diff --git a/pandora_console/extras/mr/32.sql b/pandora_console/extras/mr/32.sql index 3100d73092..adc5e93b5c 100644 --- a/pandora_console/extras/mr/32.sql +++ b/pandora_console/extras/mr/32.sql @@ -4,4 +4,19 @@ UPDATE `tlayout_data` SET `height` = 70 , `width` = 70 WHERE `height` = 0 && `wi (`type` = 10 && `image` IS NOT NULL && `image` != '' && `image` != 'none') || (`type` = 11 && `image` IS NOT NULL && `image` != '' && `image` != 'none' && `show_statistics` = 0)); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_enabled', 0); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_user', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_pass', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_hostname', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_api_pass', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_req_timeout', 5); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_group', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_criticity', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_creator', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_owner', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_type', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_status', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_title', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_content', ''); + COMMIT; \ No newline at end of file diff --git a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql index 704ab61d74..f498c25af6 100644 --- a/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql +++ b/pandora_console/extras/pandoradb_migrate_6.0_to_7.0.mysql.sql @@ -1252,10 +1252,22 @@ DELETE FROM `tconfig` WHERE `token` = 'current_package_enterprise'; INSERT INTO `tconfig` (`token`, `value`) VALUES ('current_package_enterprise', '737'); INSERT INTO `tconfig` (`token`, `value`) VALUES ('status_monitor_fields', 'policy,agent,data_type,module_name,server_type,interval,status,graph,warn,data,timestamp'); UPDATE `tconfig` SET `value` = 'mini_severity,evento,id_agente,estado,timestamp' WHERE `token` LIKE 'event_fields'; -DELETE FROM `tconfig` WHERE `token` LIKE 'integria_enabled'; DELETE FROM `tconfig` WHERE `token` LIKE 'integria_api_password'; DELETE FROM `tconfig` WHERE `token` LIKE 'integria_inventory'; DELETE FROM `tconfig` WHERE `token` LIKE 'integria_url'; +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_user', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_pass', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_hostname', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_api_pass', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('integria_req_timeout', 5); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_group', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_criticity', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_creator', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('default_owner', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_type', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_status', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_title', ''); +INSERT INTO `tconfig` (`token`, `value`) VALUES ('incident_content', ''); -- --------------------------------------------------------------------- -- Table `tconfig_os` diff --git a/pandora_console/godmode/setup/setup.php b/pandora_console/godmode/setup/setup.php index bf34da4a61..a46d7bc832 100644 --- a/pandora_console/godmode/setup/setup.php +++ b/pandora_console/godmode/setup/setup.php @@ -119,7 +119,7 @@ if (check_acl($config['id_user'], 0, 'AW')) { $buttons['integria'] = [ 'active' => false, - 'text' => ''.html_print_image('images/ehorus/ehorus.png', true, ['title' => __('Integria IMS')]).'', + 'text' => ''.html_print_image('images/integria.png', true, ['title' => __('Integria IMS')]).'', ]; $buttons['ehorus'] = [ diff --git a/pandora_console/godmode/setup/setup_integria.php b/pandora_console/godmode/setup/setup_integria.php index 2f2505e9a3..de47c0016a 100644 --- a/pandora_console/godmode/setup/setup_integria.php +++ b/pandora_console/godmode/setup/setup_integria.php @@ -61,12 +61,37 @@ if (get_parameter('update_config', 0) == 1) { if ($config['integria_enabled'] == 1) { if ($event_response_exists === false) { // Create 'Create incident in IntegriaIMS from event' event response only when user enables IntegriaIMS integration and it does not exist in database. - db_process_sql_insert('tevent_response', ['name' => io_safe_input('Create incident in IntegriaIMS from event'), 'description' => io_safe_input('Create an incident in Integria IMS from an event'), 'target' => io_safe_input('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&from_event=_event_id_'), 'type' => 'url', 'id_group' => '0', 'modal_width' => '0', 'modal_height' => '0', 'new_window' => '1', 