MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fixing some REST API and XML issues

pull/217/head
Christophe Vandeplas 2013-05-28 11:15:21 +02:00
parent 5ca8ff9571
commit e3ed847ba0
7 changed files with 213 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/Config/bootstrap.default.php
View File

@ -133,24 +133,8 @@ Configure::write('GnuPG.homedir', '/path/to/your/.gnupg/');
Configure::write('SecureAuth.amount', 5); // the maximum amount of failed logins
Configure::write('SecureAuth.expire', 300); // the time-window for the maximum amount of logins in seconds
/**
* Network activity, ip-src
* 30 class-C network ip addresses
* (time in ms)
*
* default db sql
* all 25366 16601 15941
* 24839 16604 15611
* paginated 16759 8447 6615
* 17734 8639 8846
*/
Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available to do resolution.
Configure::write('CyDefSIG.rest', 'ii'); // i is unchecked, use ii
// RESTfull, possible values:
// - i, event without attributes
// - ii, event with attributes (more framework friendly and more RESTfull friendly)
/**
* The settings below can be used to set additional paths to models, views and controllers.
*

10
app/Controller/AttributesController.php
View File

@ -181,11 +181,6 @@ class AttributesController extends AppController {
// create the attribute
$this->Attribute->create();
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
//$this->request->data['Attribute']['event_id'] = $eventId;
}
// Notice (8): Undefined index: id [APP/Controller/AttributesController.php, line 234]
// Should be fixed
$savedId = $this->Attribute->getId();
@ -499,11 +494,6 @@ class AttributesController extends AppController {
}
$fieldList = array('category', 'type', 'value1', 'value2', 'to_ids', 'private', 'cluster', 'value');
if ("i" == Configure::read('CyDefSIG.rest')) {
unset($this->request->data['Event']);
$this->Attribute->unbindModel(array('belongsTo' => array('Event')));
$this->request->data['Attribute']['event_id'] = $eventId;
}
$this->loadModel('Event');
$this->Event->id = $eventId;

