tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add capability to upload files in ticket creation and update on Integria integration system

This commit is contained in:
alejandro.campos@artica.es 2021-10-19 15:32:22 +02:00
parent 9d813b729e
commit 0b033dae74
3 changed files with 76 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
pandora_console/include/functions_integriaims.php
View File

@ -454,3 +454,49 @@ function get_tickets_integriaims($tickets_filters)
return $array_get_incidents; return $array_get_incidents;
} }
function integriaims_upload_file($filename, $incident_id, $file_description)
{
hd('aqui0', true);
hd($_FILES, true);
if ($_FILES[$filename]['name'] != '') {
$filename = io_safe_input($_FILES[$filename]['name']);
$filesize = io_safe_input($_FILES[$filename]['size']);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso|
pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|
htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i';
hd('aqui1', true);
if (!preg_match($invalid_extensions, $extension)) {
hd('aqui2', true);
// The following is if you have clamavlib installed.
// (php5-clamavlib) and enabled in php.ini
// http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded('clamav')) {
cl_setlimits(5, 1000, 200, 0, 10485760);
$malware = cl_scanfile($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die($error);
}
}
$filecontent = base64_encode(file_get_contents($_FILES[$filename]['tmp_name']));
hd($filecontent, true);
$result_api_call = integria_api_call(null, null, null, null, 'attach_file', [$incident_id, $filename, $filesize, $file_description, $filecontent], false, '', '|;|');
// API method returns '0' string if success.
$file_added = ($result_api_call === '0') ? true : false;
ui_print_result_message(
$file_added,
__('File successfully added'),
__('File could not be added')
);
} else {
ui_print_error_message(__('File has an invalid extension'));
}
}
}

26
pandora_console/operation/incidents/configure_integriaims_incident.php
View File

@ -90,6 +90,7 @@ $incident_creator = get_parameter('creator');
$incident_status = (int) get_parameter('status'); $incident_status = (int) get_parameter('status');
$incident_title = events_get_field_value_by_event_id($event_id, get_parameter('incident_title')); $incident_title = events_get_field_value_by_event_id($event_id, get_parameter('incident_title'));
$incident_content = events_get_field_value_by_event_id($event_id, get_parameter('incident_content')); $incident_content = events_get_field_value_by_event_id($event_id, get_parameter('incident_content'));
$file_description = get_parameter('file_description');
// Separator conversions. // Separator conversions.
$incident_title = str_replace(',', ':::', $incident_title); $incident_title = str_replace(',', ':::', $incident_title);
@ -100,7 +101,11 @@ if ($create_incident === true) {
// Call Integria IMS API method to create an incident. // Call Integria IMS API method to create an incident.
$result_api_call = integria_api_call(null, null, null, null, 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', $incident_type, '', $incident_owner, '0', $incident_status], false, '', ','); $result_api_call = integria_api_call(null, null, null, null, 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', $incident_type, '', $incident_owner, '0', $incident_status], false, '', ',');
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. if ($userfile !== '' && $result_api_call !== false) {
integriaims_upload_file('userfile', $result_api_call, $file_description);
}
// Necessary to explicitly set true if not false because function returns result of api call in case of success instead of true value.
$incident_created_ok = ($result_api_call != false) ? true : false; $incident_created_ok = ($result_api_call != false) ? true : false;
ui_print_result_message( ui_print_result_message(
@ -112,6 +117,10 @@ if ($create_incident === true) {
// Call Integria IMS API method to update an incident. // Call Integria IMS API method to update an incident.
$result_api_call = integria_api_call(null, null, null, null, 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner, 0, $incident_type], false, '', ','); $result_api_call = integria_api_call(null, null, null, null, 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner, 0, $incident_type], false, '', ',');
if ($userfile !== '') {
integriaims_upload_file('userfile', $incident_id_edit, $file_description);
}
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value.
$incident_updated_ok = ($result_api_call != false) ? true : false; $incident_updated_ok = ($result_api_call != false) ? true : false;
@ -153,6 +162,7 @@ $table->style[1] = 'width: 33%; padding-right: 50px; padding-left: 50px;';
$table->style[2] = 'width: 33%; padding-right: 100px; padding-left: 50px;'; $table->style[2] = 'width: 33%; padding-right: 100px; padding-left: 50px;';
$table->colspan[0][0] = 2; $table->colspan[0][0] = 2;
$table->colspan[3][0] = 3; $table->colspan[3][0] = 3;
$table->colspan[5][0] = 3;
$help_macros = isset($_GET['from_event']) ? ui_print_help_icon('response_macros', true) : ''; $help_macros = isset($_GET['from_event']) ? ui_print_help_icon('response_macros', true) : '';
@ -303,8 +313,20 @@ $table->data[3][0] .= '<div class="label_select_parent">'.html_print_textarea(
true true
).'</div>'; ).'</div>';
$table->data[4][0] = '<div class="label_select"><p class="input_label">'.__('File name').':</p>';
$table->data[4][0] .= html_print_input_file('userfile', true);
$table->data[5][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table->data[5][0] .= html_print_textarea(
'file_description',
3,
20,
'',
'',
true
);
// Print forms and stuff. // Print forms and stuff.
echo '<form id="create_integria_incident_form" name="create_integria_incident_form" method="POST">'; echo '<form id="create_integria_incident_form" name="create_integria_incident_form" method="POST" enctype="multipart/form-data">';
html_print_table($table); html_print_table($table);
if (!$update) { if (!$update) {

