tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added attached files section to incident edition

This commit is contained in:
alejandro-campos 2019-09-19 10:24:43 +02:00
parent f2a6dbb60e
commit 1177cce25f
2 changed files with 225 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/setup/setup_integria.php
View File

@ -210,7 +210,7 @@ $table_remote->data['integria_hostname'] = $row;
// API password.
$row = [];
$row['name'] = __('API Password');
$row['control'] = html_print_input_text('integria_api_pass', $config['integria_api_pass'], '', 30, 100, true);
$row['control'] = html_print_input_password('integria_api_pass', io_output_password($config['integria_api_pass']), '', 30, 100, true);
$row['control'] .= ui_print_help_tip(__('Password of Integria IMS\' API'), true);
$table_remote->data['integria_api_pass'] = $row;

230
pandora_console/operation/incidents/configure_integriaims_incident.php
View File

@ -101,7 +101,7 @@ if ($create_incident === true) {
// Call Integria IMS API method to create an incident.
$result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', '0', '', $incident_owner, '0', $incident_status]);
// Necessary to explicitly set true if not false because it returns api call result in case of success instead of true value.
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value.
$incident_created_ok = ($result_api_call != false) ? true : false;
ui_print_result_message(
@ -113,7 +113,7 @@ if ($create_incident === true) {
// Call Integria IMS API method to update an incident.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner]);
// Necessary to explicitly set true if not false because it returns api call result in case of success instead of true value.
// Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value.
$incident_updated_ok = ($result_api_call != false) ? true : false;
ui_print_result_message(
@ -123,6 +123,7 @@ if ($create_incident === true) {
);
}
// Main table.
$table = new stdClass();
$table->width = '100%';
$table->id = 'add_alert_table';
@ -239,7 +240,211 @@ $table->data[3][0] .= '<div class="label_select_parent">'.html_print_textarea(
true
).'</div>';
echo '<form name="create_integria_incident_form" method="POST">';
// Here starts incident file management.
$upload_file = get_parameter('upload_file');
$delete_file_id = get_parameter('delete_file');
// Files section table.
$table_files_section = new stdClass();
$table_files_section->width = '100%';
$table_files_section->id = 'files_section_table';
$table_files_section->class = 'databox filters';
$table_files_section->head = [];
$table_files_section->data = [];
$table_files_section->size = [];
$table_files_section->colspan[2][0] = 3;
// Files list table.
$table_files = new stdClass();
$table_files->width = '100%';
$table_files->class = 'info_table';
$table_files->head = [];
$table_files->head[0] = __('Filename');
$table_files->head[1] = __('Timestamp');
$table_files->head[2] = __('Description');
$table_files->head[3] = __('User');
$table_files->head[4] = __('Size');
$table_files->head[5] = __('Delete');
$table_files->data = [];
// Upload file.
if (check_acl($config['id_user'], 0, 'IW') && $upload_file && ($_FILES['userfile']['name'] != '')) {
$filedescription = get_parameter('file_description', __('No description available'));
$filename = io_safe_input($_FILES['userfile']['name']);
$filesize = io_safe_input($_FILES['userfile']['size']);
$extension = pathinfo($filename, PATHINFO_EXTENSION);
$invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso|
pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|
htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i';
if (!preg_match($invalid_extensions, $extension)) {
// The following is if you have clamavlib installed.
// (php5-clamavlib) and enabled in php.ini
// http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded('clamav')) {
cl_setlimits(5, 1000, 200, 0, 10485760);
$malware = cl_scanfile($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'<br>ClamAV version: '.clam_get_version();
die($error);
// On malware, we die because it's not good to handle it
}
}
$filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name']));
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id_edit, $filename, $filesize, $filedescription, $filecontent]);
// API method returns '0' string if success.
$file_added = ($result_api_call === '0') ? true : false;
ui_print_result_message(
$file_added,
__('File successfully added'),
__('File could not be added')
);
}
}
// Delete file.
if (isset($_GET['delete_file']) && check_acl($config['id_user'], 0, 'IW')) {
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]);
header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit);
}