'params' => '', 'server_to_exec' => '0']); + db_process_sql_insert( + 'tevent_response', + [ + 'name' => io_safe_input('Create incident in IntegriaIMS from event'), + 'description' => io_safe_input('Create an incident in Integria IMS from an event'), + 'target' => io_safe_input('index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&from_event=_event_id_'), + 'type' => 'url', + 'id_group' => '0', + 'modal_width' => '0', + 'modal_height' => '0', + 'new_window' => '1', + 'params' => '', + 'server_to_exec' => '0', + ] + ); } if ($command_exists === false) { // Create 'Integria IMS Ticket' command only when user enables IntegriaIMS integration and it does not exist in database. - $id_command_inserted = db_process_sql_insert('talert_commands', ['name' => io_safe_input('Integria IMS Ticket'), 'command' => io_safe_input('perl /usr/share/pandora_server/util/integria_rticket.pl -p '.$config['integria_hostname'].'/integria/include/api.php -u '.$config['integria_api_pass'].','.$config['integria_user'].','.$config['integria_pass'].' -create_ticket -name "_field1_" -desc "_field2_" -group _field3_ -priority _field4_ -owner _field5_ -type _field6_'), 'description' => io_safe_input('Create an incident in Integria IMS'), 'fields_descriptions' => '["'.io_safe_input('Ticket title').'","'.io_safe_input('Ticket description').'","'.io_safe_input('Ticket group ID').'","'.io_safe_input('Ticket priority').'","'.io_safe_input('Ticket owner').'","'.io_safe_input('Ticket type').'"]', 'fields_values' => '["'.io_safe_input($config['incident_title']).'", "'.io_safe_input($config['incident_content']).'", "'.io_safe_input($config['default_group']).'", "'.io_safe_input($config['default_criticity']).'", "'.io_safe_input($config['default_owner']).'", "'.io_safe_input($config['incident_type']).'"]', 'fields_hidden' => '["","","","","","","","","",""]']); + $id_command_inserted = db_process_sql_insert( + 'talert_commands', + [ + 'name' => io_safe_input('Integria IMS Ticket'), + 'command' => io_safe_input('perl /usr/share/pandora_server/util/integria_rticket.pl -p '.$config['integria_hostname'].'/integria/include/api.php -u '.$config['integria_api_pass'].','.$config['integria_user'].','.$config['integria_pass'].' -create_ticket -name "_field1_" -desc "_field2_" -group _field3_ -priority _field4_ -owner _field5_ -type _field6_'), + 'internal' => 1, + 'description' => io_safe_input('Create an incident in Integria IMS'), + 'fields_descriptions' => '["'.io_safe_input('Ticket title').'","'.io_safe_input('Ticket description').'","'.io_safe_input('Ticket group ID').'","'.io_safe_input('Ticket priority').'","'.io_safe_input('Ticket owner').'","'.io_safe_input('Ticket type').'"]', + 'fields_values' => '["'.io_safe_input($config['incident_title']).'", "'.io_safe_input($config['incident_content']).'", "'.io_safe_input($config['default_group']).'", "'.io_safe_input($config['default_criticity']).'", "'.io_safe_input($config['default_owner']).'", "'.io_safe_input($config['incident_type']).'"]', + 'fields_hidden' => '["","","","","","","","","",""]', + ] + ); // Create 'Create Integria IMS Ticket' action only when user enables IntegriaIMS integration and command exists in database. $action_values = [ @@ -269,7 +294,7 @@ $row['control'] = html_print_select( 'default_group', $config['default_group'], '', - __('Select'), + '', 0, true, false, diff --git a/pandora_console/images/integria.png b/pandora_console/images/integria.png new file mode 100644 index 0000000000..9dcad27e3b Binary files /dev/null and b/pandora_console/images/integria.png differ diff --git a/pandora_console/images/integria_logo_gray.png b/pandora_console/images/integria_logo_gray.png new file mode 100644 index 0000000000..d901e72493 Binary files /dev/null and b/pandora_console/images/integria_logo_gray.png differ diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index f006520b38..5878015300 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -3372,12 +3372,20 @@ function html_print_autocomplete_users_from_integria( $name='users', $default='', $return=false, - $size='30' + $size='30', + $disable=false, + $required=false ) { global $config; ob_start(); + $attrs = ['style' => 'background: url(images/user_green.png) no-repeat right;']; + + if ($required) { + $attrs['required'] = 'required'; + } + html_print_input_text_extended( $name, $default, @@ -3385,12 +3393,17 @@ function html_print_autocomplete_users_from_integria( '', $size, 100, - false, + $disable, '', - ['style' => 'background: url(images/user_green.png) no-repeat right;'] + $attrs ); html_print_input_hidden($name.'_hidden', $id_agent_module); - ui_print_help_tip(__('Type at least two characters to search the user.'), false); + + if ($disable === true) { + ui_print_help_tip(__('This value cannot be updated.'), false); + } else { + ui_print_help_tip(__('Type at least two characters to search the user.'), false); + } $javascript_ajax_page = ui_get_full_url('ajax.php', false, false, false, false); ?