mirror of https://github.com/MISP/MISP
Fixes to several ajax related issues
- malware samples / attachments couldn't be downloaded - links weren't actually links - deleting an attribute / shadowattribute now opens a custom confirmation dialogue. This is also where the CSRF tokens are generated for the post request to execute the delete, resulting in a faster event view loadpull/274/head
parent
ef07046739
commit
19b4a2ae37
|
@ -878,6 +878,13 @@ class AttributesController extends AppController {
|
|||
}
|
||||
} else {
|
||||
$this->set('id', $id);
|
||||
$attribute = $this->Attribute->find('first', array(
|
||||
'conditions' => array('id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'event_id'),
|
||||
));
|
||||
$this->set('event_id', $attribute['Attribute']['event_id']);
|
||||
$this->render('ajax/attributeConfirmationForm');
|
||||
}
|
||||
} else {
|
||||
if (!$this->request->is('post') && !$this->_isRest()) {
|
||||
|
|
|
@ -197,9 +197,10 @@ class ShadowAttributesController extends AppController {
|
|||
*/
|
||||
// This method will discard a proposed change. Users that can delete the proposals are the publishing users of the org that created the event and of the ones that created the proposal - in addition to site admins of course
|
||||
public function discard($id = null) {
|
||||
if (!$this->request->is('post') || !$this->request->is('ajax')) {
|
||||
if (!$this->request->is('ajax')) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
$this->ShadowAttribute->id = $id;
|
||||
$this->ShadowAttribute->read();
|
||||
$eventId = $this->ShadowAttribute->data['ShadowAttribute']['event_id'];
|
||||
|
@ -222,6 +223,16 @@ class ShadowAttributesController extends AppController {
|
|||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('false' => true, 'errors' => 'Could not discard proposal.')),'status'=>200));
|
||||
}
|
||||
} else {
|
||||
$this->set('id', $id);
|
||||
$shadowAttribute = $this->ShadowAttribute->find('first', array(
|
||||
'conditions' => array('id' => $id),
|
||||
'recursive' => -1,
|
||||
'fields' => array('id', 'event_id'),
|
||||
));
|
||||
$this->set('event_id', $shadowAttribute['ShadowAttribute']['event_id']);
|
||||
$this->render('ajax/shadowAttributeConfirmationForm');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
<? echo $this->Html->script('ajaxification');?>
|
||||
<div class="attributes <? if (!$ajax) echo 'form';?>">
|
||||
<?php
|
||||
echo $this->Form->create('Attribute', array('id'));
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
<div class="confirmation">
|
||||
<?php
|
||||
echo $this->Form->create('Attribute', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
|
||||
?>
|
||||
<legend>Attribute Deletion</legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<p>Are you sure you want to delete Attribute #<?php echo $id?>?</p>
|
||||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<span id="PromptYesButton" class="btn btn-primary" onClick="submitDeletion(<?php echo $event_id; ?>, 'delete', 'attributes', <?php echo $id;?>)">Yes</span>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
</td>
|
||||
<td style="vertical-align:top;">
|
||||
<span class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();">No</span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -54,8 +54,43 @@ if ($object['objectType'] == 1) {
|
|||
</td>
|
||||
<td class="showspaces <?php echo $extra; ?>">
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_placeholder'; ?>" class = "inline-field-placeholder"></div>
|
||||
<?php if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ): ?>
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid">
|
||||
<?php else: ?>
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_solid'; ?>" class="inline-field-solid" onClick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'value', <?php echo $event['Event']['id'];?>);">
