mirror of https://github.com/MISP/MISP
chg: [objects:edit] Merge data is passed via cookies instead of the URI
parent
8ee87fb754
commit
f92467643b
|
@ -6,7 +6,7 @@ class ObjectsController extends AppController
|
|||
{
|
||||
public $uses = 'MispObject';
|
||||
|
||||
public $components = array('Security' ,'RequestHandler', 'Session');
|
||||
public $components = array('Security' ,'RequestHandler', 'Session', 'Cookie');
|
||||
|
||||
public $paginate = array(
|
||||
'limit' => 20,
|
||||
|
@ -117,6 +117,13 @@ class ObjectsController extends AppController
|
|||
$this->set('object_id', $object_id);
|
||||
$this->set('event', $event);
|
||||
$this->set('data', $this->request->data);
|
||||
// Make sure the cookie applies to this object. User might be prompted to perform a merge with another object if the cookie is somehow not cleaned
|
||||
$curObjectTmpUuid = CakeText::uuid();
|
||||
$this->set('cur_object_tmp_uuid', $curObjectTmpUuid);
|
||||
$this->Cookie->write('object_being_created', array(
|
||||
'cur_object_tmp_uuid' => $curObjectTmpUuid,
|
||||
'data' => $this->request->data
|
||||
));
|
||||
if (!empty($similar_object_ids)) {
|
||||
$this->set('similar_objects_count', count($similar_object_ids));
|
||||
$similar_object_ids = array_slice($similar_object_ids, 0, $similar_objects_display_threshold); // slice to honor the threshold
|
||||
|
@ -397,8 +404,17 @@ class ObjectsController extends AppController
|
|||
$templateData = $this->MispObject->resolveUpdatedTemplate($template, $object, $update_template_available);
|
||||
$this->set('updateable_attribute', $templateData['updateable_attribute']);
|
||||
$this->set('not_updateable_attribute', $templateData['not_updateable_attribute']);
|
||||
if (isset($this->params['named']['revised_object'])) {
|
||||
$revisedData = $this->MispObject->reviseObject($this->params['named']['revised_object'], $object, $template);
|
||||
if (!empty($this->Cookie->read('object_being_created')) && !empty($this->params['named']['cur_object_tmp_uuid'])) {
|
||||
$revisedObjectData = $this->Cookie->read('object_being_created');
|
||||
if ($this->params['named']['cur_object_tmp_uuid'] == $revisedObjectData['cur_object_tmp_uuid']) { // ensure that the passed cookie is for the correct object
|
||||
$revisedObjectData = $revisedObjectData['data'];
|
||||
} else {
|
||||
$this->Cookie->delete('object_being_created');
|
||||
$revisedObjectData = array();
|
||||
}
|
||||
}
|
||||
if (!empty($revisedObjectData)) {
|
||||
$revisedData = $this->MispObject->reviseObject($revisedObjectData, $object, $template);
|
||||
$this->set('revised_object', $revisedData['revised_object_both']);
|
||||
$object = $revisedData['object'];
|
||||
}
|
||||
|
@ -406,6 +422,7 @@ class ObjectsController extends AppController
|
|||
$template = $this->MispObject->prepareTemplate($templateData['template'], $object);
|
||||
}
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
$this->Cookie->delete('object_being_created');
|
||||
if (isset($this->request->data['request'])) {
|
||||
$this->request->data = $this->request->data['request'];
|
||||
}
|
||||
|
|
|
@ -1312,7 +1312,6 @@ class MispObject extends AppModel
|
|||
}
|
||||
|
||||
public function reviseObject($revised_object, $object, $template) {
|
||||
$revised_object = json_decode(base64_decode($revised_object), true);
|
||||
$revised_object_both = array('mergeable' => array(), 'notMergeable' => array());
|
||||
|
||||
// Loop through attributes to inject and perform the correct action
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
'div' => false
|
||||
);
|
||||
echo $this->Form->input('data', $formSettings);
|
||||
$formSettings['value'] = $cur_object_tmp_uuid;
|
||||
echo $this->Form->input('cur_object_tmp_uuid', $formSettings);
|
||||
?>
|
||||
<div class='hidden'>
|
||||
<?php
|
||||
|
@ -149,7 +151,8 @@ function setMergeObject(clicked) {
|
|||
var update_template = $clicked.data('updatetemplate');
|
||||
update_template = update_template === undefined ? false : update_template;
|
||||
var cur_object = $('input[name="data[Object][data]"]').val();
|
||||
window.location = "<?php echo $baseurl . '/objects/edit/'; ?>" + object_id + (update_template ? '/1' : '') + "/revised_object:" + btoa(cur_object);
|
||||
var cur_object_tmp_uuid = $('input[name="data[Object][cur_object_tmp_uuid]"]').val();
|
||||
window.location = "<?php echo $baseurl . '/objects/edit/'; ?>" + object_id + (update_template ? '/1' : '') + "/cur_object_tmp_uuid:" + cur_object_tmp_uuid;
|
||||
}
|
||||
|
||||
function highlight_rows($panel, state) {
|
||||
|
|
Loading…
Reference in New Issue