> diff --git a/pandora_console/include/styles/integriaims.css b/pandora_console/include/styles/integriaims.css index 59f424f8ab..0c8440e739 100644 --- a/pandora_console/include/styles/integriaims.css +++ b/pandora_console/include/styles/integriaims.css @@ -94,3 +94,32 @@ div.integria_details_description textarea { border-left: none; border-right: none; } + +/* Inputs type text shown as a black line */ +.integria_incidents_options input[type="text"] { + background-color: transparent; + border: none; + border-radius: 0; + border-bottom: 1px solid #ccc; + font-family: "lato-bolder", "Open Sans", sans-serif; + font-size: 10pt; + padding: 2px 5px; + box-sizing: border-box; + background-repeat: no-repeat; + background-position: left bottom 2px; + margin-bottom: 4px; +} + +.integria_incident_options input[readonly] { + color: #848484; +} + +.comment_title { + padding: 5px 10px 5px 20px; + background-color: rgba(130, 185, 46, 0.16); + border-radius: 3px; +} + +.comment_body { + padding: 15px 20px 15px 20px; +} diff --git a/pandora_console/include/styles/pandora.css b/pandora_console/include/styles/pandora.css index 02ae758331..8c12d11d04 100644 --- a/pandora_console/include/styles/pandora.css +++ b/pandora_console/include/styles/pandora.css @@ -5342,25 +5342,6 @@ table.info_table.policy_sub_table { color: #848484; } -/* Inputs type text shown as a black line */ -.integria_incidents_options input[type="text"] { - background-color: transparent; - border: none; - border-radius: 0; - border-bottom: 1px solid #ccc; - font-family: "lato-bolder", "Open Sans", sans-serif; - font-size: 10pt; - padding: 2px 5px; - box-sizing: border-box; - background-repeat: no-repeat; - background-position: left bottom 2px; - margin-bottom: 4px; -} - -.integria_incident_options input[readonly] { - color: #848484; -} - /* * --------------------------------------------------------------------- * - CLASSES FOR THE NEW TOGGLES - @@ -5903,28 +5884,3 @@ table.table_modal_alternate tr td:first-child { .fullwidth { width: 100%; } - -/* - * --------------------------------------------------------------------- - * - INTEGRIA INCIDENTS - * --------------------------------------------------------------------- - */ -div.priority { - width: 80px; - color: #fff; - text-align: center; - border-radius: 5px; - padding: 5px; - display: table-cell; - vertical-align: middle; -} - -.comment_title { - padding: 5px 10px 5px 20px; - background-color: rgba(130, 185, 46, 0.16); - border-radius: 3px; -} - -.comment_body { - padding: 15px 20px 15px 20px; -} diff --git a/pandora_console/operation/incidents/configure_integriaims_incident.php b/pandora_console/operation/incidents/configure_integriaims_incident.php index 356bbbdcd4..5af26304f5 100644 --- a/pandora_console/operation/incidents/configure_integriaims_incident.php +++ b/pandora_console/operation/incidents/configure_integriaims_incident.php @@ -48,6 +48,9 @@ if ($has_connection === false) { return; } +// Styles. +ui_require_css_file('integriaims'); + // If everything OK, get parameters from Integria IMS API in order to populate combos. $integria_group_values = []; $integria_criticity_values = []; @@ -106,7 +109,7 @@ if ($update) { // Perform action. if ($create_incident === true) { // Call Integria IMS API method to create an incident. - $result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', '0', '', $incident_owner, '0', $incident_status]); + $result_api_call = integria_api_call($config['integria_hostname'], $incident_creator, $config['integria_pass'], $config['integria_api_pass'], 'create_incident', [$incident_title, $incident_group_id, $incident_criticity_id, $incident_content, '', $incident_type, '', $incident_owner, '0', $incident_status]); // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. $incident_created_ok = ($result_api_call != false) ? true : false; @@ -118,7 +121,7 @@ if ($create_incident === true) { ); } else if ($update_incident === true) { // Call Integria IMS API method to update an incident. - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner]); + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'update_incident', [$incident_id_edit, $incident_title, $incident_content, '', $incident_group_id, $incident_criticity_id, 0, $incident_status, $incident_owner, 0, $incident_type]); // Necessary to explicitly set true if not false because function returns api call result in case of success instead of true value. $incident_updated_ok = ($result_api_call != false) ? true : false; @@ -146,7 +149,9 @@ $table->style[2] = 'width: 33%; padding-right: 100px; padding-left: 50px;'; $table->colspan[0][0] = 2; $table->colspan[3][0] = 3; -$table->data[0][0] = '

