return String
74			*/
75			private function validateProjectFilter(HTTPRequest $request) {
76			$validFilter = new Valid_String('project_filter');
77			$filter = null;
78			if ($request->valid($validFilter)) {
79			$filter = $request->get('project_filter');
80			}
81			return $filter;
82			}
83
84			/**
85			* Validate project quota ordering params used for display formatting.
86			*
87			* @param HTTPRequest $request HTTP request
88			*
89			* @return Array
90			*/
91			private function validateOrderByFilter(HTTPRequest $request) {
92			$validSort = new Valid_String('sort');
93			$sortBy = null;
94			$validRequest = array();
95			if ($request->valid($validSort)) {
96			$sortBy = $request->get('sort');
97			$validRequest['sort'] = $sortBy;
98			$validOrderBy = new Valid_String('order');
99			if ($request->valid($validOrderBy)) {
100			if ($request->get('order') == "ASC" \|\| $request->get('order') == "DESC") {
101			$orderBy = $request->get('order');
102			} else {
103			$orderBy = null;
104			}
105			$validRequest['order'] = $orderBy;
106			}
107			}
108			return $validRequest;
109			}
110
111			/**
112			* Toggler used to sort records in a descending/ascending order.
113			*
114			* @param String $order Current order sens
115			*
116			* @return String
117			*/
118			private function toggleOrderBy($order) {
119			if ($order == "ASC") {
120			$order = "DESC";
121			} else {
122			$order = "ASC";
123			}
124			return $order;
125			}
126
127			/**
128			* Display the list of projects having a custom quota
129			*
130			* @param HTTPRequest $request HTTP request
131			*
132			* @return String
133			*/
134			public function displayProjectQuota(HTTPRequest $request) {
135			$output = '';
136			$count = 50;
137			$offset = $this->validateOffset($request);
138			$filter = $this->validateProjectFilter($request);
139			$orderParams = $this->validateOrderByFilter($request);
140			$sortBy = $orderParams['sort'];
141			$orderBy = $orderParams['order'];
142			$list = $this->getListOfProjectsIds($filter);
143
144			$projectFilterParam = '';
145			if ($filter) {
146			if (empty($list)) {
147			$output .= $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('plugin_statistics', 'no_search_result'));
148			}
149			$projectFilterParam = '&project_filter='.urlencode($filter);
150			}
151
152			$resultExist = false;
153			$customQuotas = $this->projectQuotaManager->getAllCustomQuota($list, $offset, $count, $sortBy, $orderBy);
154			if ($customQuotas && !$customQuotas->isError() && $customQuotas->rowCount() > 0) {
155			$resultExist = true;
156			} else {
157			if ($filter) {
158			$output .= $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('plugin_statistics', 'no_search_result'));
159			}
160			$customQuotas = $this->projectQuotaManager->getAllCustomQuota(array(), $offset, $count, $sortBy, $orderBy);
161			if ($customQuotas && !$customQuotas->isError() && $customQuotas->rowCount() > 0) {
162			$resultExist = true;
163			}
164			}
165			if ($resultExist) {
166			$output .= $this->fetchFilterForm();
167			$output .= $this->fetchCustomQuotaTable($customQuotas, $offset, $count, $sortBy, $orderBy, $projectFilterParam, $list);
168			$output .= '<br />';
169			} else {
170			$output .= '<p><em>'. $GLOBALS['Language']->getText('plugin_statistics', 'no_projects', $this->projectQuotaManager->getDefaultQuota()) .'</em></p>';
171			}
172
173			$output .= $this->renderNewCustomQuotaForm();
174			return $output;
175			}
176
177			/**
178			* Get the HTML of the filter form
179			*
180			* @return string html
181			*/
182			private function fetchFilterForm() {
183			$output = '';
184			$output .= '<form method="get">';
185			$output .= $GLOBALS['Language']->getText('plugin_statistics', 'search_projects').' ';
186			$output .= '<input name="project_filter" /><input type="submit" />';
187			$output .= '</form>';
188			return $output;
189			}
190
191			/**
192			* Get the html output of the table of projects having custom quota
193			*
