From 1177cce25f4686ec53d910ae13900880c62149dd Mon Sep 17 00:00:00 2001 From: alejandro-campos Date: Thu, 19 Sep 2019 10:24:43 +0200 Subject: [PATCH] added attached files section to incident edition --- .../godmode/setup/setup_integria.php | 2 +- .../configure_integriaims_incident.php | 230 +++++++++++++++++- 2 files changed, 225 insertions(+), 7 deletions(-) diff --git a/pandora_console/godmode/setup/setup_integria.php b/pandora_console/godmode/setup/setup_integria.php index 8ad155e41f..2f2505e9a3 100644 --- a/pandora_console/godmode/setup/setup_integria.php +++ b/pandora_console/godmode/setup/setup_integria.php @@ -210,7 +210,7 @@ $table_remote->data['integria_hostname'] = $row; // API password. $row = []; $row['name'] = __('API Password'); -$row['control'] = html_print_input_text('integria_api_pass', $config['integria_api_pass'], '', 30, 100, true); +$row['control'] = html_print_input_password('integria_api_pass', io_output_password($config['integria_api_pass']), '', 30, 100, true); $row['control'] .= ui_print_help_tip(__('Password of Integria IMS\' API'), true); $table_remote->data['integria_api_pass'] = $row; diff --git a/pandora_console/operation/incidents/configure_integriaims_incident.php b/pandora_console/operation/incidents/configure_integriaims_incident.php index 06512f578d..7b49cd2f63 100644 --- a/pandora_console/operation/incidents/configure_integriaims_incident.php +++ b/pandora_console/operation/incidents/configure_integriaims_incident.php @@ -101,7 +101,7 @@ if ($create_incident === true) { // Call Integria IMS API method to create an incident. $result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', '0', '', $incident_owner, '0', $incident_status]); - // Necessary to explicitly set true if not false because it returns api call result in case of success instead of true value. + // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. $incident_created_ok = ($result_api_call != false) ? true : false; ui_print_result_message( @@ -113,7 +113,7 @@ if ($create_incident === true) { // Call Integria IMS API method to update an incident. $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner]); - // Necessary to explicitly set true if not false because it returns api call result in case of success instead of true value. + // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. $incident_updated_ok = ($result_api_call != false) ? true : false; ui_print_result_message( @@ -123,6 +123,7 @@ if ($create_incident === true) { ); } +// Main table. $table = new stdClass(); $table->width = '100%'; $table->id = 'add_alert_table'; @@ -239,7 +240,211 @@ $table->data[3][0] .= '
'.html_print_textarea( true ).'
'; -echo '
'; +// Here starts incident file management. +$upload_file = get_parameter('upload_file'); +$delete_file_id = get_parameter('delete_file'); + +// Files section table. +$table_files_section = new stdClass(); +$table_files_section->width = '100%'; +$table_files_section->id = 'files_section_table'; +$table_files_section->class = 'databox filters'; +$table_files_section->head = []; + +$table_files_section->data = []; +$table_files_section->size = []; +$table_files_section->colspan[2][0] = 3; + +// Files list table. +$table_files = new stdClass(); +$table_files->width = '100%'; +$table_files->class = 'info_table'; +$table_files->head = []; + +$table_files->head[0] = __('Filename'); +$table_files->head[1] = __('Timestamp'); +$table_files->head[2] = __('Description'); +$table_files->head[3] = __('User'); +$table_files->head[4] = __('Size'); +$table_files->head[5] = __('Delete'); + +$table_files->data = []; + +// Upload file. +if (check_acl($config['id_user'], 0, 'IW') && $upload_file && ($_FILES['userfile']['name'] != '')) { + $filedescription = get_parameter('file_description', __('No description available')); + + $filename = io_safe_input($_FILES['userfile']['name']); + $filesize = io_safe_input($_FILES['userfile']['size']); + + $extension = pathinfo($filename, PATHINFO_EXTENSION); + $invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso| + pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess| + htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i'; + + if (!preg_match($invalid_extensions, $extension)) { + // The following is if you have clamavlib installed. + // (php5-clamavlib) and enabled in php.ini + // http://www.howtoforge.com/scan_viruses_with_php_clamavlib + if (extension_loaded('clamav')) { + cl_setlimits(5, 1000, 200, 0, 10485760); + $malware = cl_scanfile($_FILES['file']['tmp_name']); + if ($malware) { + $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); + die($error); + // On malware, we die because it's not good to handle it + } + } + + $filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name'])); + + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id_edit, $filename, $filesize, $filedescription, $filecontent]); + + // API method returns '0' string if success. + $file_added = ($result_api_call === '0') ? true : false; + + ui_print_result_message( + $file_added, + __('File successfully added'), + __('File could not be added') + ); + } +} + +// Delete file. +if (isset($_GET['delete_file']) && check_acl($config['id_user'], 0, 'IW')) { + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]); + header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit); +} + +// Retrieve files belonging to incident and create list table. +$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id_edit]); + +if ($result_api_call != false && strlen($result_api_call) > 0) { + $files = []; + $csv_array = explode("\n", $result_api_call); + + foreach ($csv_array as $csv_line) { + if (!empty($csv_line)) { + $files[] = explode(',', $csv_line); + } + } +} + +$i = 0; + +foreach ($files as $key => $value) { + $table_files->data[$i][0] = $value[11]; + $table_files->data[$i][1] = $value[14]; + $table_files->data[$i][2] = $value[12]; + $table_files->data[$i][3] = $value[8]; + $table_files->data[$i][4] = $value[13]; + if (check_acl($config['id_user'], 0, 'IW')) { + $table_files->data[$i][5] .= ''; + $table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]); + $table_files->data[$i][5] .= ''; + } + + $i++; +} + + // header("Content-type: text/plain"); + // header("Content-Disposition: attachment; filename=savethis.txt"); + // do your Db stuff here to get the content into $content + // echo "This is some text...\n"; + // print $content; +$table_files_section->data[0][0] = '

