mirror of https://github.com/MISP/MISP
fix: [CSRF] Potential fix for the CSRF issues via tag/galaxy additions
parent
25d8d6cf94
commit
ab86fd658b
|
@ -46,7 +46,7 @@ class AppController extends Controller
|
|||
|
||||
public $helpers = array('Utility', 'OrgImg', 'FontAwesome');
|
||||
|
||||
private $__queryVersion = '71';
|
||||
private $__queryVersion = '72';
|
||||
public $pyMispVersion = '2.4.106';
|
||||
public $phpmin = '7.0';
|
||||
public $phprec = '7.2';
|
||||
|
|
|
@ -604,105 +604,105 @@ function submitForm(type, id, field, context) {
|
|||
|
||||
function quickSubmitTagForm(selected_tag_ids, addData) {
|
||||
var event_id = addData.id;
|
||||
var formData = fetchFormDataAjax("/events/addTag/" + event_id);
|
||||
$('#temp').html(formData);
|
||||
$('#EventTag').val(JSON.stringify(selected_tag_ids));
|
||||
$.ajax({
|
||||
data: $('#EventAddTagForm').serialize(),
|
||||
cache: false,
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
loadEventTags(event_id);
|
||||
loadGalaxies(event_id, 'event');
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadEventTags(event_id);
|
||||
loadGalaxies(event_id, 'event');
|
||||
},
|
||||
complete:function() {
|
||||
$('#temp').empty();
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/events/addTag/" + event_id
|
||||
fetchFormDataAjax("/events/addTag/" + event_id, function(formData) {
|
||||
$('#temp').html(formData);
|
||||
$('#EventTag').val(JSON.stringify(selected_tag_ids));
|
||||
$.ajax({
|
||||
data: $('#EventAddTagForm').serialize(),
|
||||
cache: false,
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
loadEventTags(event_id);
|
||||
loadGalaxies(event_id, 'event');
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadEventTags(event_id);
|
||||
loadGalaxies(event_id, 'event');
|
||||
},
|
||||
complete:function() {
|
||||
$('#temp').empty();
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/events/addTag/" + event_id
|
||||
});
|
||||
$('#temp').remove();
|
||||
});
|
||||
$('#temp').remove();
|
||||
return false;
|
||||
}
|
||||
|
||||
function quickSubmitAttributeTagForm(selected_tag_ids, addData) {
|
||||
var attribute_id = addData.id;
|
||||
var formData = fetchFormDataAjax("/attributes/addTag/" + attribute_id);
|
||||
$('#temp').html(formData);
|
||||
$('#AttributeTag').val(JSON.stringify(selected_tag_ids));
|
||||
if (attribute_id == 'selected') {
|
||||
$('#AttributeAttributeIds').val(getSelected());
|
||||
}
|
||||
$.ajax({
|
||||
data: $('#AttributeAddTagForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
if (attribute_id == 'selected') {
|
||||
updateIndex(0, 'event');
|
||||
} else {
|
||||
fetchFormDataAjax("/attributes/addTag/" + attribute_id, function(formData) {
|
||||
$('#temp').html(formData);
|
||||
$('#AttributeTag').val(JSON.stringify(selected_tag_ids));
|
||||
if (attribute_id == 'selected') {
|
||||
$('#AttributeAttributeIds').val(getSelected());
|
||||
}
|
||||
$.ajax({
|
||||
data: $('#AttributeAddTagForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
if (attribute_id == 'selected') {
|
||||
updateIndex(0, 'event');
|
||||
} else {
|
||||
loadAttributeTags(attribute_id);
|
||||
loadGalaxies(attribute_id, 'attribute');
|
||||
}
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadAttributeTags(attribute_id);
|
||||
loadGalaxies(attribute_id, 'attribute');
|
||||
}
|
||||
handleGenericAjaxResponse(data);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadAttributeTags(attribute_id);
|
||||
loadGalaxies(attribute_id, 'attribute');
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/attributes/addTag/" + attribute_id
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/attributes/addTag/" + attribute_id
|
||||
});
|
||||
$('#temp').remove();
|
||||
});
|
||||
$('#temp').remove();
|
||||
return false;
|
||||
}
|
||||
|
||||
function quickSubmitTagCollectionTagForm(selected_tag_ids, addData) {
|
||||
var tag_collection_id = addData.id;
|
||||
var formData = fetchFormDataAjax("/tag_collections/addTag/" + tag_collection_id);
|
||||
$('#temp').html(formData);
|
||||
$('#TagCollectionTag').val(JSON.stringify(selected_tag_ids));
|
||||
$.ajax({
|
||||
data: $('#TagCollectionAddTagForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
handleGenericAjaxResponse(data);
|
||||
refreshTagCollectionRow(tag_collection_id);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadTagCollectionTags(tag_collection_id);
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/tag_collections/addTag/" + tag_collection_id
|
||||
fetchFormDataAjax("/tag_collections/addTag/" + tag_collection_id, function(formData) {
|
||||
$('#temp').html(formData);
|
||||
$('#TagCollectionTag').val(JSON.stringify(selected_tag_ids));
|
||||
$.ajax({
|
||||
data: $('#TagCollectionAddTagForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
handleGenericAjaxResponse(data);
|
||||
refreshTagCollectionRow(tag_collection_id);
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add tag.');
|
