From d5f0a23cf8eebd7a393dfa2b73e4274f34891dce Mon Sep 17 00:00:00 2001
From: MaKyOtOx <nicolas.mattiocco@patrowl.io>
Date: Tue, 8 Feb 2022 15:00:01 +0100
Subject: [PATCH] 1.8.4: fix settings unicode mess up

---
 Dockerfile                            |   2 +-
 VERSION                               |   2 +-
 assets/views.py                       |   1 +
 scans/apis.py                         |   1 -
 scans/templates/report-scan.html      |   2 +-
 settings/templates/menu-settings.html | 101 +++++++-------------------
 6 files changed, 29 insertions(+), 80 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index a7799c1..61f99d2 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM python:3.7-slim
 MAINTAINER Patrowl.io "getsupport@patrowl.io"
-LABEL Name="PatrowlManager" Version="1.8.3"
+LABEL Name="PatrowlManager" Version="1.8.4"
 
 ENV PYTHONUNBUFFERED 1
 ARG arg_http_proxy
diff --git a/VERSION b/VERSION
index 2fbae6a..87c8fe8 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.8.3 // Community Edition
+1.8.4 // Community Edition
diff --git a/assets/views.py b/assets/views.py
index e7a515b..665f295 100644
--- a/assets/views.py
+++ b/assets/views.py
@@ -435,6 +435,7 @@ def edit_asset_group_view(request, assetgroup_id):
 
             # Update assets
             asset_group.assets.clear()
+            
             for asset_id in form.data.getlist('assets'):
                 asset_group.assets.add(Asset.objects.for_user(request.user).get(id=asset_id))
 
diff --git a/scans/apis.py b/scans/apis.py
index 52fdf12..c0387e6 100644
--- a/scans/apis.py
+++ b/scans/apis.py
@@ -352,7 +352,6 @@ def get_scan_report_html_api(request, scan_id):
         tmp_scan['assets'].append(asset.value)
 
     tmp_scan['engine_type_name'] = scan.engine_type.name
-    tmp_scan['engine_name'] = scan.engine.name
     tmp_scan['engine_policy_name'] = scan.engine_policy.name
 
     findings = RawFinding.objects.filter(scan=scan.id)
diff --git a/scans/templates/report-scan.html b/scans/templates/report-scan.html
index 373cb1d..8a6cd84 100644
--- a/scans/templates/report-scan.html
+++ b/scans/templates/report-scan.html
@@ -443,7 +443,7 @@ <h2 xmlns="" class="classh1 " style="vertical-align: middle;">Engine Information
                   <table xmlns="" width="100%">
                     <tr>
                       <td width="20%" valign="top" class="classcell"><span class="classtext" style="color: #263645; font-weight: normal;">Engine:</span></td>
-                      <td width="80%" valign="top" class="classcell"><span class="classtext" style="color: #263645; font-weight: normal;">{{ scan.engine_type_name }}@{{ scan.engine_name }}</span></td>
+                      <td width="80%" valign="top" class="classcell"><span class="classtext" style="color: #263645; font-weight: normal;">{{ scan.engine_type_name }}</span></td>
                     </tr>
                     <tr>
                       <td width="20%" valign="top" class="classcell"><span class="classtext" style="color: #263645; font-weight: normal;">Engine Policy:</span></td>
diff --git a/settings/templates/menu-settings.html b/settings/templates/menu-settings.html
index ce80915..ec3ea58 100644
--- a/settings/templates/menu-settings.html
+++ b/settings/templates/menu-settings.html
@@ -265,69 +265,14 @@ <h4 class="modal-title" id="myModalLabel">Add new setting</h4>
       window.location = url.search+"#events";
     });
 
-    // EventTable = $('#dt_events').DataTable({
-    //   "ajax": {
-    //     "url": "/events/list",
-    //     "dataType": "json",
-    //     "type": "GET"
-    //   },
-    //   "data": [],
-    //   rowCallback: function (row, data) {},
-    //   "columns": [
-    //     { "data": "id" },
-    //     { "data": "severity" },
-    //     { "data": "message" },
-    //     { "data": "type" },
-    //     { "data": "created_at" }
-    //   ],
-    //   "aoColumnDefs":[{
-    //     "aTargets":[5],
-    //     "mData": "id",
-    //     "mRender": function (data, type, full) {
-    //         return '<button type="button" event-id="'+data+'" class="btn btn-danger btn-xs" data-toggle="modal" data-target="#modal-delete-event"><span class="glyphicon glyphicon-remove"></span></button>';
-    //     }
-    //   }],
-    //   "order": [[ 0, 'desc' ]],
-    //   initComplete: function () {
-    //     this.api().columns().every( function () {
-    //       if (this.index() == 1 || this.index() == 3){
-    //         var column = this;
-    //         var select = $('<select><option value=""></option></select>')
-    //             .appendTo( $(column.footer()).empty() )
-    //             .on( 'change', function () {
-    //                 var val = $.fn.dataTable.util.escapeRegex(
-    //                     $(this).val()
-    //                 );
-    //                 column
-    //                     .search( val ? '^'+val+'$' : '', true, false )
-    //                     .draw();
-    //             } );
-    //         column.data().unique().sort().each( function ( d, j ) {
-    //             select.append( '<option value="'+d+'">'+d+'</option>' )
-    //         } );
-    //       }
-    //     } );
-    //   }
-    // });
   });
 
