MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

remove whitespace at end of line

pull/1206/head
Andreas Ziegler 2016-06-04 01:10:45 +02:00
parent bba7e60e85
commit 0fe692c56a
279 changed files with 1425 additions and 1425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
INSTALL/INSTALL.centos6.txt
View File

@ -48,7 +48,7 @@ scl enable rh-php56 bash
pear channel-update pear.php.net
pear install Crypt_GPG # we need version >1.3.0
pear install Crypt_GPG # we need version >1.3.0
# GPG needs lots of entropy, haveged provides entropy
yum install haveged
@ -61,9 +61,9 @@ service redis start
3/ MISP code
------------
# Download MISP using git in the /var/www/ directory.
# Download MISP using git in the /var/www/ directory.
cd /var/www/
git clone https://github.com/MISP/MISP.git
git clone https://github.com/MISP/MISP.git
# Make git ignore filesystem permission differences
cd /var/www/MISP
@ -166,7 +166,7 @@ cp /var/www/MISP/INSTALL/apache.misp.centos6 /etc/httpd/conf.d/misp.conf
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
setsebool -P httpd_can_network_connect on
# Enable and start the httpd service
# Enable and start the httpd service
chkconfig httpd on
service httpd start
@ -174,7 +174,7 @@ service httpd start
iptables -I INPUT 5 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save
# We seriously recommend using only SSL !
# We seriously recommend using only SSL !
# Check out the apache.misp.ssl file for an example
@ -193,7 +193,7 @@ cp -a config.default.php config.php
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# If you want to be able to change configuration parameters from the webinterface:
@ -221,7 +221,7 @@ vi /etc/rc.local
su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/start.sh'
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!

14
INSTALL/INSTALL.centos7.txt
View File

@ -48,7 +48,7 @@ scl enable rh-php56 bash
pear channel-update pear.php.net
pear install Crypt_GPG # we need version >1.3.0
pear install Crypt_GPG # we need version >1.3.0
# GPG needs lots of entropy, haveged provides entropy
yum install haveged
@ -61,9 +61,9 @@ systemctl start redis.service
3/ MISP code
------------
# Download MISP using git in the /var/www/ directory.
# Download MISP using git in the /var/www/ directory.
cd /var/www/
git clone https://github.com/MISP/MISP.git
git clone https://github.com/MISP/MISP.git
# Make git ignore filesystem permission differences
cd /var/www/MISP
@ -179,7 +179,7 @@ chcon -R -t httpd_sys_content_rw_t /var/www/MISP/app/webroot/img/custom
# Allow httpd to connect to the redis server and php-fpm over tcp/ip
setsebool -P httpd_can_network_connect on
# Enable and start the httpd service
# Enable and start the httpd service
systemctl enable httpd.service
systemctl start httpd.service
@ -187,7 +187,7 @@ systemctl start httpd.service
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
# We seriously recommend using only SSL !
# We seriously recommend using only SSL !
# Check out the apache.misp.ssl file for an example
@ -206,7 +206,7 @@ cp -a config.default.php config.php
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# If you want to be able to change configuration parameters from the webinterface:
@ -237,7 +237,7 @@ su -s /bin/bash apache -c 'scl enable rh-php56 /var/www/MISP/app/Console/worker/
chmod +x /etc/rc.local
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!

16
INSTALL/INSTALL.debian.txt
View File

@ -28,16 +28,16 @@ apt-get install vim
# Install the dependencies:
apt-get install gcc zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev php5-dev libapache2-mod-php5 php5-mysql php5-json curl
pear install Crypt_GPG # we need version >1.3.0
pear install Crypt_GPG # we need version >1.3.0
#if you are using a proxy do:
pear config-set http_proxy http://username:password@yourproxy:80
3/ MISP code
------------
# Download MISP using git in the /var/www/ directory.
# Download MISP using git in the /var/www/ directory.
cd /var/www/
git clone https://github.com/MISP/MISP.git
git clone https://github.com/MISP/MISP.git
# if you are behind a proxy:
git config --global http.proxy http://username:password@yourproxy:80
@ -108,7 +108,7 @@ mysql> exit
cd /var/www/MISP
# Import the empty MySQL database from MYSQL.sql
# Import the empty MySQL database from MYSQL.sql
mysql -u misp -p misp < INSTALL/MYSQL.sql
#enter the password you set previously
@ -120,7 +120,7 @@ mysql -u misp -p misp < INSTALL/MYSQL.sql
cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
@ -134,7 +134,7 @@ a2enmod rewrite
# Restart apache
service apache2 reload
# We seriously recommend using only SSL !
# We seriously recommend using only SSL !
# Check out the /var/www/MISP/INSTALL/apache.misp.ssl file for an example
@ -153,7 +153,7 @@ cp -a config.default.php config.php
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The salt key must be an at least 32 byte long string.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Change base url in config.php
@ -182,7 +182,7 @@ sudo vim /etc/rc.local
su www-data -c 'bash /var/www/MISP/app/Console/worker/start.sh'
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!