// Retrieve files belonging to incident and create list table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id_edit]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$files = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$files[] = explode(',', $csv_line);
}
}
}
$i = 0;
foreach ($files as $key => $value) {
$table_files->data[$i][0] = $value[11];
$table_files->data[$i][1] = $value[14];
$table_files->data[$i][2] = $value[12];
$table_files->data[$i][3] = $value[8];
$table_files->data[$i][4] = $value[13];
if (check_acl($config['id_user'], 0, 'IW')) {
$table_files->data[$i][5] .= '<a id="link_delete_file" href="'.ui_get_full_url('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit.'&delete_file='.$value[0]).'"
onClick="javascript:if (!confirm(\''.__('Are you sure?').'\')) return false;">';
$table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]);
$table_files->data[$i][5] .= '</a>';
}
$i++;
}
// header("Content-type: text/plain");
// header("Content-Disposition: attachment; filename=savethis.txt");
// do your Db stuff here to get the content into $content
// echo "This is some text...\n";
// print $content;
$table_files_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('File name').':</p>';
$table_files_section->data[0][0] .= html_print_input_file('userfile', true);
$table_files_section->data[1][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_files_section->data[1][0] .= html_print_input_text(
'file_description',
'',
__('Description'),
50,
100,
true,
false
);
$table_files_section->data[2][0] .= '<div style="width: 100%; text-align:right;">'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'</div>';
$upload_file_form = '<div><form method="post" id="file_control" enctype="multipart/form-data"><h4>'.__('Add attachment').'</h4>'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'<h4>'.__('Attached files').'</h4>'.html_print_table($table_files, true).'</form></div>';
// Here starts incident comments management.
// Comments section table.
$table_comments_section = new stdClass();
$table_comments_section->width = '100%';
$table_comments_section->id = 'files_section_table';
$table_comments_section->class = 'databox filters';
$table_comments_section->head = [];
$table_comments_section->data = [];
$table_comments_section->size = [];
// Comments list table.
$table_comments = new stdClass();
$table_comments->width = '100%';
$table_comments->class = 'info_table';
$table_comments->head = [];
$table_comments->head[0] = __('Filename');
$table_comments->head[1] = __('Timestamp');
$table_comments->head[2] = __('Description');
$table_comments->head[3] = __('User');
$table_comments->head[4] = __('Size');
$table_comments->head[5] = __('Delete');
$table_comments->data = [];
$table_comments_section->data[0][0] = '<div class="label_select"><p class="input_label">'.__('Description').':</p>';
$table_comments_section->data[0][0] .= html_print_input_text(
'file_description',
'',
__('Description'),
50,
100,
true,
false
);
$i = 0;
// Retrieve comments belonging to incident and create comments table.
$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id_edit]);
if ($result_api_call != false && strlen($result_api_call) > 0) {
$comments = [];
$csv_array = explode("\n", $result_api_call);
foreach ($csv_array as $csv_line) {
if (!empty($csv_line)) {
$comments[] = explode(',', $csv_line);
}
}
}
foreach ($comments as $key => $value) {
$table_comments->data[$i][0] = $value[11];
$table_comments->data[$i][1] = $value[14];
$table_comments->data[$i][2] = $value[12];
$table_comments->data[$i][3] = $value[8];
$table_comments->data[$i][4] = $value[13];
$i++;
}
/*
$upload_file_form = '<div><form method="post" id="file_control" enctype="multipart/form-data"><h4>'.__('Add comment').'</h4>'
.html_print_table($table_comments_section, true)
.html_print_input_hidden('upload_file', 1, true)
.'</form>'
.'<h4>'.__('Comments').'</h4>'
.html_print_table($table_comments, true)
.'</div>';*/
//
// Print forms and stuff.
echo '<form id="create_integria_incident_form" name="create_integria_incident_form" method="POST">';
html_print_table($table);
if (!$update) {
@ -248,7 +453,20 @@ if (!$update) {
html_print_input_hidden('update_incident', 1);
}
echo '<div style="width: 100%; text-align:right;">';
html_print_submit_button(__('Create'), 'accion', false, 'class="sub wand"');
echo '</div>';
echo '</form>';
echo '<div class="ui_toggle">';
ui_toggle(
$upload_file_form,
__('Attached files'),
'',
'',
true,
false,
'white_box white_box_opened',
'no-border flex'
);
echo '</div>';
echo '<div style="width: 100%; text-align:right;">';
html_print_submit_button(__('Create'), 'accion', false, 'form="create_integria_incident_form" class="sub wand"');
echo '</div>';