diff -Nru securityonion-elsa-1205chartsjsd3/debian/changelog securityonion-elsa-1205chartsjsd3/debian/changelog --- securityonion-elsa-1205chartsjsd3/debian/changelog 2017-08-24 14:46:04.000000000 +0000 +++ securityonion-elsa-1205chartsjsd3/debian/changelog 2018-01-13 21:26:18.000000000 +0000 @@ -1,3 +1,15 @@ +securityonion-elsa (1205chartsjsd3-1ubuntu1securityonion12) trusty; urgency=medium + + * latest update + + -- Doug Burks Sat, 13 Jan 2018 16:26:00 -0500 + +securityonion-elsa (1205chartsjsd3-1ubuntu1securityonion11) trusty; urgency=medium + + * apply patch from Jeffrey Medsger + + -- Doug Burks Wed, 03 Jan 2018 13:36:59 -0500 + securityonion-elsa (1205chartsjsd3-1ubuntu1securityonion10) trusty; urgency=medium * remove 300px limitation diff -Nru securityonion-elsa-1205chartsjsd3/debian/patches/apply-patch-from-Jeffrey-Medsger securityonion-elsa-1205chartsjsd3/debian/patches/apply-patch-from-Jeffrey-Medsger --- securityonion-elsa-1205chartsjsd3/debian/patches/apply-patch-from-Jeffrey-Medsger 1970-01-01 00:00:00.000000000 +0000 +++ securityonion-elsa-1205chartsjsd3/debian/patches/apply-patch-from-Jeffrey-Medsger 2018-01-03 18:38:02.000000000 +0000 @@ -0,0 +1,132 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-elsa (1205chartsjsd3-1ubuntu1securityonion11) trusty; urgency=medium + . + * apply patch from Jeffrey Medsger +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-elsa-1205chartsjsd3.orig/web/lib/User.pm ++++ securityonion-elsa-1205chartsjsd3/web/lib/User.pm +@@ -551,6 +551,9 @@ sub _get_preferences { + my $prefs = {}; + my @grid; + while (my $row = $sth->fetchrow_hashref){ ++ $row->{name} = unicode_escape($row->{name}); ++ $row->{type} = unicode_escape($row->{type}); ++ $row->{value} = unicode_escape($row->{value}); + push @grid, $row; + $prefs->{ $row->{type} } ||= {}; + if ($row->{value} =~ /^[\[\{]/){ +@@ -560,7 +563,7 @@ sub _get_preferences { + if ($@){ + $self->log->error('Error decoding preference value ' . $row->{value} . ': ' . $@); + } +- } ++ } + $prefs->{ $row->{type} }->{ $row->{name} } = $row->{value}; + } + return { tree => $prefs, grid => \@grid }; +--- securityonion-elsa-1205chartsjsd3.orig/web/lib/Utils.pm ++++ securityonion-elsa-1205chartsjsd3/web/lib/Utils.pm +@@ -19,8 +19,9 @@ use Sys::Hostname; + use Try::Tiny; + use Ouch qw(:trytiny);; + use Exporter qw(import); ++use Encode; + +-our @EXPORT = qw(catch_any epoch2iso); ++our @EXPORT = qw(catch_any epoch2iso unicode_escape); + + use CustomLog; + use Results; +@@ -849,4 +850,58 @@ sub catch_any { + return $e; + } + ++sub unicode_escape { ++ ++ my $str = shift; ++ my $unicode_escaped_str = ""; ++ ++ if (not $str) { ++ return; ++ } ++ ++ my $str_len = length($str); ++ for (my $i = 0; $i <= $str_len; $i++) { ++ my $char = substr($str, $i, 1); ++ ++ my $char_dec = ord($char); ++ ++ my $is_alphanumeric = ($char_dec >= 48 && $char_dec <= 57) ++ || ($char_dec >= 65 && $char_dec <= 90) ++ || ($char_dec >= 97 && $char_dec <= 122); ++ ++ if (not $is_alphanumeric) { ++ ++ my $unicode_char_octets = Encode::encode("utf-16", ++ $char); ++ ++ my $unicode_char_num_octets = length($unicode_char_octets); ++ ++ if ($unicode_char_num_octets == 4) { ++ ++ my $third_octet = substr($unicode_char_octets, ++ 2, 1); ++ ++ my $fourth_octet = substr($unicode_char_octets, ++ 3, 1); ++ ++ my $unicode_escaped_char = sprintf( ++ "\\u%02x%02x", ++ ord($third_octet), ++ ord($fourth_octet)); ++ ++ $unicode_escaped_str .= $unicode_escaped_char; ++ ++ } ++ ++ } else { ++ ++ $unicode_escaped_str .= $char; ++ ++ } ++ ++ } ++ ++ return $unicode_escaped_str; ++} ++ + 1; +--- securityonion-elsa-1205chartsjsd3.orig/web/lib/WebUtils.pm ++++ securityonion-elsa-1205chartsjsd3/web/lib/WebUtils.pm +@@ -121,7 +121,10 @@ EOHTML + $self->controller->get_form_params($user, sub { + my $form_params = shift; + if($form_params){ +- $HTML .= 'var formParams = YAHOO.ELSA.formParams = ' . $self->controller->json->encode($form_params) . ';'; ++ my $form_params_tmp = $self->controller->json->encode($form_params); ++ $form_params_tmp =~ s/\\\\u/\\u/g; ++ ++ $HTML .