'.__('Title').': '.ui_print_help_icon('response_macros', true).'

'; +$help_macros = isset($_GET['from_event']) ? ui_print_help_icon('response_macros', true) : ''; + +$table->data[0][0] = '

'.__('Title').': '.$help_macros.'

'; $table->data[0][0] .= '
'.html_print_input_text( 'incident_title', $update ? $incident_details[3] : $config['incident_title'], @@ -160,6 +165,8 @@ $table->data[0][0] .= '
'.html_print_input_text( 'w100p' ).'
'; +$table->data[0][2] = html_print_image('images/integria_logo_gray.png', true, ['style' => 'width: 70%; float: right;'], false); + $table->data[1][0] = '

'.__('Type').':

'; $table->data[1][0] .= '
'.html_print_select( $integria_types_values, @@ -198,7 +205,7 @@ $table->data[1][1] .= '
'.html_print_select( 'group', $update ? $incident_details[8] : $config['default_group'], '', - __('Select'), + '', 0, true, false, @@ -212,6 +219,9 @@ $table->data[2][1] = '

'.__('Cre $table->data[2][1] .= '

'.html_print_autocomplete_users_from_integria( 'creator', $update ? $incident_details[10] : $config['default_creator'], + true, + '30', + $update, true ).'
'; @@ -235,11 +245,11 @@ $table->data[2][2] = '

'.__('Own $table->data[2][2] .= '

'.html_print_autocomplete_users_from_integria( 'owner', - $update ? $incident_details[10] : $config['default_owner'], + $update ? $incident_details[5] : $config['default_owner'], true ).'
'; -$table->data[3][0] = '

'.__('Description').': '.ui_print_help_icon('response_macros', true).'

'; +$table->data[3][0] = '

'.__('Description').': '.$help_macros.'