107
app/Controller/EventsController.php
View File

@ -130,7 +130,7 @@ class EventsController extends AppController {
$this->Event->contain('Attribute', 'Attribute.ShadowAttribute', 'User.email');
$this->Event->id = $id;
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
throw new NotFoundException(__('Invalid event, it already exists.'));
}
$this->Event->read(null, $id);
$userEmail = $this->Event->data['User']['email'];
@ -246,10 +246,10 @@ class EventsController extends AppController {
$ext = $file->ext();
}
$ioc = false;
if($this->data['Event']['submittedioc']['error'] != 4) {
$ioc = true;
}
if (isset($this->data['Event']['submittedioc'])) {
if($this->data['Event']['submittedioc']['error'] != 4) {
$ioc = true;
}
App::uses('File', 'Utility');
$file = new File($this->data['Event']['submittedgfi']['name']);
$ext = $file->ext();
@ -324,18 +324,18 @@ class EventsController extends AppController {
* @return bool true if success
*/
public function _add(&$data, $fromXml, $or='', $passAlong = null, $fromPull = false) {
$this->Event->create();
// force check userid and orgname to be from yourself
$auth = $this->Auth;
$data['Event']['user_id'] = $auth->user('id');
$data['Event']['org'] = $auth->user('org');
//$data['Event']['org'] = strlen($or) ? $or : $auth->user('org'); // FIXME security - org problem
if (!$fromXml) {
$data['Event']['orgc'] = $data['Event']['org'];
}
unset ($data['Event']['id']);
$this->Event->create();
//$this->Event->data = $data;
if ($fromXml) {
// FIXME FIXME chri: temporary workaround for unclear org, orgc, from
$data['Event']['orgc'] = $data['Event']['org'];
$data['Event']['from'] = $data['Event']['org'];
// Workaround for different structure in XML/array than what CakePHP expects
$this->Event->cleanupEventArrayFromXML($data);
// the event_id field is not set (normal) so make sure no validation errors are thrown
@ -343,15 +343,13 @@ class EventsController extends AppController {
unset($this->Event->Attribute->validate['event_id']);
unset($this->Event->Attribute->validate['value']['unique']); // otherwise gives bugs because event_id is not set
}
// upstream: false = distribution
// true = reverse distribution, back to origin
$upstream = false;
if (isset($data['Event']['uuid'])) { // TODO here we start RESTful dialog
unset ($data['Event']['id']);
if (isset($data['Event']['uuid'])) {
// check if the uuid already exists
$existingEventCount = $this->Event->find('count', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
if ($existingEventCount > 0) {
// TODO RESTfull, set responce location header..so client can find right URL to edit
// RESTfull, set responce location header..so client can find right URL to edit
if ($fromPull) return false;
$existingEvent = $this->Event->find('first', array('conditions' => array('Event.uuid' => $data['Event']['uuid'])));
$this->response->header('Location', Configure::read('CyDefSIG.baseurl') . '/events/' . $existingEvent['Event']['id']);
@ -360,29 +358,20 @@ class EventsController extends AppController {
}
}
if ($upstream) {
$fieldList = array(
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
);
} else {
$fieldList = array(
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
);
}
// FIXME chri: validate the necessity for all these fields...impact on security !
$fieldList = array(
'Event' => array('orgc', 'date', 'risk', 'analysis', 'info', 'published', 'uuid'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision')
);
$fieldList = array(
'Event' => array('org', 'orgc', 'date', 'risk', 'analysis', 'info', 'user_id', 'published', 'uuid', 'private', 'cluster', 'communitie', 'dist_change', 'from'),
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'cluster', 'communitie', 'dist_change')
);
if ("i" == Configure::read('CyDefSIG.baseurl')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
unset($data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
}
$saveResult = $this->Event->saveAssociated($data, array('validate' => true, 'fieldList' => $fieldList));