16
INSTALL/INSTALL.ubuntu1404.txt
View File

@ -28,13 +28,13 @@ apt-get install vim
# Install the dependencies:
apt-get install gcc zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt1-dev zlib1g-dev php5-dev libapache2-mod-php5 php5-mysql php5-json curl gnupg-agent
pear install Crypt_GPG # we need version >1.3.0
pear install Crypt_GPG # we need version >1.3.0
3/ MISP code
------------
# Download MISP using git in the /var/www/ directory.
# Download MISP using git in the /var/www/ directory.
cd /var/www/
git clone https://github.com/MISP/MISP.git
git clone https://github.com/MISP/MISP.git
# Make git ignore filesystem permission differences
cd /var/www/MISP
@ -101,7 +101,7 @@ mysql> exit
cd /var/www/MISP
# Import the empty MySQL database from MYSQL.sql
# Import the empty MySQL database from MYSQL.sql
mysql -u misp -p misp < INSTALL/MYSQL.sql
#enter the password you set previously
@ -113,7 +113,7 @@ mysql -u misp -p misp < INSTALL/MYSQL.sql
cp /var/www/MISP/INSTALL/apache.misp.ubuntu /etc/apache2/sites-available/misp.conf
# Be aware that the configuration files for apache 2.4 and up have changed.
# Be aware that the configuration files for apache 2.4 and up have changed.
# The configuration file has to have the .conf extension in the sites-available directory
# For more information, visit http://httpd.apache.org/docs/2.4/upgrading.html
@ -127,7 +127,7 @@ a2enmod rewrite
# Restart apache
service apache2 reload
# We seriously recommend using only SSL !
# We seriously recommend using only SSL !
# Check out the apache.misp.ssl file for an example
@ -146,7 +146,7 @@ cp -a config.default.php config.php
# Important! Change the salt key in /var/www/MISP/app/Config/config.php
# The salt key must be an at least 32 byte long string.
# The admin user account will be generated on the first login, make sure that the salt is changed before you create that user
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# If you forget to do this step, and you are still dealing with a fresh installation, just alter the salt,
# delete the user from mysql and log in again using the default admin credentials (admin@admin.test / admin)
# Change base url in config.php
@ -178,7 +178,7 @@ sudo vim /etc/rc.local
sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh
# Now log in using the webinterface:
# The default user/pass = admin@admin.test/admin
# The default user/pass = admin@admin.test/admin
# Using the server settings tool in the admin interface (Administration -> Server Settings), set MISP up to your preference
# It is especially vital that no critical issues remain!

2
INSTALL/UPGRADE.txt
View File

@ -29,7 +29,7 @@ mysql -u [misp_mysql_user] -p [misp_database] < upgrade_2.4.sql
# If everything went fine, switch the system to live:
# Administration -> Server Settings -> MISP Settings -> MISP.live -> True
# NOTE: if nothing happens, please check the permissions of the config files in /var/www/MISP/app/Config/
# and make sure the webserver has the write permissions on them:
# and make sure the webserver has the write permissions on them:
# chown -R www-data:www-data /var/www/MISP/app/Config/
# Let us know if you run into any issues during or after the upgrade

6
INSTALL/Upgrade_21_to_22/INSTALL.SH
View File

@ -14,15 +14,15 @@ printf '=========================================================\n\n'
YUM_CMD=$(which yum)
APT_GET_CMD=$(which apt-get)
BREW_CMD=$(which brew)
if [[ ! -z $APT_GET_CMD ]]
if [[ ! -z $APT_GET_CMD ]]
then
printf '\n\nInstalling Redis using apt-get'
apt-get install vim zip php-pear git redis-server
elif [[ ! -z $YUM_CMD ]]
elif [[ ! -z $YUM_CMD ]]
then
printf '\n\nNo redis package with yum, please download and install Redis manually.'
yum install vim zip php-pear git
elif [[ ! -z $OTHER_CMD ]]
elif [[ ! -z $OTHER_CMD ]]
then
printf '\n\nInstalling Redis using brew'
brew install vim zip php-pear git redis-server

6
INSTALL/Upgrade_21_to_22/UPGRADE.SH
View File

@ -33,15 +33,15 @@ YUM_CMD=$(which yum)
APT_GET_CMD=$(which apt-get)
BREW_CMD=$(which brew)
if [[ ! -z $APT_GET_CMD ]]
if [[ ! -z $APT_GET_CMD ]]
then
printf '\n\nInstalling Redis using apt-get'
apt-get install redis-server
elif [[ ! -z $YUM_CMD ]]
elif [[ ! -z $YUM_CMD ]]
then
printf '\n\nNo Redis package available with yum, please install it manually.'
yum install redis
elif [[ ! -z $OTHER_CMD ]]
elif [[ ! -z $OTHER_CMD ]]
then
printf '\n\nInstalling Redis using brew'
brew install redis-server