= 'var formParams = YAHOO.ELSA.formParams = ' . $form_params_tmp . ';'; + } + else { + $self->controller->log->error('Unable to get form params: ' . Dumper($form_params)); diff -Nru securityonion-elsa-1205chartsjsd3/debian/patches/latest-update securityonion-elsa-1205chartsjsd3/debian/patches/latest-update --- securityonion-elsa-1205chartsjsd3/debian/patches/latest-update 1970-01-01 00:00:00.000000000 +0000 +++ securityonion-elsa-1205chartsjsd3/debian/patches/latest-update 2018-01-13 21:26:27.000000000 +0000 @@ -0,0 +1,113 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-elsa (1205chartsjsd3-1ubuntu1securityonion12) trusty; urgency=medium + . + * latest update +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-elsa-1205chartsjsd3.orig/web/inc/elsa.js ++++ securityonion-elsa-1205chartsjsd3/web/inc/elsa.js +@@ -4277,13 +4277,17 @@ YAHOO.ELSA.getPreferences = function(){ + var callback = function(p_oNewValue){ + logger.log('callback p_oNewValue:', p_oNewValue); + logger.log('setting ' + oDataTable.getCellEditor().getColumn().field + ' to ', p_oNewValue); ++ logger.log('jsonstring: ' + YAHOO.lang.JSON.stringify(p_oNewValue)); + + p_oNewValue = p_oNewValue[ oDataTable.getCellEditor().getColumn().field ]; ++ // data was unicode escaped which would have changed underscores into \\u005f ++ p_oNewValue = p_oNewValue.replace('\\u005f','_'); + oDataTable.updateCell( + oDataTable.getCellEditor().getRecord(), + oDataTable.getCellEditor().getColumn(), + p_oNewValue + ); ++ + oDataTable.getCellEditor().unblock(); + oDataTable.getCellEditor().cancel(); //hides box + }; +--- securityonion-elsa-1205chartsjsd3.orig/web/lib/Controller.pm ++++ securityonion-elsa-1205chartsjsd3/web/lib/Controller.pm +@@ -1048,7 +1048,11 @@ sub set_preference { + $query = 'SELECT * FROM preferences WHERE id=? AND uid=?'; + $sth = $self->db->prepare($query); + $sth->execute($args->{id}, $args->{uid}); +- $cb->($sth->fetchrow_hashref); ++ my $row = $sth->fetchrow_hashref; ++ $row->{name} = unicode_escape($row->{name}); ++ $row->{type} = unicode_escape($row->{type}); ++ $row->{value} = unicode_escape($row->{value}); ++ $cb->($row); + } + + sub add_preference { +@@ -1081,6 +1085,7 @@ sub delete_preference { + $query = 'DELETE FROM preferences WHERE uid=? AND id=?'; + $sth = $self->db->prepare($query); + $sth->execute($args->{uid}, $args->{id}); ++ $args->{id} = unicode_escape($args->{id}); + + $cb->({ id => $args->{id} }); + } +@@ -1167,7 +1172,7 @@ sub delete_saved_results { + my ($self, $args, $cb) = @_; + $self->log->debug('args: ' . Dumper($args)); + unless ($args->{qid}){ +- throw(400, 'Invalid args, no qid: ' . Dumper($args)); ++ throw(400, 'Invalid args, no qid'); + } + my ($query, $sth); + # Verify this query belongs to the user +@@ -1176,7 +1181,7 @@ sub delete_saved_results { + $sth->execute($args->{qid}); + my $row = $sth->fetchrow_hashref; + unless ($row){ +- throw(400, 'Invalid args, no results found for qid: ' . Dumper($args)); ++ throw(400, 'Invalid args, no results found for qid'); + } + unless ($row->{uid} eq $args->{user}->uid or $args->{user}->is_admin){ + $self->_error('Unable to alter these saved results based on your authorization: ' . Dumper($args)); +@@ -1189,7 +1194,7 @@ sub delete_saved_results { + $cb->({deleted => $sth->rows}); + } + else { +- throw(404, 'Query ID ' . $args->{qid} . ' not found!'); ++ throw(404, 'Query ID not found!'); + } + } + +@@ -2497,7 +2502,7 @@ sub preference { + $sth->execute($args->{user}->uid, $args->{id}); + } + elsif ($args->{action} eq 'update'){ +- throw(400, 'Need col/val', { col => $args->{col} }) unless $args->{col} and defined $args->{val}; ++ throw(400, 'Need col/val', { col => 1 }) unless $args->{col} and defined $args->{val}; + if ($args->{col} eq 'name'){ + $query = 'UPDATE preferences SET name=? WHERE id=? AND uid=?'; + } +@@ -2508,7 +2513,7 @@ sub preference { + $sth->execute($args->{val}, $args->{id}, $args->{user}->uid); + } + else { +- throw(404, 'Invalid action', { action => $args->{action} }); ++ throw(404, 'Invalid action', { action => 1 }); + } + + $cb->({ ok => $sth->rows }); diff -Nru securityonion-elsa-1205chartsjsd3/debian/patches/series securityonion-elsa-1205chartsjsd3/debian/patches/series --- securityonion-elsa-1205chartsjsd3/debian/patches/series 2017-08-24 14:46:13.000000000 +0000 +++ securityonion-elsa-1205chartsjsd3/debian/patches/series 2018-01-13 21:26:26.000000000 +0000 @@ -7,3 +7,5 @@ Issue-864:-ELSA:-Improve-dashboard-map-shading Issue-950:-ELSA:-change-Help-link-to-point-to-ELSA-Github remove-300px-limitation +apply-patch-from-Jeffrey-Medsger +latest-update