'; $table->data[3][0] .= '
'.html_print_textarea( 'incident_content', 3, @@ -249,241 +259,6 @@ $table->data[3][0] .= '
'.html_print_textarea( true ).'
'; -if ($update) { - // Here starts incident file management. - $upload_file = get_parameter('upload_file'); - $delete_file_id = get_parameter('delete_file'); - $download_file_id = get_parameter('download_file'); - $download_file_name = get_parameter('download_file_name'); - - // Files section table. - $table_files_section = new stdClass(); - $table_files_section->width = '100%'; - $table_files_section->id = 'files_section_table'; - $table_files_section->class = 'databox filters'; - $table_files_section->head = []; - - $table_files_section->data = []; - $table_files_section->size = []; - $table_files_section->colspan[2][0] = 3; - - // Files list table. - $table_files = new stdClass(); - $table_files->width = '100%'; - $table_files->class = 'info_table'; - $table_files->head = []; - - $table_files->head[0] = __('Filename'); - $table_files->head[1] = __('Timestamp'); - $table_files->head[2] = __('Description'); - $table_files->head[3] = __('User'); - $table_files->head[4] = __('Size'); - $table_files->head[5] = __('Delete'); - - $table_files->data = []; - - // Upload file. - if (check_acl($config['id_user'], 0, 'IW') && $upload_file && ($_FILES['userfile']['name'] != '')) { - $filedescription = get_parameter('file_description', __('No description available')); - - $filename = io_safe_input($_FILES['userfile']['name']); - $filesize = io_safe_input($_FILES['userfile']['size']); - - $extension = pathinfo($filename, PATHINFO_EXTENSION); - $invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso| - pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess| - htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i'; - - if (!preg_match($invalid_extensions, $extension)) { - // The following is if you have clamavlib installed. - // (php5-clamavlib) and enabled in php.ini - // http://www.howtoforge.com/scan_viruses_with_php_clamavlib - if (extension_loaded('clamav')) { - cl_setlimits(5, 1000, 200, 0, 10485760); - $malware = cl_scanfile($_FILES['file']['tmp_name']); - if ($malware) { - $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); - die($error); - // On malware, we die because it's not good to handle it - } - } - - $filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name'])); - - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id_edit, $filename, $filesize, $filedescription, $filecontent]); - - // API method returns '0' string if success. - $file_added = ($result_api_call === '0') ? true : false; - - ui_print_result_message( - $file_added, - __('File successfully added'), - __('File could not be added') - ); - } - } - - // Delete file. - if (isset($_GET['delete_file'])) { - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]); - header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit); - } - - // Download file. - if (isset($_GET['download_file'])) { - $file_base64 = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'download_file', [$download_file_id]); - ob_end_clean(); - - $decoded = base64_decode($file_base64); - - file_put_contents($download_file_name, $decoded); - ob_end_clean(); - - if (file_exists($download_file_name)) { - header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename="'.basename($download_file_name).'"'); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); - header('Content-Length: '.filesize($download_file_name)); - ob_end_clean(); - readfile($download_file_name); - exit; - } - - header('Location: index.php?sec=incident&sec2=operation/incidents/configure_integriaims_incident&incident_id='.$incident_id_edit); - } - - // Retrieve files belonging to incident and create list table. - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id_edit]); - - if ($result_api_call != false && strlen($result_api_call) > 0) { - $files = []; - $csv_array = explode("\n", $result_api_call); - - foreach ($csv_array as $csv_line) { - if (!empty($csv_line)) { - $files[] = explode(',', $csv_line); - } - } - } - - $i = 0; - - foreach ($files as $key => $value) { - $table_files->data[$i][0] = ''.$value[11].''; - $table_files->data[$i][1] = $value[14]; - $table_files->data[$i][2] = $value[12]; - $table_files->data[$i][3] = $value[8]; - $table_files->data[$i][4] = $value[13]; - $table_files->data[$i][5] .= ''; - $table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]); - $table_files->data[$i][5] .= ''; - - $i++; - } - - $table_files_section->data[0][0] = '

'.__('File name').':

'; - $table_files_section->data[0][0] .= html_print_input_file('userfile', true); - $table_files_section->data[1][0] = '

'.__('Description').':

'; - $table_files_section->data[1][0] .= html_print_input_text( - 'file_description', - '', - __('Description'), - 50, - 100, - true, - false - ); - - $table_files_section->data[2][0] .= '
'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'
'; - - $upload_file_form = '
'.'

'.__('Add attachment').'

'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'

'.__('Attached files').'

