/**
* Process parameters and display the page.
*
* @return void
* @access public
*/
public function launch()
{
global $interface;
global $configArray;
if (isset($_REQUEST['export'])) {
$pci = new PCI();
$format = strtolower($_REQUEST['export']);
return $pci->export($this->record, $format, $format !== 'refworks');
}
// Assign the ID of the last search so the user can return to it.
$lastsearch = isset($_SESSION['lastSearchURL']) ? $_SESSION['lastSearchURL'] : false;
$interface->assign('lastsearch', $lastsearch);
if ($lastsearch) {
// Retrieve active filters and assign them to searchbox template.
// Since SearchObjects use $_REQUEST to init filters, we stash the current $_REQUEST
// and fill it temporarily with URL parameters from last search.
$query = parse_url($lastsearch, PHP_URL_QUERY);
parse_str($query, $vars);
$oldReq = $_REQUEST;
$_REQUEST = $vars;
$searchObject = SearchObjectFactory::initSearchObject('PCI');
$searchObject->init();
// This is needed for facet labels
$searchObject->initRecommendations();
$filterList = $searchObject->getFilterList();
$filterListOthers = $searchObject->getFilterListOthers();
$checkboxFilters = $searchObject->getCheckboxFacets();
$filterUrlParams = $searchObject->getfilterUrlParams();
if (isset($vars['lookfor'])) {
$interface->assign('lookfor', $vars['lookfor']);
}
$interface->assign('filterUrlParam', $filterUrlParams[0]);
$interface->assign(compact('filterList'));
$interface->assign(compact('filterListOthers'));
$interface->assign('checkboxFilters', $checkboxFilters);
if (isset($_SERVER['HTTP_REFERER'])) {
// Set followup module & action for next search
$parts = parse_url($_SERVER['HTTP_REFERER']);
$pathParts = explode('/', $parts['path']);
$refAction = array_pop($pathParts);
$refModule = array_pop($pathParts);
$interface->assign('followupSearchModule', $refModule);
$interface->assign('followupSearchAction', $refAction);
}
$_REQUEST = $oldReq;
}
$interface->assign('lastsearchdisplayquery', isset($_SESSION['lastSearchDisplayQuery']) ? $_SESSION['lastSearchDisplayQuery'] : false);
// Whether embedded openurl autocheck is enabled
if (isset($configArray['OpenURL']['autocheck']) && $configArray['OpenURL']['autocheck']) {
$interface->assign('openUrlAutoCheck', true);
}
// Display Page
$interface->setTemplate('record.tpl');
$interface->display('layout.tpl');
}
require_once 'ossim_conf.inc';
$db = new ossim_db();
$conn = $db->connect();
$table = GET('table');
$ref = GET('ref');
$toggle = GET('toggle');
ossim_valid($table, OSS_ALPHA, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _("Table value"));
ossim_valid($ref, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("Ref value"));
ossim_valid($toggle, OSS_ALPHA, OSS_PUNC, OSS_NULLABLE, 'illegal:' . _("toggle"));
if (ossim_error()) {
die(ossim_error());
}
if ($table != "" && $ref != "") {
PCI::update_attr($conn, $table, $ref);
}
$groups = PCI::get_groups($conn);