'.__('File name').':

'; +$table_files_section->data[0][0] .= html_print_input_file('userfile', true); +$table_files_section->data[1][0] = '

'.__('Description').':

'; +$table_files_section->data[1][0] .= html_print_input_text( + 'file_description', + '', + __('Description'), + 50, + 100, + true, + false +); + +$table_files_section->data[2][0] .= '
'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'
'; + +$upload_file_form = '

'.__('Add attachment').'

'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'

'.__('Attached files').'

'.html_print_table($table_files, true).'
'; + +// Here starts incident comments management. +// Comments section table. +$table_comments_section = new stdClass(); +$table_comments_section->width = '100%'; +$table_comments_section->id = 'files_section_table'; +$table_comments_section->class = 'databox filters'; +$table_comments_section->head = []; + +$table_comments_section->data = []; +$table_comments_section->size = []; + +// Comments list table. +$table_comments = new stdClass(); +$table_comments->width = '100%'; +$table_comments->class = 'info_table'; +$table_comments->head = []; + +$table_comments->head[0] = __('Filename'); +$table_comments->head[1] = __('Timestamp'); +$table_comments->head[2] = __('Description'); +$table_comments->head[3] = __('User'); +$table_comments->head[4] = __('Size'); +$table_comments->head[5] = __('Delete'); + +$table_comments->data = []; + +$table_comments_section->data[0][0] = '

'.__('Description').':

'; +$table_comments_section->data[0][0] .= html_print_input_text( + 'file_description', + '', + __('Description'), + 50, + 100, + true, + false +); + +$i = 0; + +// Retrieve comments belonging to incident and create comments table. +$result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id_edit]); + +if ($result_api_call != false && strlen($result_api_call) > 0) { + $comments = []; + $csv_array = explode("\n", $result_api_call); + + foreach ($csv_array as $csv_line) { + if (!empty($csv_line)) { + $comments[] = explode(',', $csv_line); + } + } +} + +foreach ($comments as $key => $value) { + $table_comments->data[$i][0] = $value[11]; + $table_comments->data[$i][1] = $value[14]; + $table_comments->data[$i][2] = $value[12]; + $table_comments->data[$i][3] = $value[8]; + $table_comments->data[$i][4] = $value[13]; + + $i++; +} + +/* + $upload_file_form = '

'.__('Add comment').'

' + .html_print_table($table_comments_section, true) + .html_print_input_hidden('upload_file', 1, true) + .'
' + .'

'.__('Comments').'

' + .html_print_table($table_comments, true) + .'
';*/ +// +// Print forms and stuff. +echo '
'; html_print_table($table); if (!$update) { @@ -248,7 +453,20 @@ if (!$update) { html_print_input_hidden('update_incident', 1); } -echo '
'; -html_print_submit_button(__('Create'), 'accion', false, 'class="sub wand"'); -echo '
'; echo '
'; +echo '
'; +ui_toggle( + $upload_file_form, + __('Attached files'), + '', + '', + true, + false, + 'white_box white_box_opened', + 'no-border flex' +); +echo '
'; + +echo '
'; +html_print_submit_button(__('Create'), 'accion', false, 'form="create_integria_incident_form" class="sub wand"'); +echo '
';