MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [API] Remove default filters for viewEventAttributes

pull/7905/head
Jakub Onderka 2021-10-29 16:30:24 +02:00
parent 5a0e29aee4
commit a4f9d14602
2 changed files with 30 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/Controller/AppController.php
View File

@ -906,22 +906,29 @@ class AppController extends Controller
return $user;
}
// generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
/**
* generic function to standardise on the collection of parameters. Accepts posted request objects, url params, named url params
* @param array $options
* @param $exception
* @param array $data
* @return array|false|mixed
*/
protected function _harvestParameters($options, &$exception, $data = array())
{
if (!empty($options['request']->is('post'))) {
if (empty($options['request']->data)) {
$request = $options['request'] ?? $this->request;
if ($request->is('post')) {
if (empty($request->data)) {
$exception = $this->RestResponse->throwException(
400,
__('Either specify the search terms in the url, or POST a json with the filter parameters.'),
'/' . $this->request->params['controller'] . '/' . $this->request->action
'/' . $request->params['controller'] . '/' . $request->action
);
return false;
} else {
if (isset($options['request']->data['request'])) {
$data = array_merge($data, $options['request']->data['request']);
if (isset($request->data['request'])) {
$data = array_merge($data, $request->data['request']);
} else {
$data = array_merge($data, $options['request']->data);
$data = array_merge($data, $request->data);
}
}
}

29
app/Controller/EventsController.php
View File

@ -1178,12 +1178,21 @@ class EventsController extends AppController
public function viewEventAttributes($id, $all = false)
{
$filterData = array(
'request' => $this->request,
'paramArray' => self::ACCEPTED_FILTERING_NAMED_PARAMS,
'named_params' => $this->request->params['named']
);
$exception = false;
$filters = $this->_harvestParameters($filterData, $exception);
if ($exception) {
return $exception;
}
// Remove default filters
foreach ($filters as $filterName => $filterValue) {
if (isset(self::DEFAULT_FILTERING_RULE[$filterName]) && self::DEFAULT_FILTERING_RULE[$filterName] == $filterValue) {
unset($filters[$filterName]);
}
}
if (isset($filters['focus'])) {
$this->set('focus', $filters['focus']);
@ -1912,6 +1921,11 @@ class EventsController extends AppController
$this->redirect(array('controller' => 'events', 'action' => 'view', $eventId, true, $eventId));
}
/**
* @param array $event
* @param string $searchFor
* @param string|false $filterColumnsOverwrite
*/
private function __applyQueryString(&$event, $searchFor, $filterColumnsOverwrite=false)
{
// filtering on specific columns is specified
@ -1922,7 +1936,7 @@ class EventsController extends AppController
$filterValue = array_map('trim', explode(",", $filterColumnsOverwrite));
$validFilters = array('id', 'uuid', 'value', 'comment', 'type', 'category', 'Tag.name');
foreach ($filterValue as $k => $v) {
if (!in_array($v, $validFilters)) {
if (!in_array($v, $validFilters, true)) {
unset($filterValue[$k]);
}
}
@ -1998,17 +2012,6 @@ class EventsController extends AppController
return array('active' => $activeRules > 0 ? $res : false, 'activeRules' => $activeRules);
}
private function __removeChildren(&$pivot, $id)
{
if ($pivot['id'] == $id) {
$pivot['children'] = array();
} else {
foreach ($pivot['children'] as $k => $v) {
$this->__removeChildren($v, $id);
}
}
}
private function __doRemove(&$pivot, $id)
{
foreach ($pivot['children'] as $k => $v) {