8
INSTALL/Upgrade_21_to_22/UPGRADE.txt
View File

@ -3,24 +3,24 @@ Upgrade procedure from v2.1 to v2.2
- git pull the latest version of MISP from https://github.com/MISP/MISP.git
- execute UPGRADE.SH in the MISP/INSTALL folder (this also includes the installation of Redis for CakeResque)
- execute UPGRADE.SH in the MISP/INSTALL folder (this also includes the installation of Redis for CakeResque)
- cd /var/www/MISP/INSTALL
- ./UPGRADE.SH
- Replace your current bootstrap.php file found in /MISP/app/Config/ with bootstrap.default.php and change set your instance up to your liking
- Log in with the site admin credentials and execute the following commands by changing the url
- Log in with the site admin credentials and execute the following commands by changing the url
(where <MISP> is the address of your instance):
- https://<MISP>/events/generateThreatLevelFromRisk
================================================================================================================================================
Enabling background jobs via CakeResque
Enabling background jobs via CakeResque
(assuming /var/www/MISP as your installation directory)
- Enable CakeResque in MISP
- vim /var/www/MISP/app/Config/bootstrap.php
- set Configure::write('MISP.background_jobs', false); to Configure::write('MISP.background_jobs', true);
- set Configure::write('MISP.background_jobs', false); to Configure::write('MISP.background_jobs', true);
- uncomment CakePlugin::load('CakeResque', array('bootstrap' => true));
- in Core.php (if you have just recently updated MISP, just add this line at the end of the file): require_once dirname(__DIR__) . '/Vendor/autoload.php';

6
INSTALL/Upgrade_22_to_23/UPGRADE.txt
View File

@ -48,9 +48,9 @@ mysql -u <database login> -p<database password> <misp table name> < /var/www/MIS
# MISP has moved to a new configuration system. It might be a good idea to note down the old settings before removing them.
# Wherever applicable, you can remove .b from the default configuration file's name to get the non-background worker enabled version, however this is not recommended
mv /var/www/MISP/app/Config/bootstrap.b.default.php /var/www/MISP/app/Config/bootstrap.php
mv /var/www/MISP/app/Config/core.b.default.php /var/www/MISP/app/Config/core.php
mv /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
mv /var/www/MISP/app/Config/bootstrap.b.default.php /var/www/MISP/app/Config/bootstrap.php
mv /var/www/MISP/app/Config/core.b.default.php /var/www/MISP/app/Config/core.php
mv /var/www/MISP/app/Config/config.default.php /var/www/MISP/app/Config/config.php
# Enable the background workers by uncommenting CakePlugin::loadall(array('CakeResque' => array('bootstrap' => true))); in /var/www/MISP/app/Config/bootstrap.php

2
INSTALL/upgrade_2.4.sql
View File

@ -112,7 +112,7 @@ CREATE TABLE IF NOT EXISTS `sharing_groups` (
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`local` tinyint(1) NOT NULL,
`sync_user_id` INT( 11 ) NOT NULL DEFAULT 0,
`sync_user_id` INT( 11 ) NOT NULL DEFAULT 0,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;

4
app/Config/Schema/note.txt
View File

@ -1,7 +1,7 @@
0.1.0
+Events.uuid
+Attributes.uuid
0.2.0
0.2.0
Attributes.value -> Attributes.value1
0.2.0.1
+Attributes.value2
@ -9,7 +9,7 @@
Servers.lastfetchedid -> Servers.lastpulledid
0.2.1.1
+Servers.lastpushedid
0.2.2
0.2.2
+Users.role_id
+Roles
+Logs

2
app/Config/Schema/schema.php
View File

@ -1,4 +1,4 @@
<?php
<?php
class AppSchema extends CakeSchema {
public function before($event = array()) {

4
app/Config/bootstrap.default.php
View File

@ -93,12 +93,12 @@ if (!$relativePaths) {
else if (isset($_SERVER['HTTP_HOST'])) $serverName = $_SERVER['HTTP_HOST'];
else if (isset($_SERVER['SERVER_ADDR'])) $serverName = $_SERVER['SERVER_ADDR'];
if (!Configure::read('MISP.baseurl') && isset($serverName)) {
if (!Configure::read('MISP.baseurl') && isset($serverName)) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)) {
$protocol = 'https';
} else {
$protocol = 'http';
}
}
if (!isset($_SERVER['SERVER_PORT']) || in_array($_SERVER['SERVER_PORT'], array('443', '80')) || !$appendPort) {
Configure::write('MISP.baseurl', sprintf($protocol . '://%s', $serverName));
} else {