$sections = array("R01 FW Config" => "Requirement 1: Install and maintain a firewall configuration to protect cardholder data", "R02 Vendor default" => "Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters", "R03 Stored cardholder" => "Requirement 3: Protect stored cardholder data", "R04 Data encryption" => "Requirement 4: Encrypt transmission of cardholder data across open, public networks", "R05 Antivirus" => "Requirement 5: Use and regularly update anti-virus software or programs", "R06 System app" => "Requirement 6: Develop and maintain secure systems and applications", "R07 Access control" => "Requirement 7: Restrict access to cardholder data by business need to knows", "R08 UniqueID" => "Requirement 8: Assign a unique ID to each person with computer access", "R09 Physical Access" => "Requirement 9: Restrict physical access to cardholder data", "R10 Monitoring" => "Requirement 10: Track and monitor all access to network resources and cardholder data", "R11 Security test" => "Requirement 11: Regularly test security systems and processes", "R12 IS Policy" => "Requirement 12: Maintain a policy that addresses information security for all personnel");
?>
<html>
<head>
<title> <?php
echo gettext("OSSIM Framework");
?>
- Compliance </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link rel="stylesheet" type="text/css" href="../style/style.css"/>
<link rel="stylesheet" type="text/css" href="../style/greybox.css"/>
<script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="../js/jquery.simpletip.js"></script>
<script type="text/javascript" src="../js/greybox.js"></script>
/**
* Get data and output in JSON
*
* @return void
* @access public
*/
public function getbXRecommendations()
{
global $configArray;
if (!isset($configArray['bX']['token'])) {
$this->output('bX support not enabled', JSON::STATUS_ERROR);
return;
}
$id = $_REQUEST['id'];
if (strncmp($id, 'metalib.', 8) == 0) {
include_once 'sys/MetaLib.php';
$metalib = new MetaLib();
if (!($record = $metalib->getRecord($id))) {
$this->output('Record does not exist', JSON::STATUS_ERROR);
return;
}
$openUrl = $record['openUrl'];
} elseif (strncmp($id, 'pci.', 4) == 0) {
include_once 'sys/PCI.php';
$pci = new PCI();
if (!($record = $pci->getRecord($id))) {
$this->output('Record does not exist', JSON::STATUS_ERROR);
return;
}
$openUrl = $record['openUrl'];
} else {
$searchObject = SearchObjectFactory::initSearchObject();
if (!($record = $searchObject->getIndexEngine()->getRecord($id))) {
$this->output('Record does not exist', JSON::STATUS_ERROR);
return;
}
$recordDriver = RecordDriverFactory::initRecordDriver($record);
$openUrl = $recordDriver->getOpenURL();
}
$params = http_build_query(array('token' => $configArray['bX']['token'], 'format' => 'xml', 'source' => isset($configArray['bX']['source']) ? $configArray['bX']['source'] : 'global', 'maxRecords' => isset($configArray['bX']['maxRecords']) ? $configArray['bX']['maxRecords'] : '5', 'threshold' => isset($configArray['bX']['threshold']) ? $configArray['bX']['threshold'] : '50'));
$openUrl .= '&res_dat=' . urlencode($params);
$baseUrl = isset($configArray['bX']['baseUrl']) ? $configArray['bX']['baseUrl'] : 'http://recommender.service.exlibrisgroup.com/service/recommender/openurl';
$client = new HTTP_Request();
$client->setMethod(HTTP_REQUEST_METHOD_GET);
$client->setURL($baseUrl . "?{$openUrl}");
$result = $client->sendRequest();
if (!PEAR::isError($result)) {
// Even if we get a response, make sure it's a 'good' one.