|
||||
<?php echo nl2br(h($object['value'])); ?>
|
||||
<?php
|
||||
endif;
|
||||
$sigDisplay = $object['value'];
|
||||
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
|
||||
$t = ($currentType == 'Attribute' ? 'attributes' : 'shadow_attributes');
|
||||
$filenameHash = explode('|', nl2br(h($object['value'])));
|
||||
if (strrpos($filenameHash[0], '\\')) {
|
||||
$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
|
||||
$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));
|
||||
echo h($filepath);
|
||||
echo $this->Html->link($filename, array('controller' => $t, 'action' => 'download', $object['id']));
|
||||
} else {
|
||||
echo $this->Html->link($filenameHash[0], array('controller' => $t, 'action' => 'download', $object['id']));
|
||||
}
|
||||
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
|
||||
} elseif (strpos($object['type'], '|') !== false) {
|
||||
$filenameHash = explode('|', $object['value']);
|
||||
echo h($filenameHash[0]);
|
||||
if (isset($filenameHash[1])) echo ' | ' . $filenameHash[1];
|
||||
} elseif ('vulnerability' == $object['type']) {
|
||||
if (! is_null(Configure::read('MISP.cveurl'))) {
|
||||
$cveUrl = Configure::read('MISP.cveurl');
|
||||
} else {
|
||||
$cveUrl = "http://www.google.com/search?q=";
|
||||
}
|
||||
echo $this->Html->link(h($sigDisplay), h($cveUrl) . h($sigDisplay), array('target' => '_blank'));
|
||||
} elseif ('link' == $object['type']) {
|
||||
echo $this->Html->link(h($sigDisplay), h($sigDisplay));
|
||||
} else {
|
||||
$sigDisplay = str_replace("\r", '', $sigDisplay);
|
||||
echo nl2br(h($sigDisplay));
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
</td>
|
||||
<td class="showspaces bitwider <?php echo $extra; ?>">
|
||||
|
@ -92,7 +127,7 @@ if ($object['objectType'] == 1) {
|
|||
?>
|
||||
</div>
|
||||
</td>
|
||||
<td class="<?php echo $extra; ?>" style="width:150px;">
|
||||
<td class="<?php echo $extra; ?> shortish">
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_placeholder'; ?>" class = "inline-field-placeholder"></div>
|
||||
<div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_solid'; ?>" class="inline-field-solid" onClick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'distribution', <?php echo $event['Event']['id'];?>);">
|
||||
<?php if ($object['objectType'] != 1 && $object['objectType'] != 2) echo h($distributionLevels[$object['distribution']]); ?>
|
||||
|
@ -105,7 +140,7 @@ if ($object['objectType'] == 1) {
|
|||
echo $this->Form->create('Attribute', array('class' => 'inline-delete', 'id' => $currentType . '_' . $object['id'] . '_delete', 'action' => 'delete'));
|
||||
?>
|
||||
<a href="/attributes/edit/<?php echo $object['id']; ?>" title="Edit" class="icon-edit useCursorPointer"></a>
|
||||
<span class="icon-trash useCursorPointer" onClick="deleteObject('attributes', '<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
|
||||
<span class="icon-trash useCursorPointer" onClick="deleteObject('attributes', 'delete', '<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
} else {
|
||||
|
@ -123,7 +158,7 @@ if ($object['objectType'] == 1) {
|
|||
if (($event['Event']['orgc'] == $me['org'] && $mayModify) || $isSiteAdmin || ($object['org'] == $me['org'])) {
|
||||
echo $this->Form->create('ShadowAttribute', array('class' => 'inline-delete', 'style' => 'display:inline-block;', 'id' => 'ShadowAttribute_' . $object['id'] . '_delete', 'action' => 'delete'));
|
||||
?>
|
||||
<span class="icon-trash useCursorPointer" onClick="deleteObject('shadow_attributes', '<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
|
||||
<span class="icon-trash useCursorPointer" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