20
app/Config/config.default.php
View File

@ -1,14 +1,14 @@
<?php
$config = array (
'debug' => 0,
'Security' =>
'Security' =>
array (
'level' => 'medium',
'salt' => 'Rooraenietu8Eeyo<Qu2eeNfterd-dd+',
'cipherSeed' => '',
//'auth'=>array('CertAuth.Certificate'), // additional authentication methods
),
'MISP' =>
'MISP' =>
array (
'baseurl' => '',
'footermidleft' => '',
@ -30,7 +30,7 @@ $config = array (
'unpublishedprivate' => false,
'disable_emailing' => false,
),
'GnuPG' =>
'GnuPG' =>
array (
'onlyencrypted' => false,
'email' => '',
@ -38,7 +38,7 @@ $config = array (
'password' => '',
'bodyonlyencrypted' => false,
),
'SMIME' =>
'SMIME' =>
array (
'enabled' => false,
'email' => '',
@ -54,19 +54,19 @@ $config = array (
'user' => '',
'password' => '',
),
'SecureAuth' =>
'SecureAuth' =>
array (
'amount' => 5,
'expire' => 300,
),
// Uncomment the following to enable client SSL certificate authentication
/*
'CertAuth' =>
'CertAuth' =>
array(
'ca' => array( 'FIRST.Org' ), // allowed CAs
'caId' => 'O', // which attribute will be used to verify the CA
'userModel' => 'User', // name of the User class to check if user exists
'userModelKey' => 'nids_sid', // User field that will be used for querying
'userModel' => 'User', // name of the User class to check if user exists
'userModelKey' => 'nids_sid', // User field that will be used for querying
'map' => array( // maps client certificate attributes to User properties
'O' => 'org',
'emailAddress'=>'email',
@ -78,7 +78,7 @@ $config = array (
'restApi' => array( // API parameters
'url' => 'https://example.com/data/users', // URL to query
'headers' => array(), // additional headers, used for authentication
'param' => array( 'email' => 'email'), // query parameters to add to the URL, mapped to User properties
'param' => array( 'email' => 'email'), // query parameters to add to the URL, mapped to User properties
'map' => array( // maps REST result to the User properties
'uid' => 'nids_sid',
'team' => 'org',
@ -101,7 +101,7 @@ $config = array (
'ldapProtocol' => 3,
'ldapReaderUser' => 'cn=userWithReadAccess,ou=users,dc=example,dc=com', // DN ou RDN LDAP with reader user right
'ldapReaderPassword' => 'UserPassword', // the LDAP reader user password
'ldapDN' => 'dc=example,dc=com',
'ldapDN' => 'dc=example,dc=com',
'ldapSearchAttribut' => 'uid', // filter for search
'ldapFilter' => array(
'mail',

2
app/Console/Command/AdminShell.php
View File

@ -1,4 +1,4 @@
<?php
<?php
App::uses('AppShell', 'Console/Command');
class AdminShell extends AppShell
{

8
app/Console/Command/EventShell.php
View File

@ -1,4 +1,4 @@
<?php
<?php
App::uses('Folder', 'Utility');
App::uses('File', 'Utility');
require_once 'AppShell.php';
@ -290,7 +290,7 @@ class EventShell extends AppShell
$task = $this->Task->findByType('cache_exports');
// If the next execution time and the timestamp don't match, it means that this task is no longer valid as the time for the execution has since being scheduled
// been updated.
// been updated.
if ($task['Task']['next_execution_time'] != $timestamp) return;
$users = $this->User->find('all', array(
@ -301,7 +301,7 @@ class EventShell extends AppShell
),
'contain' => array(
'Organisation' => array('fields' => array('name')),
'Role' => array('fields' => array('perm_site_admin'))
'Role' => array('fields' => array('perm_site_admin'))
),
'fields' => array('User.org_id', 'User.id'),
'group' => array('User.org_id')
@ -314,7 +314,7 @@ class EventShell extends AppShell
),
'contain' => array(
'Organisation' => array('fields' => array('name')),
'Role' => array('fields' => array('perm_site_admin'))
'Role' => array('fields' => array('perm_site_admin'))
),
'fields' => array('User.org_id', 'User.id')
));

2
app/Console/Command/ServerShell.php
View File

@ -1,4 +1,4 @@
<?php
<?php
App::uses('Folder', 'Utility');
App::uses('File', 'Utility');
require_once 'AppShell.php';

2
app/Console/Command/UserInitShell.php
View File

@ -69,7 +69,7 @@ class UserInitShell extends AppShell {
$this->User->save($admin);
echo $authkey . PHP_EOL;
} else {
echo 'Script aborted: MISP instance already initialised.' . PHP_EOL;
echo 'Script aborted: MISP instance already initialised.' . PHP_EOL;
}
}
}

12
app/Controller/AppController.php
View File

@ -48,7 +48,7 @@ class AppController extends Controller {
private $__jsVersion = '2.4.46';
// Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
public $automationArray = array(
'events' => array('csv', 'nids', 'hids', 'xml', 'restSearch', 'stix', 'updateGraph'),
'attributes' => array('text', 'downloadAttachment', 'returnAttributes', 'restSearch', 'rpz'),
@ -111,9 +111,9 @@ class AppController extends Controller {
if (substr($baseurl, -1) == '/') {
// if the baseurl has a trailing slash, remove it. It can lead to issues with the CSRF protection
$baseurl = rtrim($baseurl, '/');
Configure::write('MISP.baseurl', $baseurl);
Configure::write('MISP.baseurl', $baseurl);
}
$this->set('baseurl', h($baseurl));
$this->set('baseurl', h($baseurl));
// send users away that are using ancient versions of IE
// Make sure to update this if IE 20 comes out :)
@ -162,7 +162,7 @@ class AppController extends Controller {
$this->Log->save($log);
}
$this->Session->renew();
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
} else {
// User not authenticated correctly
// reset the session information
@ -264,7 +264,7 @@ class AppController extends Controller {
$this->Auth->logout();
throw new MethodNotAllowedException($message);
} else {
$this->Session->setFlash('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live)');
$this->Session->setFlash('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live)');
}
}
@ -337,7 +337,7 @@ class AppController extends Controller {
}
private function __convertEmailToName($email) {
$name = explode('@', $email);
$name = explode('@', $email);
$name = explode('.', $name[0]);
foreach ($name as &$temp) $temp = ucfirst($temp);
$name = implode(' ', $name);

