blob: 9e70a83d554bfd6bcca901b9176cd725c606b01d [file] [log] [blame]
Copybara botbe50d492023-11-30 00:16:42 +01001<?php
2require_once("core.php");
3security::checkType(security::WORKER, security::METHOD_NOTFOUND);
4security::checkWorkerUIEnabled();
5
6$isAdmin = security::isAllowed(security::ADMIN);
7$url = ($isAdmin ? "incidents.php" : "userincidents.php?id=".$_SESSION["id"]);
8
9if (!security::checkParams("POST", [
10 ["id", security::PARAM_ISINT]
11])) {
12 security::go(visual::getContinueUrl($url, "unexpected", "POST"));
13}
14
15if (!isset($_FILES["file"]) || $_FILES["file"]["error"] == UPLOAD_ERR_NO_FILE) {
16 security::go(visual::getContinueUrl($url, "empty", "POST"));
17}
18
19$id = (int)$_POST["id"];
20
21$incident = incidents::get($id, true);
22if ($incident === false) security::go(visual::getContinueUrl($url, "unexpected", "POST"));
23
24$status = incidents::getStatus($incident);
25
26if (in_array($status, incidents::$cannotEditCommentsStates)) security::notFound();
27if (!$isAdmin) incidents::checkIncidentIsFromPerson($incident["id"]);
28
29$status = incidents::addAttachment($id, $_FILES["file"]);
30
31switch ($status) {
32 case 0:
33 security::go(visual::getContinueUrl($url, "attachmentadded", "POST"));
34 break;
35
36 case 2:
37 security::go(visual::getContinueUrl($url, "filesize", "POST"));
38 break;
39
40 case 3:
41 security::go(visual::getContinueUrl($url, "filetype", "POST"));
42 break;
43
44 default:
45 security::go(visual::getContinueUrl($url, "unexpected", "POST"));
46}