'.html_print_table($table_files, true).'
'; -} - -// Here starts incident comments management. -if ($update) { - $upload_comment = get_parameter('upload_comment'); - $comment_description = get_parameter('comment_description'); - - // Comments section table. - $table_comments_section = new stdClass(); - $table_comments_section->width = '100%'; - $table_comments_section->id = 'files_section_table'; - $table_comments_section->class = 'databox filters'; - $table_comments_section->head = []; - - $table_comments_section->data = []; - $table_comments_section->size = []; - - // Comments list table. - $table_comments = new stdClass(); - $table_comments->width = '100%'; - $table_comments->class = 'info_table'; - $table_comments->head = []; - - $table_comments->head[0] = __('Filename'); - $table_comments->head[1] = __('Timestamp'); - $table_comments->head[2] = __('Description'); - $table_comments->head[3] = __('User'); - $table_comments->head[4] = __('Size'); - $table_comments->head[5] = __('Delete'); - - $table_comments->data = []; - - $table_comments_section->data[0][0] = '

'.__('Description').':

'; - $table_comments_section->data[0][0] .= html_print_textarea( - 'comment_description', - 3, - 20, - '', - '', - true - ); - - $table_comments_section->data[1][1] .= '
'.html_print_submit_button(__('Add'), 'accion', false, 'class="sub wand"', true).'
'; - - // Upload comment. - if ($upload_comment) { - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'create_workunit', [$incident_id_edit, $comment_description, '0.00', 'no', 'no', '0']); - - // API method returns id of new comment if success. - $comment_added = ($result_api_call >= '0') ? true : false; - - ui_print_result_message( - $comment_added, - __('Comment successfully added'), - __('Comment could not be added') - ); - } - - // Retrieve comments belonging to incident and create comments table. - $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id_edit]); - - - - if ($result_api_call != false && strlen($result_api_call) > 0) { - $comments = []; - $csv_array = explode("\n", $result_api_call); - - foreach ($csv_array as $csv_line) { - if (!empty($csv_line)) { - $comments[] = explode(',', $csv_line); - } - } - } - - $upload_comment_form = ''; - foreach ($comments as $key => $value) { - $upload_comment_form .= '
'.$value[3].' said '.$value[1].''.$value[2].' Hours
'; - $upload_comment_form .= '
'.$value[4].'
'; - } - - $upload_comment_form = '

'.__('Add comment').'

'.html_print_table($table_comments_section, true).html_print_input_hidden('upload_comment', 1, true).'
'.'

'.__('Comments').'

