mirror of https://github.com/MISP/MISP
fix: [security] Check permission when viewing shadow attribute picture
parent
439ec5cceb
commit
038eb20da9
|
@ -832,17 +832,10 @@ class ShadowAttributesController extends AppController
|
|||
|
||||
public function viewPicture($id, $thumbnail=false)
|
||||
{
|
||||
$conditions = $this->ShadowAttribute->buildConditions($this->Auth->user());
|
||||
$conditions['ShadowAttribute.id'] = $id;
|
||||
$conditions['ShadowAttribute.type'] = 'attachment';
|
||||
$options = array(
|
||||
'conditions' => $conditions,
|
||||
'includeAllTags' => false,
|
||||
'includeAttributeUuid' => true,
|
||||
'flatten' => true,
|
||||
'deleted' => [0, 1]
|
||||
);
|
||||
|
||||
|
||||
$sa = $this->ShadowAttribute->find('first', array(
|
||||
'recursive' => -1,
|
||||
'contain' => ['Event', 'Attribute'], // required because of conditions
|
||||
|
|
Loading…
Reference in New Issue