// FIXME chri: check if output of $saveResult is what we expect when data not valid, see issue #104
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published'] && $data['Event']['private'] == false) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
// do the necessary actions to publish the event (email, upload,...)
$this->__publish($this->Event->getId(), $passAlong);
}
@ -459,44 +448,35 @@ class EventsController extends AppController {
'Attribute' => array('event_id', 'category', 'type', 'value', 'value1', 'value2', 'to_ids', 'uuid', 'revision', 'private', 'communitie', 'cluster', 'dist_change')
);
if ("ii" == Configure::read('CyDefSIG.rest')) {
// reposition to get the attribute.id with given uuid
$c = 0;
if (isset($this->request->data['Attribute'])) {
foreach ($this->request->data['Attribute'] as $attribute) {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
unset($this->request->data['Attribute'][$c]['private']);
unset($this->request->data['Attribute'][$c]['cluster']);
unset($this->request->data['Attribute'][$c]['communitie']);
}
// reposition to get the attribute.id with given uuid
$c = 0;
if (isset($this->request->data['Attribute'])) {
foreach ($this->request->data['Attribute'] as $attribute) {
$existingAttribute = $this->Event->Attribute->findByUuid($attribute['uuid']);
if (count($existingAttribute)) {
$this->request->data['Attribute'][$c]['id'] = $existingAttribute['Attribute']['id'];
if (!($this->request->data['Attribute'][$c]['dist_change'] > $existingAttribute['Attribute']['dist_change'])) {
unset($this->request->data['Attribute'][$c]['private']);
unset($this->request->data['Attribute'][$c]['cluster']);
unset($this->request->data['Attribute'][$c]['communitie']);
}
$c++;
}
$c++;
}
}
// unclear what this does, more documentation needed
if ($this->request->data['Event']['dist_change'] > $existingEvent['Event']['dist_change']) {
array_push($fieldList['Event'], 'private', 'communitie', 'cluster');
}
if ("i" == Configure::read('CyDefSIG.rest')) {
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
// the following 2 lines can be out-commented if we opt to save associated (Event.php:263-264)
unset($this->request->data['Attribute']);
$this->Event->unbindModel(array('hasMany' => array('Attribute')));
$saveResult = $this->Event->save($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
} else {
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
}
// this saveAssociated() function will save not only the event, but also the attributes
// from the attributes attachments are also saved to the disk thanks to the afterSave() fonction of Attribute
$saveResult = $this->Event->saveAssociated($this->request->data, array('validate' => true, 'fieldList' => $fieldList));
if ($saveResult) {
// TODO RESTfull: we now need to compare attributes, to see if we need to do a RESTfull attribute delete
$message = 'Saved';
$this->set('event', $this->Event->data);
//if published -> do the actual publishing
if ((!empty($this->request->data['Event']['published']) && 1 == $this->request->data['Event']['published'])) {
@ -642,7 +622,7 @@ class EventsController extends AppController {
));
// iterate over the servers and upload the event
if(empty($servers))
return;
return true;
$uploaded = true;
$failedServers = array();
@ -703,10 +683,9 @@ class EventsController extends AppController {
$this->Event->save($event, array('fieldList' => $fieldList));
$event['Event']['from'] = Configure::read('CyDefSIG.org');
$uploaded = false;
//if ($event['Event']['distribution'] == 'Your organization only' || $event['Event']['distribution'] == 'This server-only') return true;
if ('true' == Configure::read('CyDefSIG.sync')) {
$uploaded = $this->__uploadEventToServers($id, $passAlong);
if ((is_bool($uploaded) && !$uploaded) || (is_array($uploaded))) { // TODO remove bool
if (($uploaded == false) || (is_array($uploaded))) {
$this->Event->saveField('published', 0);
}
}