-  // $('li a[href="#events"]').on("click", function (e) {
-  //   $.ajax({
-  //     url: "/events/",
-  //     type: "GET",
-  //     dataType: "json",
-  //     }).done(function (result) {
-  //       EventTable.clear().draw();
-  //       EventTable.rows.add(result).draw();
-  //     });
-  // });
-
   // Delete setting modal
   $("#modal-delete-setting").on('show.bs.modal', function (e) {
     id = e.relatedTarget.getAttribute('setting-id');
     key = e.relatedTarget.getAttribute('setting-key');
     $("div#delete-setting").attr('setting-id', id);
-    $("div#delete-setting").html("Setting: <b>"+encodeURIComponent(key)+"</b><br/><br/>");
+    $("div#delete-setting").html("Setting: <b>"+escapeHtml(key)+"</b><br/><br/>");
   });
   $("button.btn-delete-setting").on('click', function (e) {
     id = $("div#delete-setting").attr('setting-id');
@@ -341,14 +286,16 @@ <h4 class="modal-title" id="myModalLabel">Add new setting</h4>
   });
 
   $("button.btn-add-setting").on('click', function (e) {
+    new_setting = {
+      "setting_key": $('#add_setting_key').val(),
+      "setting_value": $('#add_setting_value').val()
+    }
     var request = $.ajax({
       url: "/settings/api/v1/add",
       method: "POST",
       headers: {"X-CSRFToken": "{{ csrf_token }}"},
-      data: {
-        "setting_key": $('#add_setting_key').val(),
-        "setting_value": $('#add_setting_value').val()
-      },
+      data: JSON.stringify(new_setting),
+      contentType: "application/json",
       success: function(){
         location.reload();
       }
@@ -365,7 +312,7 @@ <h4 class="modal-title" id="myModalLabel">Add new setting</h4>
     setting_id=e.delegateTarget.getAttribute("setting-id");
     setting_value=$('div#setting_value_'+setting_id+' i').text();
     $('div#setting_value_'+setting_id).empty();
-    $('div#setting_value_'+setting_id).append("<input type='text' value='"+encodeURIComponent(setting_value)+"' name='setting_value' class='form-control form-control-sm'/>");
+    $('div#setting_value_'+setting_id).append("<input type='text' value='"+escapeHtml(setting_value)+"' name='setting_value' class='form-control form-control-sm'/>");
 
     //On Enter key press, update the field
     $('input[name="setting_value"]').keyup(function(e){
@@ -377,26 +324,28 @@ <h4 class="modal-title" id="myModalLabel">Add new setting</h4>
         }
     });
     $('input').bind("enterKey", function(e){
-       var request = $.ajax({
-         url: "/settings/api/v1/update",
-         method: "POST",
-         headers: {"X-CSRFToken": "{{ csrf_token }}"},
-         data: {
-           "setting_id": e.target.parentElement.getAttribute("setting-id"),
-           "setting_value": e.target.value
-         },
-         success: function(){
-           location.reload();
-           $('div#setting_value_'+setting_id).empty();
-           $('div#setting_value_'+setting_id).append("<i>"+encodeURIComponent(e.target.value)+"</i>");
-         }
-       });
+      edited_setting = {
+        "setting_id": e.target.parentElement.getAttribute("setting-id"),
+        "setting_value": e.target.value
+      }
+      var request = $.ajax({
+        url: "/settings/api/v1/update",
+        method: "POST",
+        headers: {"X-CSRFToken": "{{ csrf_token }}"},
+        data: JSON.stringify(edited_setting),
+        contentType: "application/json",
+        success: function(){
+          location.reload();
+          $('div#setting_value_'+setting_id).empty();
+          $('div#setting_value_'+setting_id).append("<i>"+e.target.value+"</i>");
+        }
+      });
     });
     $('input').bind("escapeKey", function(e){
        setting_id = e.target.parentElement.getAttribute("setting-id");
        setting_value = e.target.getAttribute("value");
        $('div#setting_value_'+setting_id).empty();
-       $('div#setting_value_'+setting_id).append("<i>"+encodeURIComponent(setting_value)+"</i>");
+       $('div#setting_value_'+setting_id).append("<i>"+escapeHtml(setting_value)+"</i>");
     });
   };
 

Engine:	{{ scan.engine_type_name }}@{{ scan.engine_name }}	{{ scan.engine_type_name }}
Engine Policy: