MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixed broken AJAX queries in MISP as a result to changes in cakephp 2.4.8+ 

A change in cakephp version 2.4.8+ has resulted in ajax form submitions breaking. Reason for this was a change in the SecurityComponent taking the url specified in the form into account when generating the CSRF tokens.

This is now fixed by embedding the correct url in the ajax forms.
pull/304/merge
iglocska 2014-08-06 10:02:52 +02:00
parent 53ac9a16da
commit 3da49c964b
18 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Controller/TemplateElementsController.php
View File

@ -154,6 +154,10 @@ class TemplateElementsController extends AppController {
$this->request->data[$ModelType] = $templateElement[$ModelType][0];
if ($type == 'attribute') {
$this->loadModel('Attribute');
// combobox for types
$types = array_keys($this->Attribute->typeDefinitions);
$types = $this->_arrayToValuesIndexArray($types);
$this->set('types', $types);
// combobox for categories
$categories = $this->Attribute->validate['category']['rule'][1];
array_pop($categories);
@ -170,7 +174,7 @@ class TemplateElementsController extends AppController {
if ($this->request->data['TemplateElementAttribute']['complex']) {
$this->set('initialTypes', $this->_arrayToValuesIndexArray($this->Attribute->typeGroupCategoryMapping[$templateElement['TemplateElementAttribute'][0]['category']]));
} else {
$this->set('initialTypes', $categoryDefinitions[$templateElement['TemplateElementAttribute'][0]['category']]['types']);
$this->set('initialTypes', $this->_arrayToValuesIndexArray($categoryDefinitions[$templateElement['TemplateElementAttribute'][0]['category']]['types']));
}
$this->set('initialValues', $templateElement['TemplateElementAttribute'][0]);
$this->set('categoryDefinitions', $categoryDefinitions);

2
app/Lib/cakephp

@ -1 +1 @@
Subproject commit 8b1e5e31c7517c1e1a53bf7a9fb63338ef7e0c3b
Subproject commit 4b5e3c176ece9ddab5ac438cfba0bdcdd0d3ab9e

2
app/View/Attributes/ajax/attributeEditCategoryForm.ctp
View File

@ -1,5 +1,5 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_category_form', 'action' => 'editField'));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_category_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/ajax/attributeEditCommentForm.ctp
View File

@ -1,5 +1,5 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_comment_form', 'action' => 'editField'));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_comment_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/ajax/attributeEditDistributionForm.ctp
View File

@ -1,5 +1,5 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_distribution_form', 'action' => 'editField'));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_distribution_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/ajax/attributeEditMassForm.ctp
View File

@ -1,6 +1,6 @@
<div class="attributes">
<?php
echo $this->Form->create('Attribute', array('action' => 'editSelected'));
echo $this->Form->create('Attribute', array('url' => '/attributes/editSelected/' . $id));
?>
<fieldset>
<legend><?php echo __('Mass Edit Attributes'); ?></legend>

2
app/View/Attributes/ajax/attributeEditTo_idsForm.ctp
View File

@ -1,5 +1,5 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute' . '_' . $object['id'] . '_to_ids_form', 'action' => 'editField'));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute' . '_' . $object['id'] . '_to_ids_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/ajax/attributeEditTypeForm.ctp
View File

@ -1,5 +1,5 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_type_form', 'action' => 'editField'));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_type_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/ajax/attributeEditValueForm.ctp
View File

@ -1,6 +1,6 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_value_form', 'action' => 'editField', 'default' => false));
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'url' => '/attributes/editField/' . $object['id'], 'id' => 'Attribute_' . $object['id'] . '_value_form', 'default' => false));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>

2
app/View/Attributes/attribute_replace.ctp
View File

@ -1,6 +1,6 @@
<div class="attribute_replace">
<?php
echo $this->Form->create('Attribute', array('id'));
echo $this->Form->create('Attribute', array('id', 'url' => '/attributes/attributeReplace/' . $event_id));
?>
<fieldset>
<legend><?php echo __('Attribute Replace Tool'); ?></legend>

2
app/View/Elements/ajaxTags.ctp
View File

@ -25,7 +25,7 @@
if ($isAclTagger) : ?>
<td id ="addTagTD" style="display:none;">
<?php
echo $this->Form->create('Event', array('url' => '/events/addTag', 'style' => 'margin:0px;'));
echo $this->Form->create('Event', array('url' => '/events/addTag/' . $event['Event']['id'], 'style' => 'margin:0px;'));
echo $this->Form->hidden('id', array('value' => $event['Event']['id']));
echo $this->Form->input('tag', array(
'options' => array($allTags),

2
app/View/Elements/eventattribute.ctp
View File

@ -45,7 +45,7 @@
?>
<div id="edit_object_div">
<?php
echo $this->Form->create('Attribute', array('id' => 'delete_selected', 'action' => 'deleteSelected'));
echo $this->Form->create('Attribute', array('id' => 'delete_selected', 'url' => '/attributes/deleteSelected/' . $event['Event']['id']));
echo $this->Form->input('ids', array(
'type' => 'text',
'value' => 'test',

2
app/View/TemplateElements/ajax/template_element_add_attribute.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_attribute">
<?php
echo $this->Form->create('TemplateElementAttribute', array('id'));
echo $this->Form->create('TemplateElementAttribute', array('id', 'url' => '/templateElements/add/attribute/' . $id));
?>
<legend><?php echo __('Add Attribute Element To Template'); ?></legend>
<fieldset>

2
app/View/TemplateElements/ajax/template_element_add_file.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_file">
<?php
echo $this->Form->create('TemplateElementFile', array('id'));
echo $this->Form->create('TemplateElementFile', array('id', 'url' => '/templateElements/add/file/' . $id));
?>
<legend><?php echo __('Add File Element To Template'); ?></legend>
<fieldset>

2
app/View/TemplateElements/ajax/template_element_add_text.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_text">
<?php
echo $this->Form->create('TemplateElementText', array('id'));
echo $this->Form->create('TemplateElementText', array('id', 'url' => '/templateElements/add/text/' . $id));
?>
<legend><?php echo __('Add Text Element To Template'); ?></legend>
<fieldset>

2
app/View/TemplateElements/ajax/template_element_edit_attribute.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_attribute">
<?php
echo $this->Form->create('TemplateElementAttribute', array('id'));
echo $this->Form->create('TemplateElementAttribute', array('id', 'url' => '/templateElements/edit/attribute/' . $id));
?>
<legend><?php echo __('Edit Attribute Element'); ?></legend>
<fieldset>

2
app/View/TemplateElements/ajax/template_element_edit_file.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_file">
<?php
echo $this->Form->create('TemplateElementFile', array('id'));
echo $this->Form->create('TemplateElementFile', array('id', 'url' => '/templateElements/edit/file/' . $id));
?>
<legend><?php echo __('Edit File Element'); ?></legend>
<fieldset>

2
app/View/TemplateElements/ajax/template_element_edit_text.ctp
View File

@ -1,6 +1,6 @@
<div class="template_element_add_text">
<?php
echo $this->Form->create('TemplateElementText', array('id'));
echo $this->Form->create('TemplateElementText', array('id', 'url' => '/templateElements/add/text/' . $id));
?>
<legend><?php echo __('Add Text Element To Template'); ?></legend>
<fieldset>