155
app/Model/Attribute.php
View File

@ -411,6 +411,7 @@ class Attribute extends AppModel {
$this->__afterSaveCorrelation($this->data['Attribute']);
$result = true;
// if the 'data' field is set on the $this->data then save the data to the correct file
if (isset($this->data['Attribute']['type']) && $this->typeIsAttachment($this->data['Attribute']['type']) && !empty($this->data['Attribute']['data'])) {
$result = $result && $this->saveBase64EncodedAttachment($this->data['Attribute']); // TODO : is this correct?
@ -442,33 +443,33 @@ class Attribute extends AppModel {
parent::beforeValidate();
// distribution - setting correct vars
if(isset($this->data['Attribute']['distribution'])) {
switch ($this->data['Attribute']['distribution']) {
case 'Your organization only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
case 'This server-only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'This Community-only':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'Connected communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = true;
break;
case 'All communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
if(isset($this->data['Attribute']['distribution'])) {
switch ($this->data['Attribute']['distribution']) {
case 'Your organization only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
case 'This server-only':
$this->data['Attribute']['private'] = true;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'This Community-only':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = true;
$this->data['Attribute']['communitie'] = false;
break;
case 'Connected communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = true;
break;
case 'All communities':
$this->data['Attribute']['private'] = false;
$this->data['Attribute']['cluster'] = false;
$this->data['Attribute']['communitie'] = false;
break;
}
}
@ -819,6 +820,8 @@ class Attribute extends AppModel {
}
public function saveBase64EncodedAttachment($attribute) {
print_r("###### saveBase64EncodedAttachment ######");
print_r($attribute);
$rootDir = APP . DS . "files" . DS . $attribute['event_id'];
$dir = new Folder($rootDir, true); // create directory structure
$destpath = $rootDir . DS . $attribute['id'];
@ -899,12 +902,12 @@ class Attribute extends AppModel {
public function __beforeSaveCorrelation($a) {
// (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// ==> DELETE FROM correlations WHERE 1_attribute_id = $a_id OR attribute_id = $a_id; */
// (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// ==> DELETE FROM correlations WHERE 1_attribute_id = $a_id OR attribute_id = $a_id; */
// first check if it's an update
if (isset($a['id'])) {
$this->Correlation = ClassRegistry::init('Correlation');
// FIXME : check that $a['id'] is checked correctly so that the user can't remove attributes he shouldn't
// FIXME : check that $a['id'] is checked correctly so that the user can't remove attributes he shouldn't
$dummy = $this->Correlation->deleteAll(array('OR' => array(
'Correlation.1_attribute_id' => $a['id'],
'Correlation.attribute_id' => $a['id']))
@ -914,59 +917,59 @@ class Attribute extends AppModel {
public function __afterSaveCorrelation($a) {
$this->Correlation = ClassRegistry::init('Correlation');
//
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
//
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
// - remove the existing relations for that value1 or value2, we do NOT have an id reference, but we have a value1/value2 field to search for
// ==> DELETE FROM correlations WHERE value = $value1 OR value = $value2 */
$dummy = $this->Correlation->deleteAll(array('Correlation.value' => array($a['value1'], $a['value2'])));
// now build a correlation array of things that will need to be added in the db
// we do this twice, once for value1 and once for value2
$correlations = array(); // init variable
$value_names = array ('value1', 'value2');
// do the correlation for value1 and value2, this needs to be done separately
foreach ($value_names as $value_name) {
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
$params = array(
'conditions' => array('OR' => array(
'Attribute.value1' => $a[$value_name],
'Attribute.value2' => $a[$value_name]
)),
'recursive' => 0,
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
);
// search for the related attributes for that "value(1|2)"
$attributes = $this->find('all', $params);
$correlations = array(); // init variable
$value_names = array ('value1', 'value2');
// do the correlation for value1 and value2, this needs to be done separately
foreach ($value_names as $value_name) {
if (empty($a[$value_name])) continue; // do not correlate if attribute is empty
$params = array(
'conditions' => array('OR' => array(
'Attribute.value1' => $a[$value_name],
'Attribute.value2' => $a[$value_name]
)),
'recursive' => 0,
//'fields' => '', // we want to have the Attribute AND Event, so do not filter here
);
// search for the related attributes for that "value(1|2)"
$attributes = $this->find('all', $params);
// build the correlations, each attribute should have a relation in both directions
// this is why we have a double loop.
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
$attributes_right = $attributes;
foreach ($attributes as $attribute) {
foreach ($attributes_right as $attribute_right) {
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
// do not build a relation between the same attributes
// or attributes from the same event
continue;
}
$is_private = $attribute_right['Event']['private'] || $attribute_right['Attribute']['private'];
$correlations[] = array(
'value' => $a[$value_name],
'1_event_id' => $attribute['Attribute']['event_id'],
'1_attribute_id' => $attribute['Attribute']['id'],
'event_id' => $attribute_right['Attribute']['event_id'],
'attribute_id' => $attribute_right['Attribute']['id'],
'org' => $attribute_right['Event']['org'],
'private' => $is_private,
// this is why we have a double loop.
// The result is that for each Attribute pair we want: A1-A2, A2-A1 and so on,
// In total that's N * (N-1) rows (minus the ones from the same event) (with N the number of related attributes)
$attributes_right = $attributes;
foreach ($attributes as $attribute) {
foreach ($attributes_right as $attribute_right) {
if ($attribute['Attribute']['event_id'] == $attribute_right['Attribute']['event_id']) {
// do not build a relation between the same attributes
// or attributes from the same event
continue;
}
$is_private = $attribute_right['Event']['private'] || $attribute_right['Attribute']['private'];
$correlations[] = array(
'value' => $a[$value_name],
'1_event_id' => $attribute['Attribute']['event_id'],
'1_attribute_id' => $attribute['Attribute']['id'],
'event_id' => $attribute_right['Attribute']['event_id'],
'attribute_id' => $attribute_right['Attribute']['id'],
'org' => $attribute_right['Event']['org'],
'private' => $is_private,
'date' => $attribute_right['Event']['date'],
'info' => $attribute_right['Event']['info'],
);
}
}
}
// save the new correlations to the database in a single shot
'info' => $attribute_right['Event']['info'],
);
}
}
}
// save the new correlations to the database in a single shot
$this->Correlation->saveMany($correlations);
}