'.$upload_comment_form.'
'; -} - // Print forms and stuff. echo '
'; html_print_table($table); @@ -494,34 +269,7 @@ if (!$update) { html_print_input_hidden('update_incident', 1); } -if ($update) { - echo '
'; - echo '
'; - ui_toggle( - $upload_file_form, - __('Attached files'), - '', - '', - true, - false, - 'white_box white_box_opened', - 'no-border flex' - ); - echo '
'; - - echo '
'; - ui_toggle( - $upload_comment_form, - __('Comments'), - '', - '', - true, - false, - 'white_box white_box_opened', - 'no-border flex' - ); - echo '
'; -} +echo ''; echo '
'; if ($update) { diff --git a/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php b/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php index 3ce47cb054..a37af0de50 100644 --- a/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php +++ b/pandora_console/operation/incidents/dashboard_detail_integriaims_incident.php @@ -18,7 +18,7 @@ require_once 'include/functions_integriaims.php'; check_login(); -if (! check_acl($config['id_user'], 0, 'IR') && ! check_acl($config['id_user'], 0, 'IW') && ! check_acl($config['id_user'], 0, 'IM')) { +if (!(check_acl($config['id_user'], 0, 'IW') && check_acl($config['id_user'], 0, 'IR'))) { // Doesn't have access to this page. db_pandora_audit('ACL Violation', 'Trying to access IntegriaIMS ticket creation'); include 'general/noaccess.php'; @@ -96,6 +96,254 @@ $priority_text = integriaims_get_details('priority', $priority); $resolution_text = integriaims_get_details('resolution', $resolution); $type_text = integriaims_get_details('type', $type); +if (check_acl($config['id_user'], 0, 'IW')) { + // Incident file management. + $upload_file = get_parameter('upload_file'); + $delete_file_id = get_parameter('delete_file'); + $download_file_id = get_parameter('download_file'); + $download_file_name = get_parameter('download_file_name'); + + // Files section table. + $table_files_section = new stdClass(); + $table_files_section->width = '100%'; + $table_files_section->id = 'files_section_table'; + $table_files_section->class = 'databox filters'; + $table_files_section->head = []; + + $table_files_section->data = []; + $table_files_section->size = []; + $table_files_section->colspan[2][0] = 3; + + // Files list table. + $table_files = new stdClass(); + $table_files->width = '100%'; + $table_files->class = 'info_table'; + $table_files->head = []; + + $table_files->head[0] = __('Filename'); + $table_files->head[1] = __('Timestamp'); + $table_files->head[2] = __('Description'); + $table_files->head[3] = __('User'); + $table_files->head[4] = __('Size'); + $table_files->head[5] = __('Delete'); + + $table_files->data = []; + + // Upload file. + if ($upload_file && ($_FILES['userfile']['name'] != '')) { + $filedescription = get_parameter('file_description', __('No description available')); + + $filename = io_safe_input($_FILES['userfile']['name']); + $filesize = io_safe_input($_FILES['userfile']['size']); + + $extension = pathinfo($filename, PATHINFO_EXTENSION); + $invalid_extensions = '/^(bat|exe|cmd|sh|php|php1|php2|php3|php4|php5|pl|cgi|386|dll|com|torrent|js|app|jar|iso| + pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess| + htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i'; + + if (!preg_match($invalid_extensions, $extension)) { + // The following is if you have clamavlib installed. + // (php5-clamavlib) and enabled in php.ini + // http://www.howtoforge.com/scan_viruses_with_php_clamavlib + if (extension_loaded('clamav')) { + cl_setlimits(5, 1000, 200, 0, 10485760); + $malware = cl_scanfile($_FILES['file']['tmp_name']); + if ($malware) { + $error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version(); + die($error); + // On malware, we die because it's not good to handle it + } + } + + $filecontent = base64_encode(file_get_contents($_FILES['userfile']['tmp_name'])); + + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'attach_file', [$incident_id, $filename, $filesize, $filedescription, $filecontent]); + + // API method returns '0' string if success. + $file_added = ($result_api_call === '0') ? true : false; + + ui_print_result_message( + $file_added, + __('File successfully added'), + __('File could not be added') + ); + } + } + + // Delete file. + if (isset($_GET['delete_file'])) { + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'delete_file', [$delete_file_id]); + + $file_deleted = false; + + if ($result_api_call === '0') { + $file_deleted = true; + } + + ui_print_result_message( + $file_deleted, + __('File successfully deleted'), + __('File could not be deleted') + ); + } + + // Download file. + if (isset($_GET['download_file'])) { + $file_base64 = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'download_file', [$download_file_id]); + ob_end_clean(); + + $decoded = base64_decode($file_base64); + + file_put_contents($download_file_name, $decoded); + ob_end_clean(); + + if (file_exists($download_file_name)) { + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename="'.basename($download_file_name).'"'); + header('Expires: 0'); + header('Cache-Control: must-revalidate'); + header('Pragma: public'); + header('Content-Length: '.filesize($download_file_name)); + ob_end_clean(); + readfile($download_file_name); + exit; + } + + header('Location: index.php?sec=incident&sec2=operation/incidents/dashboard_detail_integriaims_incident&incident_id='.$incident_id); + } + + // Retrieve files belonging to incident and create list table. + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_files', [$incident_id]); + + if ($result_api_call != false && strlen($result_api_call) > 0) { + $files = []; + $csv_array = explode("\n", $result_api_call); + + foreach ($csv_array as $csv_line) { + if (!empty($csv_line)) { + $files[] = explode(',', $csv_line); + } + } + } + + $i = 0; + + foreach ($files as $key => $value) { + $table_files->data[$i][0] = ''.$value[11].''; + $table_files->data[$i][1] = $value[14]; + $table_files->data[$i][2] = $value[12]; + $table_files->data[$i][3] = $value[8]; + $table_files->data[$i][4] = $value[13]; + $table_files->data[$i][5] .= ''; + $table_files->data[$i][5] .= html_print_image('images/cross.png', true, ['title' => __('Delete')]); + $table_files->data[$i][5] .= ''; + + $i++; + } + + $table_files_section->data[0][0] = '

'.__('File name').':

'; + $table_files_section->data[0][0] .= html_print_input_file('userfile', true); + $table_files_section->data[1][0] = '

'.__('Description').':

'; + $table_files_section->data[1][0] .= html_print_input_text( + 'file_description', + '', + __('Description'), + 50, + 100, + true, + false + ); + + $table_files_section->data[2][0] .= '
'.html_print_submit_button(__('Upload'), 'accion', false, 'class="sub wand"', true).'
'; + + $upload_file_form = '
'.'