36
app/Controller/AttributesController.php
View File

@ -408,7 +408,7 @@ class AttributesController extends AppController {
$this->Event->saveField('published', 0);
}
$this->Session->setFlash($message);
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['Attribute']['event_id']));
} else {
// set the event_id in the form
$this->request->data['Attribute']['event_id'] = $eventId;
@ -671,7 +671,7 @@ class AttributesController extends AppController {
if (count($existingAttribute) && !$existingAttribute['Attribute']['deleted']) {
$this->request->data['Attribute']['id'] = $existingAttribute['Attribute']['id'];
$dateObj = new DateTime();
if (!isset($this->request->data['Attribute']['timestamp'])) $this->request->data['Attribute']['timestamp'] = $dateObj->getTimestamp();
if (!isset($this->request->data['Attribute']['timestamp'])) $this->request->data['Attribute']['timestamp'] = $dateObj->getTimestamp();
if ($this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
$recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment');
foreach ($recoverFields as $rF) {
@ -758,9 +758,9 @@ class AttributesController extends AppController {
$this->set('categoryDefinitions', $this->Attribute->categoryDefinitions);
}
// ajax edit - post a single edited field and this method will attempt to save it and return a json with the validation errors if they occur.
// ajax edit - post a single edited field and this method will attempt to save it and return a json with the validation errors if they occur.
public function editField($id) {
if ((!$this->request->is('post') && !$this->request->is('put')) || !$this->request->is('ajax')) throw new MethodNotAllowedException();
if ((!$this->request->is('post') && !$this->request->is('put')) || !$this->request->is('ajax')) throw new MethodNotAllowedException();
$this->Attribute->id = $id;
if (!$this->Attribute->exists()) {
return new CakeResponse(array('body'=> json_encode(array('fail' => false, 'errors' => 'Invalid attribute')),'status'=>200));
@ -793,7 +793,7 @@ class AttributesController extends AppController {
'recursive' => -1,
'fields' => array('id', 'published', 'timestamp', 'info', 'uuid'),
'conditions' => array(
'id' => $attribute['Attribute']['event_id'],
'id' => $attribute['Attribute']['event_id'],
)));
$event['Event']['timestamp'] = $date->getTimestamp();
$event['Event']['published'] = 0;
@ -910,12 +910,12 @@ class AttributesController extends AppController {
/**
* unification of the actual delete for the multi-select
*
*
* @param unknown $id
* @throws NotFoundException
* @throws MethodNotAllowedException
* @return boolean
*
*
* returns true/false based on success
*/
private function __delete($id, $hard = false) {
@ -1162,7 +1162,7 @@ class AttributesController extends AppController {
$result = strtolower($result);
if (strpos($result, '|')) {
$resultParts = explode('|', $result);
if (!toInclude) {
if (!toInclude) {
$temp2[] = array(
'AND' => array(
'LOWER(Attribute.value1) NOT LIKE' => $resultParts[0],
@ -1274,7 +1274,7 @@ class AttributesController extends AppController {
}
$this->loadModel('Tag');
if (!empty($include)) $conditions['AND'][] = array('OR' => array('Attribute.event_id' => $this->Tag->findTags($include)));
if (!empty($exclude)) $conditions['AND'][] = array('Attribute.event_id !=' => $this->Tag->findTags($exclude));
if (!empty($exclude)) $conditions['AND'][] = array('Attribute.event_id !=' => $this->Tag->findTags($exclude));
}
if ($type != 'ALL') {
$conditions['Attribute.type ='] = $type;
@ -1435,7 +1435,7 @@ class AttributesController extends AppController {
// events are sorted based on relevance (as in the percentage of matches being flagged as indicators for IDS)
public function searchAlternate($data) {
$attributes = $this->Attribute->fetchAttributes(
$this->Auth->user(),
$this->Auth->user(),
array(
'conditions' => array(
'AND' => $data
@ -1473,7 +1473,7 @@ class AttributesController extends AppController {
return $events;
}
// Sort the array of arrays based on a value of a sub-array
// Sort the array of arrays based on a value of a sub-array
private function __subval_sort($a,$subkey) {
foreach($a as $k=>$v) {
$b[$k] = strtolower($v[$subkey]);
@ -1523,7 +1523,7 @@ class AttributesController extends AppController {
$data = $this->request->data;
} else {
throw new BadRequestException('Either specify the search terms in the url, or POST a json array / xml (with the root element being "request" and specify the correct accept and content type headers.');
}
}
$paramArray = array('value', 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid');
foreach ($paramArray as $p) {
if (isset($data['request'][$p])) ${$p} = $data['request'][$p];
@ -1597,7 +1597,7 @@ class AttributesController extends AppController {
if (!empty($v)) $subcondition['OR'][] = array('Attribute.' . $parameters[$k] . ' LIKE' => '%'.$v.'%');
}
}
}
}
array_push ($conditions['AND'], $subcondition);
$subcondition = array();
}
@ -1661,7 +1661,7 @@ class AttributesController extends AppController {
$data = $this->request->data;
} else {
throw new BadRequestException('Either specify the search terms in the url, or POST a json array / xml (with the root element being "request" and specify the correct accept and content type headers.');
}
}
$paramArray = array('type', 'sigOnly');
foreach ($paramArray as $p) {
if (isset($data['request'][$p])) ${$p} = $data['request'][$p];
@ -1856,7 +1856,7 @@ class AttributesController extends AppController {
else throw new MethodNotAllowedException('Invalid event ID format.');
$values = array();
foreach ($eventIds as $k => $eventId) {
$values = array_merge_recursive($values, $this->Attribute->rpz($this->Auth->user(), $tags, $eventId, $from, $to));
$values = array_merge_recursive($values, $this->Attribute->rpz($this->Auth->user(), $tags, $eventId, $from, $to));
}
$this->response->type('txt'); // set the content type
$file = '';
@ -1965,7 +1965,7 @@ class AttributesController extends AppController {
'fields' => $fields,
'contain' => array(
'Event' => array(
'fields' => array('distribution', 'id', 'user_id', 'orgc_id'),
'fields' => array('distribution', 'id', 'user_id', 'orgc_id'),
)
)
);
@ -2148,7 +2148,7 @@ class AttributesController extends AppController {
// hash
// eventID + all samples
// hash + eventID
// hash + eventID + all samples
// hash + eventID + all samples
$searchConditions = array();
$types = array();
@ -2168,7 +2168,7 @@ class AttributesController extends AppController {
$event_ids = $this->Attribute->find('list', array(
'recursive' => -1,
'contain' => array('Event'),
'fields' => array('Event.id'),
'fields' => array('Event.id'),
'conditions' => array(
'OR' => array(
'AND' => array(