194			* @param Iterator $customQuotas Database result of the projects custom quota
195			* @param Integer $offset Pagination offset
196			* @param Integer $count Items to display by page
197			* @param String $sortBy Property used for the sort
198			* @param String $orderBy Ascending or descending
199			* @param String $projectFilterParam Project filter
200			* @param Array $list List of project Id's
201			*
202			* @return String html
203			*/
204			private function fetchCustomQuotaTable(Iterator $customQuotas, $offset, $count, $sortBy, $orderBy, $projectFilterParam, $list) {
205			$paginationParams = $this->getPagination($offset, $count, $sortBy, $orderBy, $projectFilterParam, $customQuotas);
206			$nextHref = $paginationParams['nextHref'];
207			$prevHref = $paginationParams['prevHref'];
208			$orderBy = $this->toggleOrderBy($orderBy);
209
210			$output = '';
211			$i = 0;
212			$purifier = Codendi_HTMLPurifier::instance();
213			$um = UserManager::instance();
214			$titles = array($GLOBALS['Language']->getText('global', 'Project'), $GLOBALS['Language']->getText('plugin_statistics', 'requester'), $GLOBALS['Language']->getText('plugin_statistics', 'quota'), $GLOBALS['Language']->getText('plugin_statistics', 'motivation'), $GLOBALS['Language']->getText('plugin_statistics', 'date'), $GLOBALS['Language']->getText('global', 'delete'));
215			$links = array(null, null, '?sort=quota&order='.urlencode($orderBy).$projectFilterParam.'&offset='.urlencode($offset), null, '?sort=date&order='.urlencode($orderBy).$projectFilterParam.'&offset='.urlencode($offset), null);
216			$output .= '<form method="post">';
217			$output .= html_build_list_table_top($titles, $links);
218			foreach ($customQuotas as $row) {
219			$project = $this->projectManager->getProject($row[Statistics_ProjectQuotaDao::GROUP_ID]);
220			$projectName = (empty($project)) ? '' : $project->getPublicName();
221			$user = $um->getUserById($row[Statistics_ProjectQuotaDao::REQUESTER_ID]);
222			$username = (empty($user)) ? '' : $user->getUserName();
223
224			$output .= '<tr class="'. util_get_alt_row_color($i++) .'">';
225			$output .= '<td><a href="project_stat.php?group_id='.$row[Statistics_ProjectQuotaDao::GROUP_ID].'" >'.$projectName.'</a></td>';
226			$output .= '<td>'.$username.'</td><td>'.$row[Statistics_ProjectQuotaDao::REQUEST_SIZE].' GB</td>';
227			$output .= '<td><pre>'.$purifier->purify($row[Statistics_ProjectQuotaDao::EXCEPTION_MOTIVATION], CODENDI_PURIFIER_BASIC, $row[Statistics_ProjectQuotaDao::GROUP_ID]).'</pre></td>';
228			$output .= '<td>'.strftime("%d %b %Y", $row[Statistics_ProjectQuotaDao::REQUEST_DATE]).'</td><td><input type="checkbox" name="delete_quota[]" value="'.$row[Statistics_ProjectQuotaDao::GROUP_ID].'" /></td>';
229			$output .= '</tr>';
230			}
231			$output .= '<tr class="'. util_get_alt_row_color($i++) .'">';
232			$output .= $this->csrf->fetchHTMLInput();
233			$output .= '<input type="hidden" name ="action" value="delete" />';
234			$output .= '<td colspan="5" ><td><input type="submit" /></td>';
235			$output .= '</tr>';
236			$output .= '<tr><td>'.$prevHref.'</td><td colspan="4" ></td><td>'.$nextHref.'</td></tr>';
237			$output .= '</table>';
238			$output .= '</form>';
239			return $output;
240			}
241
242			/**
243			* Obtain the list of projects id corresponding to the filter
244			*
245			* @param string $filter The filter
246			*
247			* @return array of int (groups ids)
248			*/
249			private function getListOfProjectsIds($filter) {
250			$list = array();
251			if ($filter) {
252			$result = $this->projectManager->getAllProjectsRows(0, 20, false, $filter);
253			$projects = $result['projects'];
254			foreach ($projects as $entry) {
255			$list[] = $entry['group_id'];
256			}
257			}
258			return $list;
259			}
260
261			/**
262			* Render pagination for project quota display
263			*
264			* @param int $offset From where the result will be displayed.
265			* @param int $count How many results are returned.