9
app/Model/Event.php
View File

@ -440,7 +440,7 @@ class Event extends AppModel {
*
* @param &$data The reference to the variable
*
* @throws InternalErrorException // TODO Exception
* @throws InternalErrorException
*/
public function cleanupEventArrayFromXML(&$data) {
// Workaround for different structure in XML/array than what CakePHP expects
@ -491,13 +491,6 @@ class Event extends AppModel {
foreach ($event['Attribute'] as $attribute) {
$newerUuids[$attribute['id']] = $attribute['uuid'];
$attribute['event_id'] = $remoteId;
if ("i" == Configure::read('CyDefSIG.rest')) {
// do the add attributes here i.s.o. saveAssociates() or save()
// and unset Attributes and hasMany for this
// following 2 lines can be out-commented if. (EventsController.php:364-365)
$anAttr = ClassRegistry::init('Attribute');
$anAttr->uploadAttributeToServer($attribute, $server, $HttpSocket);
}
}
// get the already existing attributes and delete the ones that are not there
foreach ($xml->Event->Attribute as $attribute) {

157
app/View/Events/edit.ctp
View File

@ -1,79 +1,80 @@
<div class="events form">
<?php echo $this->Form->create('Event');?>
<fieldset>
<legend><?php echo __('Edit Event'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('date');
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', '', array('id' => 'EventRiskDiv'))));
echo $this->Form->input('analysis', array(
'options' => array($analysisLevels),
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))));
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
}
}
echo $this->Form->input('info');
// link an onchange event to the form elements
if ('true' == $canEditDist) {
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
}
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
//
//Generate tooltip information
//
var formInfoValues = new Array();
<?php
if ('true' == $canEditDist) {
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($analysisDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
function showFormInfo(id) {
idDiv = id+'Div';
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
}
// hide the formInfo things
if ('true' == $canEditDist) {
$('#EventDistributionDiv').hide();
}
$('#EventRiskDiv').hide();
$('#EventAnalysisDiv').hide();
</script>
<div class="events form">
<?php echo $this->Form->create('Event');?>
<fieldset>
<legend><?php echo __('Edit Event'); ?></legend>
<?php
echo $this->Form->input('id');
echo $this->Form->input('date');
if ('true' == Configure::read('CyDefSIG.sync')) {
if ('true' == $canEditDist) {
echo $this->Form->input('distribution', array('label' => 'Distribution',
'between' => $this->Html->div('forminfo', '', array('id' => 'EventDistributionDiv'))
));
}
}
echo $this->Form->input('risk', array(
'before' => $this->Html->div('forminfo', '', array('id' => 'EventRiskDiv'))));
echo $this->Form->input('analysis', array(
'options' => array($analysisLevels),
'before' => $this->Html->div('forminfo', '', array('id' => 'EventAnalysisDiv'))
));
echo $this->Form->input('info');
// link an onchange event to the form elements
if ('true' == $canEditDist) {
$this->Js->get('#EventDistribution')->event('change', 'showFormInfo("#EventDistribution")');
}
$this->Js->get('#EventRisk')->event('change', 'showFormInfo("#EventRisk")');
$this->Js->get('#EventAnalysis')->event('change', 'showFormInfo("#EventAnalysis")');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit', true));?>
</div>
<div class="actions">
<ul>
<?php echo $this->element('actions_menu'); ?>
</ul>
</div>
<script type="text/javascript">
//
//Generate tooltip information
//
var formInfoValues = new Array();
<?php
if ('true' == $canEditDist) {
foreach ($distributionDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
}
foreach ($riskDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
foreach ($analysisDescriptions as $type => $def) {
$info = isset($def['formdesc']) ? $def['formdesc'] : $def['desc'];
echo "formInfoValues['" . addslashes($type) . "'] = \"" . addslashes($info) . "\";\n"; // as we output JS code we need to add slashes
}
?>
function showFormInfo(id) {
idDiv = id+'Div';
// LATER use nice animations
//$(idDiv).hide('fast');
// change the content
var value = $(id).val(); // get the selected value
$(idDiv).html(formInfoValues[value]); // search in a lookup table
// show it again
$(idDiv).fadeIn('slow');
}
// hide the formInfo things
if ('true' == $canEditDist) {
$('#EventDistributionDiv').hide();
}
$('#EventRiskDiv').hide();
$('#EventAnalysisDiv').hide();
</script>
<?php echo $this->Js->writeBuffer();

20
app/View/Events/xml/view.ctp
View File

@ -36,15 +36,17 @@ foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['category_order']);
}
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
unset($event['Event']['RelatedEvent'][$key]['user_id']);
unset($event['Event']['RelatedEvent'][$key]['private']);
unset($event['Event']['RelatedEvent'][$key]['communitie']);
unset($event['Event']['RelatedEvent'][$key]['cluster']);
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($event['Event']['RelatedEvent'][$key]['org']);
unset($event['Event']['RelatedEvent'][$key]['orgc']);
unset($event['Event']['RelatedEvent'][$key]['from']);
if (isset($event['Event']['RelatedEvent'])) {
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
unset($event['Event']['RelatedEvent'][$key]['user_id']);
unset($event['Event']['RelatedEvent'][$key]['private']);
unset($event['Event']['RelatedEvent'][$key]['communitie']);
unset($event['Event']['RelatedEvent'][$key]['cluster']);
if ('true' != Configure::read('CyDefSIG.showorg') && !$isAdmin) {
unset($event['Event']['RelatedEvent'][$key]['org']);
unset($event['Event']['RelatedEvent'][$key]['orgc']);
unset($event['Event']['RelatedEvent'][$key]['from']);
}
}
}