if ($client->getResponseCode() != 200) {
$this->output('bX request failed, response code ' . $client->getResponseCode(), JSON::STATUS_ERROR);
}
} else {
$this->_output('bX request failed: ' . $result, JSON::STATUS_ERROR);
}
$xml = simplexml_load_string($client->getResponseBody());
$data = array();
$jnl = 'info:ofi/fmt:xml:xsd:journal';
$xml->registerXPathNamespace('jnl', $jnl);
foreach ($xml->xpath('//jnl:journal') as $journal) {
$item = $this->convertToArray($journal, $jnl);
if (!isset($item['authors']['author'][0])) {
$item['authors']['author'] = array($item['authors']['author']);
}
$item['openurl'] = $this->createOpenUrl($item);
$data[] = $item;
}
$this->output($data, JSON::STATUS_OK);
}
exit;
}
$_SESSION['directive'] = serialize($direct);
if ($XML_FILE != '/etc/ossim/server/directives.xml') {
release_file($XML_FILE);
}
if (!empty($directive_id)) {
$direct->printDirective($level, $directive_xml);
}
?>
</table>
<?php
$directive_name = Plugin_sid::get_name_by_idsid($conn, "1505", $directive_id);
list($properties, $num_properties) = Compliance::get_category($conn, "AND category.sid={$directive_id}");
$iso_groups = ISO27001::get_groups($conn, "WHERE SIDSS_Ref LIKE '{$directive_id}' OR SIDSS_Ref LIKE '{$directive_id},%' OR SIDSS_Ref LIKE '%,{$directive_id}' OR SIDSS_Ref LIKE '%,{$directive_id},%'");
$pci_groups = PCI::get_groups($conn, "WHERE SIDSS_ref LIKE '{$directive_id}' OR SIDSS_ref LIKE '{$directive_id},%' OR SIDSS_ref LIKE '%,{$directive_id}' OR SIDSS_ref LIKE '%,{$directive_id},%'");
list($alarms, $num_alarms) = Alarm::get_list3($conn, "", "", 0, "", null, null, null, null, "", $directive_id);
$kdocs = Repository::get_linked_by_directive($conn, $directive_id);
?>
<table class="transparent" height="100%" width="100%">
<tr>
<td class="nobborder" valign="top">
<table height="100%" width="100%">
<tr><th colspan="2" height="15"><?php
echo _("Properties");
?>
</th></tr>
<?php
if (count($properties) < 1) {
?>
<tr><td class="nobborder" style="color:gray;padding:10px"><i><?php
$text = GET('text');
$close = false;
if (GET('save') == "1") {
ossim_valid($text, OSS_ALPHA, OSS_SCORE, OSS_DOT, OSS_SPACE, OSS_PUNC_EXT, OSS_NULLABLE, '-', 'illegal:' . _("Text"));
if (ossim_error()) {
die(ossim_error());
}
if ($pci) {
PCI::save_text($conn, $table, $ref, $text);
} else {
ISO27001::save_text($conn, $table, $ref, $text);
}
$close = true;
}
if ($pci) {
$text = PCI::get_text($conn, $table, $ref);
} else {
$text = ISO27001::get_text($conn, $table, $ref);
}
?>
<html>
<head>
<title> <?php
echo gettext("OSSIM Framework");
?>
- <?php
echo _("Compliance");
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
/**
* Get record and export data
* Display error message on terminal error or email details page on success
*
* @param string $format The desired export format
* @param array $ids A list of bib IDs
*
* @return array Record data for each ID, plus an list of IDs without results
* @access public
*/
public function exportAll($format, $ids)
{
global $interface;
global $configArray;
$exportDetails = array();
$errorMsgDetails = array();
// MARC-XML needs a container at the start:
if ($format == 'MARCXML') {
$exportDetails[] = '<?xml version="1.0" encoding="UTF-8"?>' . '<collection xmlns="http://www.loc.gov/MARC21/slim">';
}
foreach ($ids as $id) {
// Retrieve the record from the index
list($index, $recId) = explode('.', $id, 2);
$current = null;
if ($index === 'pci' || $index === 'metalib') {
$format = strtolower($format);
if ($index === 'pci') {
$db = new SearchObject_PCI();
if ($rec = $db->getRecord($id)) {
$pci = new PCI();
$current = $interface->fetch($pci->export($rec, $format));
}
} else {
if ($index === 'metalib') {
$db = new MetaLib();
if ($rec = $db->getRecord($id)) {
$current = $interface->fetch($db->export($rec, $format));
}
}
}
if ($current) {
$exportDetails[] = $current;
} else {
$errorMsgDetails[] = $id;
}
} else {
if (!($record = $this->db->getRecord($id))) {
$errorMsgDetails[] = $id;
} else {
$recordDetails = RecordDriverFactory::initRecordDriver($record);
// Assign core metadata to be sure export has all necessary values
// available:
$recordDetails->getCoreMetadata();
$result = $recordDetails->getExport($format);
if (!empty($result)) {
$interface->assign('id', $id);
$current = $interface->fetch($result);
// For MARC-XML, extract <record> from <collection>:
if ($format == 'MARCXML') {
$current = $this->extractXMLRecord($current);
}
if (!empty($current)) {
$exportDetails[] = $current;
}
} else {
$errorMsgDetails[] = $id;
}
}
}
}
// MARC-XML needs a container close at the end:
if ($format == 'MARCXML') {
$exportDetails[] = '</collection>';
}
$results = array('exportDetails' => $exportDetails, 'errorDetails' => $errorMsgDetails);
return $results;
}
/**
* Support method -- get details about records based on an array of IDs.