16
app/Controller/Component/ACLComponent.php
View File

@ -361,7 +361,7 @@ class ACLComponent extends Component {
public function checkAccess($user, $controller, $action) {
if ($user['Role']['perm_site_admin']) return true;
if (!isset($this->__aclList[$controller])) $this->__error(404, 'Invalid controller.');
if ($user['Role']['perm_site_admin']) return true;
if ($user['Role']['perm_site_admin']) return true;
if (isset($this->__aclList[$controller][$action]) && !empty($this->__aclList[$controller][$action])) {
if (in_array('*', $this->__aclList[$controller][$action])) return true;
if (isset($this->__aclList[$controller][$action]['OR'])) {
@ -377,13 +377,13 @@ class ACLComponent extends Component {
private function __error($code, $message) {
switch ($code) {
case 404:
case 404:
throw new NotFoundException($message);
break;
case 403:
throw new MethodNotAllowedException($message);
default:
throw new InternalErrorException('Unknown error: ' . $message);
throw new InternalErrorException('Unknown error: ' . $message);
}
}
@ -409,15 +409,15 @@ class ACLComponent extends Component {
$results = $this->__findAllFunctions();
ksort($results);
return $results;
}
}
public function findMissingFunctionNames($content = false) {
$results = $this->__findAllFunctions();
$missing = array();
foreach ($results as $controller => &$functions) {
foreach ($functions as &$function) {
if (!isset($this->__aclList[$controller])
|| !in_array($function, array_keys($this->__aclList[$controller])))
if (!isset($this->__aclList[$controller])
|| !in_array($function, array_keys($this->__aclList[$controller])))
$missing[$controller][] = $function;
}
}
@ -431,7 +431,7 @@ class ACLComponent extends Component {
if (is_numeric($content)) $conditions = array('Role.id' => $content);
$roles = $this->Role->find('all', array(
'recursive' => -1,
'conditions' => $conditions
'conditions' => $conditions
));
if (empty($roles)) throw new NotFoundException('Role not found.');
foreach ($roles as &$role) {
@ -451,7 +451,7 @@ class ACLComponent extends Component {
else if (in_array('*', $permissions)) $result[] = DS . $controllerName . DS . $action . DS . '*';
else if (isset($permissions['OR'])) {
$access = false;
foreach ($permissions['OR'] as $permission) if ($role[$permission]) $access = true;
foreach ($permissions['OR'] as $permission) if ($role[$permission]) $access = true;
if ($access) $result[] = DS . $controllerName . DS . $action . DS . '*';
} else if (isset($permissions['AND'])) {
$access = true;

2
app/Controller/Component/ApacheSecureAuthComponent.php
View File

@ -6,7 +6,7 @@ class ApacheSecureAuthComponent extends AuthComponent {
/**
* No brute force safeguard needed because Apache does the job
*
*
* If $user is provided that data will be stored as the logged in user. If $user is empty or not
* specified, the request will be used to identify a user. If the identification was successful,
* the user record is written to the session key specified in AuthComponent::$sessionKey. Logging in

4
app/Controller/Component/Auth/ApacheAuthenticate.php
View File

@ -38,7 +38,7 @@ class ApacheAuthenticate extends BaseAuthenticate {
$ldapconn = ldap_connect(Configure::read('ApacheSecureAuth.ldapServer'))
or die('LDAP server connection failed');
// LDAP protocol configuration
// LDAP protocol configuration
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, Configure::read('ApacheSecureAuth.ldapProtocol'));
if ($ldapconn) {
@ -91,7 +91,7 @@ class ApacheAuthenticate extends BaseAuthenticate {
$org_id = $firstOrg['Organisation']['id'];
}
// create user
// create user
$userData = array('User' => array(
'email' => $mispUsername,
'org_id' => $org_id,

2
app/Controller/Component/BlackListComponent.php
View File

@ -138,7 +138,7 @@ class BlackListComponent extends Component {
$this->controller->Session->setFlash(__('Could not remove the blacklist entry'));
}
$this->controller->redirect(array('action' => 'index'));
}
}
public $controller;

