diff --git a/pandora_console/include/functions_integriaims.php b/pandora_console/include/functions_integriaims.php index f9e387c6de..af8d8c08df 100644 --- a/pandora_console/include/functions_integriaims.php +++ b/pandora_console/include/functions_integriaims.php @@ -454,3 +454,49 @@ function get_tickets_integriaims($tickets_filters) return $array_get_incidents; } + + +function integriaims_upload_file($filename, $incident_id, $file_description) +{ + hd('aqui0', true); + hd($_FILES, true); + if ($_FILES[$filename]['name'] != '') { + $filename = io_safe_input($_FILES[$filename]['name']); + $filesize = io_safe_input($_FILES[$filename]['size']); + + $extension = pathinfo($filename, PATHINFO_EXTENSION); + $invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso| + pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess| + htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i'; + hd('aqui1', true); + if (!preg_match($invalid_extensions, $extension)) { + hd('aqui2', true); + // The following is if you have clamavlib installed. + // (php5-clamavlib) and enabled in php.ini + // http://www.howtoforge.com/scan_viruses_with_php_clamavlib + if (extension_loaded('clamav')) { + cl_setlimits(5, 1000, 200, 0, 10485760); + $malware = cl_scanfile($_FILES['file']['tmp_name']); + if ($malware) { + $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); + die($error); + } + } + + $filecontent = base64_encode(file_get_contents($_FILES[$filename]['tmp_name'])); + hd($filecontent, true); + $result_api_call = integria_api_call(null, null, null, null, 'attach_file', [$incident_id, $filename, $filesize, $file_description, $filecontent], false, '', '|;|'); + + // API method returns '0' string if success. + $file_added = ($result_api_call === '0') ? true : false; + + ui_print_result_message( + $file_added, + __('File successfully added'), + __('File could not be added') + ); + } else { + ui_print_error_message(__('File has an invalid extension')); + } + } +} diff --git a/pandora_console/operation/incidents/configure_integriaims_incident.php b/pandora_console/operation/incidents/configure_integriaims_incident.php index 5ac33db935..01c9ea5737 100644 --- a/pandora_console/operation/incidents/configure_integriaims_incident.php +++ b/pandora_console/operation/incidents/configure_integriaims_incident.php @@ -90,6 +90,7 @@ $incident_creator = get_parameter('creator'); $incident_status = (int) get_parameter('status'); $incident_title = events_get_field_value_by_event_id($event_id, get_parameter('incident_title')); $incident_content = events_get_field_value_by_event_id($event_id, get_parameter('incident_content')); +$file_description = get_parameter('file_description'); // Separator conversions. $incident_title = str_replace(',', ':::', $incident_title); @@ -100,7 +101,11 @@ if ($create_incident === true) { // Call Integria IMS API method to create an incident. $result_api_call = integria_api_call(null, null, null, null, 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', $incident_type, '', $incident_owner, '0', $incident_status], false, '', ','); - // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. + if ($userfile !== '' && $result_api_call !== false) { + integriaims_upload_file('userfile', $result_api_call, $file_description); + } + + // Necessary to explicitly set true if not false because function returns result of api call in case of success instead of true value. $incident_created_ok = ($result_api_call != false) ? true : false; ui_print_result_message( @@ -112,6 +117,10 @@ if ($create_incident === true) { // Call Integria IMS API method to update an incident. $result_api_call = integria_api_call(null, null, null, null, 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner, 0, $incident_type], false, '', ','); + if ($userfile !== '') { + integriaims_upload_file('userfile', $incident_id_edit, $file_description); + } + // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. $incident_updated_ok = ($result_api_call != false) ? true : false; @@ -153,6 +162,7 @@ $table->style[1] = 'width: 33%; padding-right: 50px; padding-left: 50px;'; $table->style[2] = 'width: 33%; padding-right: 100px; padding-left: 50px;'; $table->colspan[0][0] = 2; $table->colspan[3][0] = 3; +$table->colspan[5][0] = 3; $help_macros = isset($_GET['from_event']) ? ui_print_help_icon('response_macros', true) : ''; @@ -303,8 +313,20 @@ $table->data[3][0] .= '
'.html_print_textarea( true ).'
'; +$table->data[4][0] = '

'.__('File name').':

'; +$table->data[4][0] .= html_print_input_file('userfile', true); +$table->data[5][0] = '

'.__('Description').':

'; +$table->data[5][0] .= html_print_textarea( + 'file_description', + 3, + 20, + '', + '', + true +); + // Print forms and stuff. -echo '
'; +echo ''; html_print_table($table); if (!$update) { diff --git a/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php b/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php index 9229ffdd90..7839ad1f07 100644 --- a/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php +++ b/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php @@ -90,7 +90,7 @@ $resolution_text = integriaims_get_details('resolution', $resolution); $type_text = integriaims_get_details('type', $type); // Incident file management. -$upload_file = get_parameter('upload_file'); +$upload_file = (bool) get_parameter('upload_file'); $delete_file_id = get_parameter('delete_file'); $download_file_id = get_parameter('download_file'); $download_file_name = get_parameter('download_file_name'); @@ -121,47 +121,10 @@ $table_files->head[5] = __('Delete'); $table_files->data = []; -// Upload file. -if ($upload_file && ($_FILES['userfile']['name'] != '')) { - $filedescription = get_parameter('file_description', __('No description available')); +$filedescription = get_parameter('file_description', __('No description available')); - $filename = io_safe_input($_FILES['userfile']['name']); - $filesize = io_safe_input($_FILES['userfile']['size']); - - $extension = pathinfo($filename, PATHINFO_EXTENSION); - $invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso| - pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess| - htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i'; - - if (!preg_match($invalid_extensions, $extension)) { - // The following is if you have clamavlib installed. - // (php5-clamavlib) and enabled in php.ini - // http://www.howtoforge.com/scan_viruses_with_php_clamavlib - if (extension_loaded('clamav')) { - cl_setlimits(5, 1000, 200, 0, 10485760); - $malware = cl_scanfile($_FILES['file']['tmp_name']); - if ($malware) { - $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); - die($error); - // On malware, we die because it's not good to handle it - } - } - - $filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name'])); - - $result_api_call = integria_api_call(null, null, null, null, 'attach_file', [$incident_id, $filename, $filesize, $filedescription, $filecontent], false, '', '|;|'); - - // API method returns '0' string if success. - $file_added = ($result_api_call === '0') ? true : false; - - ui_print_result_message( - $file_added, - __('File successfully added'), - __('File could not be added') - ); - } else { - ui_print_error_message(__('File has an invalid extension')); - } +if ($upload_file === true) { + integriaims_upload_file('userfile', $incident_id, $filedescription); } // Delete file. @@ -252,11 +215,11 @@ $table_files_section->data[1][0] .= html_print_textarea( true ); -$table_files_section->data[2][0] .= '
'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'
'; +$table_files_section->data[2][0] .= '
'.html_print_submit_button(__('Upload2'), 'accion', false, 'class="sub wand"', true).'
'; $upload_file_form = '
'; -$upload_file_form .= ''.'

'.__('Add attachment').'

'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true); +$upload_file_form .= ''.'

'.__('Add attachment1').'

'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', true, true); $upload_file_form .= '

'.__('Attached files').'

'.html_print_table($table_files, true).'
';