fix: Empty comments may be added to events #1263

- moved to plain jquery
- check on back+frontend
- better responses when adding events
- fixed an issue with the org_id not being selected for posts

app/Controller/AppController.php

@@ -45,7 +45,7 @@ class AppController extends Controller {
 
 	public $helpers = array('Utility');
 
-	private $__jsVersion = '2.4.46';
+	private $__jsVersion = '2.4.48';
 
 	// Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
 	// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats

app/Controller/PostsController.php

@@ -103,6 +103,7 @@ class PostsController extends AppController {
 			break;
 		}
 		if ($this->request->is('post')) {
+			if (empty($this->request->data['Post']['message'])) throw new MethodNotAllowedException('Cannot post an empty message.');
 			// Set the default values that we'll alter before actually saving data. These are the default values unless specifically modified.
 			// By default, all discussions will be visibile to everyone on the platform
 

app/Controller/ThreadsController.php

@@ -95,7 +95,7 @@ class ThreadsController extends AppController {
 			$this->Thread->Behaviors->unload('SysLogLogable.SysLogLogable');
 			$params = array('conditions' => array('event_id' => $id),
 					'recursive' => -1,
-					'fields' => array('id', 'event_id', 'distribution', 'title', 'sharing_group_id')
+					'fields' => array('id', 'event_id', 'distribution', 'title', 'sharing_group_id', 'org_id')
 			);
 			$thread = $this->Thread->find('first', $params);
 			if (!empty($thread)) {

app/Model/Post.php

@@ -21,6 +21,12 @@ class Post extends AppModel {
 			'Thread',
 			'User'
 	);
+	
+	public $validate = array(
+			'contents' => array(
+					'rule' => array('valueNotEmpty'),
+			),
+	);
 
 	public function sendPostsEmailRouter($user_id, $post_id, $event_id, $title, $message, $JobId = false) {
 		if (Configure::read('MISP.background_jobs')) {

app/View/Elements/eventdiscussion.ctp

@@ -153,15 +153,9 @@
 			));
 		?>
 		</fieldset>
+		<button class="btn btn-primary" onClick="submitMessageForm('<?php echo h($url);?>', 'PostViewForm', 'top'); return false;">Send</button>
 	<?php
-	echo $this->Js->submit('Send', array(
-			'before'=>$this->Js->get('#loading')->effect('fadeIn'),
-			'success'=>$this->Js->get('#loading')->effect('fadeOut'),
-			'update'=>'#top',
-			'class'=>'btn btn-primary',
-			'url' => $url
-	));
-	echo $this->Form->end();
+		echo $this->Form->end();
 	?>
 	</div>
 </div>

app/webroot/js/misp2.4.48.js

@@ -164,6 +164,33 @@ function submitPasswordReset(id) {
 	});
 }
 
+function submitMessageForm(url, form, target) {
+	if (!$('#PostMessage').val()) {
+		showMessage("fail", "Cannot submit empty message.");
+	} else {
+		submitGenericForm(url, form, target);
+	}
+}
+
+function submitGenericForm(url, form, target) {
+	$.ajax({
+		beforeSend: function (XMLHttpRequest) {
+			$(".loading").show();
+		},
+		data: $('#' + form).serialize(),
+		success:function (data, textStatus) {
+			$('#top').html(data);
+			showMessage("success", "Message added.");
+		},
+		complete:function() {
+			$(".loading").hide();
+		},
+		type:"post",
+		cache: false,
+		url:url,		
+	});
+}
+
 function acceptObject(type, id, event) {
 	name = '#ShadowAttribute_' + id + '_accept';
 	var formData = $(name).serialize();