54
app/Controller/Component/IOCImportComponent.php
View File

@ -16,45 +16,45 @@ class IOCImportComponent extends Component {
// - replace: passed attribute values will replace the $[component position] substring to form the final attribute value
private $attributeComposition = array(
array(
'components' => array('filename', 'md5'),
'returnFormat' => 'filename|md5',
'returnCategory' => 'Payload installation',
'components' => array('filename', 'md5'),
'returnFormat' => 'filename|md5',
'returnCategory' => 'Payload installation',
'replace'=> '$0|$1'
),
array(
'components' => array('filename', 'sha1'),
'returnFormat' => 'filename|sha1',
'returnCategory' => 'Payload installation',
'components' => array('filename', 'sha1'),
'returnFormat' => 'filename|sha1',
'returnCategory' => 'Payload installation',
'replace'=> '$0|$1'
),
array(
'components' => array('filename', 'sha256'),
'returnFormat' => 'filename|sha256',
'returnCategory' => 'Payload installation',
'components' => array('filename', 'sha256'),
'returnFormat' => 'filename|sha256',
'returnCategory' => 'Payload installation',
'replace'=> '$0|$1'
),
array(
'components' => array('regkey', 'tempRegValue'),
'returnFormat' => 'regkey|value',
'returnCategory' => 'Persistence mechanism',
'components' => array('regkey', 'tempRegValue'),
'returnFormat' => 'regkey|value',
'returnCategory' => 'Persistence mechanism',
'replace'=> '$0|$1'
),
array(
'components' => array('filename', 'tempCertificateSubject'),
'returnFormat' => 'filename',
'returnCategory' => 'Payload installation',
'components' => array('filename', 'tempCertificateSubject'),
'returnFormat' => 'filename',
'returnCategory' => 'Payload installation',
'replace'=> '$0'
),
array(
'components' => array('filename', 'tempExtension'),
'returnFormat' => 'filename',
'returnCategory' => 'Payload installation',
'components' => array('filename', 'tempExtension'),
'returnFormat' => 'filename',
'returnCategory' => 'Payload installation',
'replace'=> '$0.$1'
),
array(
'components' => array('regkey', 'tempRegName', 'tempRegValue'),
'returnFormat' => 'regkey|value',
'returnCategory' => 'Persistence mechanism',
'components' => array('regkey', 'tempRegName', 'tempRegValue'),
'returnFormat' => 'regkey|value',
'returnCategory' => 'Persistence mechanism',
'replace'=> '$0$1|$2'
),
);
@ -141,7 +141,7 @@ class IOCImportComponent extends Component {
// Since the tree created by simplexml is a bit of a pain to traverse (partially because of branches with 1 leaves and with several leaves ending up in a different format -
// $branch['leaf'] vs $branch[0]['leaf'] we convert it to an easier to deal with tree structure
// This tree also only contains the information that we care about.
$tree = array(
$tree = array(
'type' => 'OR',
'branches' => array(),
'leaves' => array()
@ -596,11 +596,11 @@ class IOCImportComponent extends Component {
$value = str_replace('$' . $k, $v, $value);
}
return array(
'type' => $composition['returnFormat'],
'category' => $composition['returnCategory'],
'value' => $value,
'to_ids' => $this->typeToIdsSettings[$composition['returnFormat']],
'distribution' => $this->distribution,
'type' => $composition['returnFormat'],
'category' => $composition['returnCategory'],
'value' => $value,
'to_ids' => $this->typeToIdsSettings[$composition['returnFormat']],
'distribution' => $this->distribution,
'comment' => 'OpenIOC import from file ' . $this->filename . ' - Original UUIDs:' . PHP_EOL . implode(PHP_EOL, $uuids),
);
}