266			* @param String $sortBy Order result set according to this parameter
267			* @param String $orderBy Specifiy if the result set sort is ascending or descending
268			* @param String $projectFilterParam Search filter
269			* @param Array $list List of projects Id corresponding to a given filter
270			*
271			* @return Array
272			*/
273			private function getPagination($offset, $count, $sortBy, $orderBy, $projectFilterParam, $list) {
274			$params = array();
275			$foundRows = $list->rowCount();
276			$prevHref = '<Previous';
277			if ($offset > 0) {
278			$prevOffset = $offset - $count;
279			if ($prevOffset < 0) {
280			$prevOffset = 0;
281			}
282			$prevHref = '<a href="?sort='.$sortBy.'&order='.$orderBy.$projectFilterParam.'&offset='.$prevOffset.'">'.$prevHref.'</a>';
283			}
284			$params['prevHref'] = $prevHref;
285			$nextHref = 'Next>';
286			$nextOffset = $offset + $count;
287			if ($nextOffset >= $foundRows) {
288			$nextOffset = null;
289			} else {
290			$nextHref = '<a href="?sort='.$sortBy.'&order='.$orderBy.$projectFilterParam.'&offset='.$nextOffset.'">'.$nextHref.'</a>';
291			}
292			$params['nextHref'] = $nextHref;
293			return $params;
294			}
295
296			/**
297			* Render form to set custom quota for a given project
298			*
299			* @return String
300			*/
301			private function renderNewCustomQuotaForm() {
302			$max_quota = (int)$this->projectQuotaManager->getMaximumQuota();
303			$output = '';
304			$output .= '<table>';
305			$output .= '<form method="post" >';
306			$output .= $this->csrf->fetchHTMLInput();
307			$output .= '<tr valign="top"><td colspan="2"><b>'.$GLOBALS['Language']->getText('plugin_statistics', 'set_quota').'</b></td></tr>';
308			$output .= '<tr valign="top">';
309			$output .= '<td>'.$GLOBALS['Language']->getText('global', 'Project').' <span class="highlight">*</span></td><td><input id="project" name="project" /></td>';
310			$output .= '</tr>';
311			$output .= '<tr valign="top">';
312			$output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'requester').'</td><td><input id="requester" name="requester" /></td>';
313			$output .= '</tr>';
314			$output .= '<tr valign="top">';
315			$output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'quota').' (GB) <span class="highlight">*</span></td>';
316			$output .= '<td><input name="quota" type="number" min="0" max="'. $max_quota .'"/><p class="help-block">'. $GLOBALS['Language']->getText('plugin_statistics', 'max_quota', $max_quota) .'</p></td>';
317			$output .= '</tr>';
318			$output .= '<tr valign="top">';
319			$output .= '<td>'.$GLOBALS['Language']->getText('plugin_statistics', 'motivation').'</td><td><textarea name="motivation" rows="5" cols="50" ></textarea></td>';
320			$output .= '</tr>';
321			$output .= '<tr valign="top">';
322			$output .= '<input type="hidden" name ="action" value="add" />';
323			$output .= '<td></td><td><input type="submit" /></td>';
324			$output .= '</tr>';
325			$output .= '</form>';
326			$output .= '</table>';
327			$output .= '<p><span class="highlight">'.$GLOBALS['Language']->getText('plugin_docman', 'new_mandatory_help').'</span></p>';
328			return $output;
329			}
330
331			/**
332			* Handle the HTTP request
333			*
334			* @param HTTPRequest $request HTTP request
335			*
336			* @return Void
337			*/
338			public function handleRequest(HTTPRequest $request) {
339			$validAction = new Valid_WhiteList('action', array('add', 'delete'));
340			if ($request->valid($validAction)) {
341			$action = $request->get('action');
342			switch ($action) {
343			case 'add' :
344			$this->csrf->check();
345			$validProject = new Valid_String('project');
346			$validProject->required();
347			$project = null;
348			if ($request->valid($validProject)) {
349			$project = $request->get('project');
350			}
351			$validRequester = new Valid_String('requester');
352			$validRequester->required();
353			$requester = null;
354			if ($request->valid($validRequester)) {
355			$requester = $request->get('requester');
356			}
357			$validQuota = new Valid_UInt('quota');
358			$validQuota->required();
359			$quota = null;
360			if ($request->valid($validQuota)) {
361			$quota = $request->get('quota');
362			}
363			$validMotivation = new Valid_Text('motivation');
364			$validMotivation->required();
365			$motivation = null;
366			if ($request->valid($validMotivation)) {
367			$motivation = $request->get('motivation');
368			}
369			$this->projectQuotaManager->addQuota($project, $requester, $quota, $motivation);
370			break;
371			case 'delete' :
372			$this->csrf->check();
373			$list = $request->get('delete_quota');
374			if (!empty($list)) {
375			$projects = array();
376			$validProjectId = new Valid_UInt();
377			foreach ($list as $projectId) {
378			if ($validProjectId->validate($projectId)) {
379			$project = $this->projectManager->getProject($projectId);
380			if ($project) {
381			$projects[$project->getId()] = $project->getPublicName();
382			}
383			}
384			}
385			$this->projectQuotaManager->deleteCustomQuota($projects);
386			}
387			break;
388			default :
389			break;
390			}
391			} else {
392			$GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_statistics', 'invalid_action'));
393			}
394			}
395
396			/**
397			* Display the content of the projects over disk quota table
398			*
399			* @return Void
400			*/
401			private function displayProjectsOverQuotaTableContent() {
402			$output = '';
403			$exceedingProjects = $this->projectQuotaManager->getProjectsOverQuota();
404			foreach ($exceedingProjects as $key => $value) {
405			$output .= '<tr class="'.util_get_alt_row_color($key).'">'.