*
* @param array $ids IDs to look up.
*
* @return array
* @access protected
*/
protected function getRecordDetails($ids)
{
global $interface;
$recordList = array();
$metalib = null;
$pci = null;
foreach ($ids as $id) {
if (strncmp($id, 'metalib.', 8) == 0) {
if (!isset($metalib)) {
$metalib = new MetaLib();
}
$record = $metalib->getRecord($id);
$record['id'] = $id;
$interface->assign('record', $record);
$email = $interface->fetch('MetaLib/result-email.tpl');
$recordList[] = array('id' => $id, 'isbn' => isset($record['ISBN'][0]) ? $record['ISBN'][0] : '', 'author' => isset($record['Author'][0]) ? $record['Author'][0] : '', 'title' => isset($record['Title'][0]) ? $record['Title'][0] : '', 'format' => isset($record['format'][0]) ? $record['format'][0] : '', 'email' => $email);
} elseif (strncmp($id, 'pci.', 4) == 0) {
if (!isset($pci)) {
$pci = new PCI();
}
$record = $pci->getRecord($id);
$interface->assign('record', $record);
$email = $interface->fetch('PCI/result-email.tpl');
$recordList[] = array('id' => $id, 'isbn' => '', 'author' => isset($record['author'][0]) ? $record['author'][0] : '', 'title' => isset($record['title']) ? $record['title'] : '', 'format' => isset($record['format']) ? $record['format'] : '', 'email' => $email);
} else {
$record = $this->db->getRecord($id);
$driver = RecordDriverFactory::initRecordDriver($record);
$email = $interface->fetch($driver->getSearchResult('email'));
$recordList[] = array('id' => $id, 'isbn' => isset($record['isbn']) ? $record['isbn'] : '', 'author' => isset($record['author']) ? $record['author'] : '', 'title' => $driver->getTitle(), 'format' => $record['format'], 'email' => $email);
}
}
return $recordList;
}
* Class and Function List:
* Function list:
* Classes list:
*/
require_once 'classes/Session.inc';
Session::logcheck("MenuIntelligence", "ComplianceMapping");
require_once 'classes/Security.inc';
require_once 'classes/Compliance.inc';
require_once 'classes/Plugin_sid.inc';
require_once 'ossim_db.inc';
require_once 'ossim_conf.inc';
$db = new ossim_db();
$conn = $db->connect();
$ref = explode("_", GET('ref'));
$is_pci = GET('pci') != "" ? 1 : 0;
$groups = $is_pci ? PCI::get_groups($conn) : ISO27001::get_groups($conn);
$sids = $groups[$ref[0]]['subgroups'][$ref[1]]['SIDSS_Ref'];
ossim_valid($sids, OSS_DIGIT, ',', 'illegal:' . _("sids"));
if (ossim_error()) {
die(ossim_error());
}
$plugin_list = Plugin_sid::get_list($conn, "WHERE plugin_id = 1505 AND sid in ({$sids})");
if (count($plugin_list) > 0) {
?>
<table width="100%" align="center">
<?php
foreach ($plugin_list as $p) {
?>
<tr><td><?php
echo $p->get_name();
?>