'.__('Add attachment').'

'.html_print_table($table_files_section, true).html_print_input_hidden('upload_file', 1, true).'

'.__('Attached files').'

'.html_print_table($table_files, true).'
'; + + + // Incident comments management. + $upload_comment = get_parameter('upload_comment'); + $comment_description = get_parameter('comment_description'); + + // Comments section table. + $table_comments_section = new stdClass(); + $table_comments_section->width = '100%'; + $table_comments_section->id = 'files_section_table'; + $table_comments_section->class = 'databox filters'; + $table_comments_section->head = []; + + $table_comments_section->data = []; + $table_comments_section->size = []; + + // Comments list table. + $table_comments = new stdClass(); + $table_comments->width = '100%'; + $table_comments->class = 'info_table'; + $table_comments->head = []; + + $table_comments->head[0] = __('Filename'); + $table_comments->head[1] = __('Timestamp'); + $table_comments->head[2] = __('Description'); + $table_comments->head[3] = __('User'); + $table_comments->head[4] = __('Size'); + $table_comments->head[5] = __('Delete'); + + $table_comments->data = []; + + $table_comments_section->data[0][0] = '

'.__('Description').':

'; + $table_comments_section->data[0][0] .= html_print_textarea( + 'comment_description', + 3, + 20, + '', + '', + true + ); + + $table_comments_section->data[1][1] .= '
'.html_print_submit_button(__('Add'), 'accion', false, 'class="sub wand"', true).'
'; + + // Upload comment. + if ($upload_comment) { + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'create_workunit', [$incident_id, $comment_description, '0.00', 'no', 'no', '0']); + + // API method returns id of new comment if success. + $comment_added = ($result_api_call >= '0') ? true : false; + + ui_print_result_message( + $comment_added, + __('Comment successfully added'), + __('Comment could not be added') + ); + } + + // Retrieve comments belonging to incident and create comments table. + $result_api_call = integria_api_call($config['integria_hostname'], $config['integria_user'], $config['integria_pass'], $config['integria_api_pass'], 'get_incident_workunits', [$incident_id]); + + if ($result_api_call != false && strlen($result_api_call) > 0) { + $comments = []; + $csv_array = explode("\n", $result_api_call); + + foreach ($csv_array as $csv_line) { + if (!empty($csv_line)) { + $comments[] = explode(',', $csv_line); + } + } + } + + $upload_comment_form = ''; + + if (!empty($comments)) { + foreach ($comments as $key => $value) { + $upload_comment_form .= '
'.$value[3].' said '.$value[1].''.$value[2].' Hours
'; + $upload_comment_form .= '
'.$value[4].'
'; + } + } else { + $upload_comment_form = __('No comments found'); + } + + $upload_comment_form = '

'.__('Add comment').'

'.html_print_table($table_comments_section, true).html_print_input_hidden('upload_comment', 1, true).'
'.'

'.__('Comments').'

'.$upload_comment_form.'
'; +} + // Details box. $details_box = '
'; @@ -172,6 +420,34 @@ $description_box = '
'.html_print_texta ).'
'; ui_toggle($description_box, __('Description'), '', '', false); +if (check_acl($config['id_user'], 0, 'IW')) { + echo '
'; + ui_toggle( + $upload_file_form, + __('Attached files'), + '', + '', + true, + false, + 'white_box white_box_opened', + 'no-border flex' + ); + echo '
'; + + echo '
'; + ui_toggle( + $upload_comment_form, + __('Comments'), + '', + '', + true, + false, + 'white_box white_box_opened', + 'no-border flex' + ); + echo '
'; +} + ?>