}
|
||||
|
|
|
@ -159,6 +159,7 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']);
|
|||
<?php if (sizeOf($allPivots) > 1) echo $this->element('pivot'); ?>
|
||||
</div>
|
||||
<div id="attribute_add_form" class="attribute_add_form"></div>
|
||||
<div id="confirmation_box" class="confirmation_box"></div>
|
||||
<div id="attribute_creation_div" style="display:none;">
|
||||
<?php
|
||||
echo $this->element('eventattributecreation');
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
<div class="confirmation">
|
||||
<?php
|
||||
echo $this->Form->create('ShadowAttribute', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
|
||||
?>
|
||||
<legend>Proposal Deletion</legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<p>Are you sure you want to delete Proposal #<?php echo $id?>?</p>
|
||||
<table>
|
||||
<tr>
|
||||
<td style="vertical-align:top">
|
||||
<span id="PromptYesButton" class="btn btn-primary" onClick="submitDeletion(<?php echo $event_id; ?>, 'discard', 'shadow_attributes', <?php echo $id;?>)">Yes</span>
|
||||
</td>
|
||||
<td style="width:540px;">
|
||||
</td>
|
||||
<td style="vertical-align:top;">
|
||||
<span class="btn btn-inverse" id="PromptNoButton" onClick="cancelPrompt();">No</span>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
|
@ -708,6 +708,27 @@ a.proposal_link_red:hover {
|
|||
z-index:5;
|
||||
}
|
||||
|
||||
.confirmation_box {
|
||||
display:none;
|
||||
width: 300px;
|
||||
top:calc(50% - 50px);
|
||||
left:calc(50% - 150px);
|
||||
position: fixed;
|
||||
background-color:#f4f4f4;
|
||||
border-radius: 5px;
|
||||
box-shadow: 4px 4px 4px #333;
|
||||
z-index:5;
|
||||
}
|
||||
|
||||
.confirmation_box legend {
|
||||
border-radius: 5px 5px 0px 0px;
|
||||
margin-bottom:5px;
|
||||
padding-left:5px;
|
||||
width:295px;
|
||||
background-color:black;
|
||||
color:white;
|
||||
}
|
||||
|
||||
.attribute_add_form {
|
||||
display:none;
|
||||
width: 700px;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
function deleteObject(type, id, event) {
|
||||
function deleteObject2(type, id, event) {
|
||||
var typeMessage, name, action;
|
||||
if (type == 'attributes') {
|
||||
action = 'delete';
|
||||
|
@ -25,6 +25,50 @@ function deleteObject(type, id, event) {
|
|||
}
|
||||
}
|
||||
|
||||
function deleteObject(type, action, id, event) {
|
||||
var destination = 'attributes';
|
||||
if (type == 'shadow_attributes') destination = 'shadow_attributes';
|
||||
$.get( "/" + destination + "/" + action + "/" + id, function(data) {
|
||||
$("#confirmation_box").fadeIn();
|
||||
$("#gray_out").fadeIn();
|
||||
$("#confirmation_box").html(data);
|
||||
$(window).bind('keypress', function(e) {
|
||||
var code = e.keyCode || e.which;
|
||||
if (code == 13) {
|
||||
submitDeletion(event, action, type, id);
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function cancelPrompt() {
|
||||
$("#confirmation_box").fadeIn();
|
||||
$("#gray_out").fadeOut();
|
||||
$("#confirmation_box").empty();
|
||||
}
|
||||
|
||||
function submitDeletion(event, action, type, id) {
|
||||
var formData = $('#PromptForm').serialize();
|
||||
$.ajax({
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
data: formData,
|
||||
success:function (data, textStatus) {
|
||||
updateAttributeIndexOnSuccess(event);
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
complete:function() {
|
||||
$(".loading").hide();
|
||||
$("#confirmation_box").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
},
|
||||
type:"post",
|
||||
cache: false,
|
||||
url:"/" + type + "/" + action + "/" + id,
|
||||
});
|
||||
}
|
||||
|
||||
function acceptObject(type, id, event) {
|
||||
name = '#ShadowAttribute_' + id + '_accept';
|
||||
var formData = $(name).serialize();
|
||||
|
|
Loading…
Reference in New Issue