||||
loadTagCollectionTags(tag_collection_id);
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url:"/tag_collections/addTag/" + tag_collection_id
|
||||
});
|
||||
$('#temp').remove();
|
||||
});
|
||||
$('#temp').remove();
|
||||
return false;
|
||||
}
|
||||
|
||||
function refreshTagCollectionRow(tag_collection_id) {
|
||||
|
@ -3640,43 +3640,43 @@ function addGalaxyListener(id) {
|
|||
function quickSubmitGalaxyForm(cluster_ids, additionalData) {
|
||||
var target_id = additionalData['target_id'];
|
||||
var scope = additionalData['target_type'];
|
||||
var formData = fetchFormDataAjax("/galaxies/attachMultipleClusters/" + target_id + "/" + scope);
|
||||
$('#temp').html(formData);
|
||||
$('#temp #GalaxyTargetIds').val(JSON.stringify(cluster_ids));
|
||||
if (target_id == 'selected') {
|
||||
$('#AttributeAttributeIds, #GalaxyAttributeIds').val(getSelected());
|
||||
}
|
||||
$.ajax({
|
||||
data: $('#GalaxyAttachMultipleClustersForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
if (target_id === 'selected') {
|
||||
location.reload();
|
||||
} else {
|
||||
if (scope == 'tag_collection') {
|
||||
fetchFormDataAjax("/galaxies/attachMultipleClusters/" + target_id + "/" + scope, function(formData) {
|
||||
$('#temp').html(formData);
|
||||
$('#temp #GalaxyTargetIds').val(JSON.stringify(cluster_ids));
|
||||
if (target_id == 'selected') {
|
||||
$('#AttributeAttributeIds, #GalaxyAttributeIds').val(getSelected());
|
||||
}
|
||||
$.ajax({
|
||||
data: $('#GalaxyAttachMultipleClustersForm').serialize(),
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
$(".loading").show();
|
||||
},
|
||||
success:function (data, textStatus) {
|
||||
if (target_id === 'selected') {
|
||||
location.reload();
|
||||
} else {
|
||||
loadGalaxies(target_id, scope);
|
||||
handleGenericAjaxResponse(data);
|
||||
if (scope == 'tag_collection') {
|
||||
location.reload();
|
||||
} else {
|
||||
loadGalaxies(target_id, scope);
|
||||
handleGenericAjaxResponse(data);
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add cluster.');
|
||||
loadGalaxies(target_id, scope);
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url: "/galaxies/attachMultipleClusters/" + target_id + "/" + scope
|
||||
},
|
||||
error:function() {
|
||||
showMessage('fail', 'Could not add cluster.');
|
||||
loadGalaxies(target_id, scope);
|
||||
},
|
||||
complete:function() {
|
||||
$("#popover_form").fadeOut();
|
||||
$("#gray_out").fadeOut();
|
||||
$(".loading").hide();
|
||||
},
|
||||
type:"post",
|
||||
url: "/galaxies/attachMultipleClusters/" + target_id + "/" + scope
|
||||
});
|
||||
$('#temp').remove();
|
||||
});
|
||||
$('#temp').remove();
|
||||
return false;
|
||||
}
|
||||
|
||||
function checkAndSetPublishedInfo(skip_reload) {
|
||||
|
@ -4271,30 +4271,30 @@ function submit_feed_overlap_tool(feedId) {
|
|||
function changeTaxonomyRequiredState(checkbox) {
|
||||
var checkbox_state = $(checkbox).is(":checked");
|
||||
var taxonomy_id = $(checkbox).data('taxonomy-id');
|
||||
var formData = fetchFormDataAjax('/taxonomies/toggleRequired/' + taxonomy_id);
|
||||
$.ajax({
|
||||
data: $(formData).serialize(),
|
||||
success:function (data, textStatus) {
|
||||
handleGenericAjaxResponse({'saved':true, 'success':['Taxonomy\'s required state toggled.']});
|
||||
},
|
||||
error:function() {
|
||||
$(checkbox).prop('checked', !$(checkbox).prop('checked'));
|
||||
handleGenericAjaxResponse({'saved':false, 'errors':['Could not toggle the required state of the taxonomy.']});
|
||||
},
|
||||
async:"false",
|
||||
type:"post",
|
||||
cache: false,
|
||||
url: '/taxonomies/toggleRequired/' + taxonomy_id,
|
||||
fetchFormDataAjax('/taxonomies/toggleRequired/' + taxonomy_id, function(formData) {
|
||||
$.ajax({
|
||||
data: $(formData).serialize(),
|
||||
success:function (data, textStatus) {
|
||||
handleGenericAjaxResponse({'saved':true, 'success':['Taxonomy\'s required state toggled.']});
|
||||
},
|
||||
error:function() {
|
||||
$(checkbox).prop('checked', !$(checkbox).prop('checked'));
|
||||
handleGenericAjaxResponse({'saved':false, 'errors':['Could not toggle the required state of the taxonomy.']});
|
||||
},
|
||||
async:"false",
|
||||
type:"post",
|
||||
cache: false,
|
||||
url: '/taxonomies/toggleRequired/' + taxonomy_id,
|
||||
});
|
||||
});
|
||||
formData = false;
|
||||
}
|
||||
|
||||
function fetchFormDataAjax(url) {
|
||||
function fetchFormDataAjax(url, callback) {
|
||||
var formData = false;
|
||||
$.ajax({
|
||||
data: '[]',
|
||||
success:function (data, textStatus) {
|
||||
formData = data;
|
||||
callback(data);
|
||||
},
|
||||
error:function() {
|
||||
handleGenericAjaxResponse({'saved':false, 'errors':['Request failed due to an unexpected error.']});
|
||||
|
@ -4304,7 +4304,6 @@ function fetchFormDataAjax(url) {
|
|||
cache: false,
|
||||
url: url
|
||||
});
|
||||
return formData;
|
||||
}
|
||||
|
||||
(function(){
|
||||
|
|
Loading…
Reference in New Issue