49
pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php
View File

@ -90,7 +90,7 @@ $resolution_text = integriaims_get_details('resolution', $resolution);
$type_text = integriaims_get_details('type', $type); $type_text = integriaims_get_details('type', $type);
// Incident file management. // Incident file management.
$upload_file = get_parameter('upload_file'); $upload_file = (bool) get_parameter('upload_file');
$delete_file_id = get_parameter('delete_file'); $delete_file_id = get_parameter('delete_file');
$download_file_id = get_parameter('download_file'); $download_file_id = get_parameter('download_file');
$download_file_name = get_parameter('download_file_name'); $download_file_name = get_parameter('download_file_name');
@ -121,47 +121,10 @@ $table_files->head[5] = __('Delete');
$table_files->data = []; $table_files->data = [];
// Upload file. $filedescription = get_parameter('file_description', __('No description available'));
if ($upload_file && ($_FILES['userfile']['name'] != '')) {
$filedescription = get_parameter('file_description', __('No description available'));
$filename = io_safe_input($_FILES['userfile']['name']); if ($upload_file === true) {
$filesize = io_safe_input($_FILES['userfile']['size']); integriaims_upload_file('userfile', $incident_id, $filedescription);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso|
pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|
htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i';
if (!preg_match($invalid_extensions, $extension)) {
// The following is if you have clamavlib installed.
// (php5-clamavlib) and enabled in php.ini
// http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded('clamav')) {
cl_setlimits(5, 1000, 200, 0, 10485760);
$malware = cl_scanfile($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die($error);
// On malware, we die because it's not good to handle it
}
}
$filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name']));
$result_api_call = integria_api_call(null, null, null, null, 'attach_file', [$incident_id, $filename, $filesize, $filedescription, $filecontent], false, '', '|;|');
// API method returns '0' string if success.
$file_added = ($result_api_call === '0') ? true : false;
ui_print_result_message(
$file_added,
__('File successfully added'),
__('File could not be added')
);
} else {
ui_print_error_message(__('File has an invalid extension'));
}
} }
// Delete file. // Delete file.
@ -252,11 +215,11 @@ $table_files_section->data[1][0] .= html_print_textarea(
true true
); );
$table_files_section->data[2][0] .= '<div class="w100p right">'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'</div>'; $table_files_section->data[2][0] .= '<div class="w100p right">'.html_print_submit_button(__('Upload2'), 'accion', false, 'class="sub wand"', true).'</div>';
$upload_file_form = '<div class="w100p">'; $upload_file_form = '<div class="w100p">';
$upload_file_form .= '<form method="post" id="file_control" enctype="multipart/form-data">'.'<h4>'.__('Add attachment').'</h4>'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true); $upload_file_form .= '<form method="post" id="file_control" enctype="multipart/form-data">'.'<h4>'.__('Add attachment1').'</h4>'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', true, true);
$upload_file_form .= '<h4>'.__('Attached files').'</h4>'.html_print_table($table_files, true).'</form></div>'; $upload_file_form .= '<h4>'.__('Attached files').'</h4>'.html_print_table($table_files, true).'</form></div>';