406			'<td><b><a href="disk_usage.php?func=show_one_project&group_id='.$value['group_id'].'">'.$value['project_name'].'</a></b></td>'.
407			'<td ><b>'.$value['current_disk_space'].'</b></td>'.
408			'<td ><b>'.$value['disk_quota'].'</b></td>'.
409			'<td ><b>'.$value['exceed'].'</b></td>';
410			$output .= '<td>';
411			$output .= '<a href="#massmail_'.$value['group_id'].'" class="project_home_contact_admins" data-toggle="modal"><span class="icon-envelope-alt"></span></a>';
412			$output .= $this->fetchMailForm($value['group_id'], $value['project_name'], $value['current_disk_space']);
413			$output .= '</td>';
414			$output .= '</tr>';
415			}
416			$presenter = new ProjectsOverQuotaTablePresenter($output);
417			$template_factory = TemplateRendererFactory::build();
418			$renderer = $template_factory->getRenderer($presenter->getTemplateDir());
419			$renderer->renderToPage('projects-over-quota',$presenter);
420			}
421
422			/**
423			* Display the header of the projects over disk quota table
424			*
425			* @return Void
426			*/
427			private function displayProjectsOverQuotaTableHeader() {
428			$header_presenter = new ProjectsOverQuotaTableHeaderPresenter();
429			$template_factory = TemplateRendererFactory::build();
430			$renderer = $template_factory->getRenderer($header_presenter->getTemplateDir());
431			$renderer->renderToPage('projects-over-quota-table-header',$header_presenter);
432			}
433
434			/**
435			* Display the list of the projects over disk quota
436			*
437			* @return Void
438			*/
439			public function displayProjectsOverQuota() {
440			$this->displayProjectsOverQuotaTableHeader();
441			$this->displayProjectsOverQuotaTableContent();
442			}
443
444			/**
445			* Display a modal mass mail form with the default warning content
446			* to be sent to project administrators.
447			*
448			* @param Integer $group_id Id of the project we want to warn its admins
449			* @param String $project_name The unix name of the project
450			* @param String $current_disk_space The current disk size we want reduce
451			*
452			* @return String
453			*/
454			private function fetchMailForm($group_id, $project_name, $current_disk_space) {
455			$token = new CSRFSynchronizerToken('');
456			$subject_content = $GLOBALS['Language']->getText('plugin_statistics', 'disk_quota_warning_subject', array($project_name));
457			$body_content = $GLOBALS['Language']->getText('plugin_statistics', 'disk_quota_warning_body', array($project_name, $current_disk_space));
458			$presenter = new DiskQuotaWarningFormPresenter(
459			$group_id,
460			$token,
461			'Massmail to project administrators',
462			'/include/massmail_to_project_admins.php',
463			$subject_content,
464			$body_content
465			);
466			$template_factory = TemplateRendererFactory::build();
467			$renderer = $template_factory->getRenderer($presenter->getTemplateDir());
468			return $renderer->renderToString('disk-quota-warning',$presenter);
469			}
470
471			}
472
473			?>
474

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

statistics/include/ProjectQuotaHtml.class.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like