34
app/Controller/EventsController.php
View File

@ -29,7 +29,7 @@ class EventsController extends AppController {
'Event.timestamp' => 'DESC'
),
'contain' => array(
'Org' => array('fields' => array('id', 'name')),
'Org' => array('fields' => array('id', 'name')),
'Orgc' => array('fields' => array('id', 'name')),
'SharingGroup' => array('fields' => array('id', 'name'))
)
@ -97,7 +97,7 @@ class EventsController extends AppController {
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
),
)
)
)
)
)
);
@ -228,7 +228,7 @@ class EventsController extends AppController {
$orgs = $this->Event->Org->find('list', array(
'conditions' => array('lower(name) LIKE' => '%' . strtolower($value) . '%'),
'recursive' => -1,
'fields' => array('id')
'fields' => array('id')
));
if (!empty($orgs)) $conditions['OR']['orgc_id'] = array_values($orgs);
$conditions['OR']['lower(info) LIKE'] = '%' . strtolower($value) .'%';
@ -266,7 +266,7 @@ class EventsController extends AppController {
// check each of the passed arguments whether they're a filter (could also be a sort for example) and if yes, add it to the pagination conditions
foreach ($passedArgs as $k => $v) {
if (substr($k, 0, 6) === 'search') {
if ($urlparams != "") $urlparams .= "/";
if ($urlparams != "") $urlparams .= "/";
$urlparams .= $k . ":" . $v;
$searchTerm = substr($k, 6);
switch ($searchTerm) {
@ -584,7 +584,7 @@ class EventsController extends AppController {
'published' => 2,
'org' => array('OR' => array(), 'NOT' => array()),
'tag' => array('OR' => array(), 'NOT' => array()),
'eventid' => array('OR' => array(), 'NOT' => array()),
'eventid' => array('OR' => array(), 'NOT' => array()),
'date' => array('from' => "", 'until' => ""),
'eventinfo' => array('OR' => array(), 'NOT' => array()),
'threatlevel' => array('OR' => array(), 'NOT' => array()),
@ -984,7 +984,7 @@ class EventsController extends AppController {
if (!isset($sgs[$this->request->data['Event']['sharing_group_id']])) throw new MethodNotAllowedException('Invalid Sharing Group or not authorised.');
}
} else {
// If the distribution is set to something "traditional", set the SG id to 0.
// If the distribution is set to something "traditional", set the SG id to 0.
$this->request->data['Event']['sharing_group_id'] = 0;
}
if ($this->_isRest()) {
@ -1124,7 +1124,7 @@ class EventsController extends AppController {
$this->Session->setFlash(__('You may only upload MISP XML or MISP JSON files.'));
}
if (isset($this->data['Event']['submittedfile'])) {
if (Configure::read('MISP.take_ownership_xml_import')
if (Configure::read('MISP.take_ownership_xml_import')
&& (isset($this->data['Event']['takeownership']) && $this->data['Event']['takeownership'] == 1)) {
$results = $this->_addMISPExportFile($ext, true);
} else {
@ -1724,7 +1724,7 @@ class EventsController extends AppController {
throw new UnauthorizedException('You have to be logged in to do that.');
}
$user = $this->Auth->user();
}
}
$this->loadModel('Attribute');
$rules = $this->Attribute->hids($this->Auth->user(), $type, $tags, $from, $to, $last);
$this->set('rules', $rules);
@ -1733,7 +1733,7 @@ class EventsController extends AppController {
// csv function
// Usage: csv($key, $eventid) - key can be a valid auth key or the string 'download'. Download requires the user to be logged in interactively and will generate a .csv file
// $eventid can be one of 3 options: left empty it will get all the visible to_ids attributes,
// $ignore is a flag that allows the export tool to ignore the ids flag. 0 = only IDS signatures, 1 = everything.
// $ignore is a flag that allows the export tool to ignore the ids flag. 0 = only IDS signatures, 1 = everything.
public function csv($key, $eventid = false, $ignore = false, $tags = false, $category = false, $type = false, $includeContext = false, $from = false, $to = false, $last = false, $headerless = false) {
$simpleFalse = array('eventid', 'ignore', 'tags', 'category', 'type', 'includeContext', 'from', 'to', 'last', 'headerless');
foreach ($simpleFalse as $sF) {
@ -2198,7 +2198,7 @@ class EventsController extends AppController {
$tool = strtoupper($type) . 'ConverterTool';
$converter = new $tool();
$body = $converter->eventCollection2Format($results);
$body = $converter->frameCollection($body, $this->mispVersion);
$body = $converter->frameCollection($body, $this->mispVersion);
$this->response->body($body);
$this->response->download('misp.search.results.' . $type);
return $this->response;
@ -2501,7 +2501,7 @@ class EventsController extends AppController {
'analysis' => 0,
'org_id' => $this->Auth->user('org_id'),
'orgc_id' => $this->Auth->user('org_id'),
'timestamp' => $ts,
'timestamp' => $ts,
'uuid' => $this->Event->generateUuid(),
'user_id' => $this->Auth->user('id'),
));
@ -2556,7 +2556,7 @@ class EventsController extends AppController {
'contain' => array(
'User' => array(
'fields' => array(
'User.email'
'User.email'
)),
'ShadowAttribute'=> array(
'fields' => array(
@ -2615,7 +2615,7 @@ class EventsController extends AppController {
$this->Event->recurisve = -1;
$event = $this->Event->read(array('id', 'org_id', 'orgc_id', 'distribution', 'sharing_group_id'), $id);
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
if (!$this->_isSiteAdmin() && !$this->userRole['perm_sync']) {
if (!$this->userRole['perm_tagger'] || ($this->Auth->user('org_id') !== $event['Event']['org_id'] && $this->Auth->user('org_id') !== $event['Event']['orgc_id'])) {
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You don\'t have permission to do that.')), 'status'=>200));
}
@ -2978,7 +2978,7 @@ class EventsController extends AppController {
}
}
if ($success) {
if ($counter) {
if ($counter) {
$message = $counter . " Proposal(s) added.";
} else {
$message = "Nothing to update.";
@ -3072,7 +3072,7 @@ class EventsController extends AppController {
);
if ($event['Event']['published'] == 0) {
foreach ($exports as $k => $export) {
if ($export['requiresPublished']) unset($exports[$k]);
if ($export['requiresPublished']) unset($exports[$k]);
}
$exports['csv'] = array(
'url' => '/events/csv/download/' . $id . '/1',
@ -3158,7 +3158,7 @@ class EventsController extends AppController {
if (!$this->userRole['perm_modify_org']) {
$conditions[] = array('Event.user_id' => $this->Auth->user('id'));
}
}
}
$event = $this->Event->find('first', array(
'recursive' => -1,
'conditions' => $conditions,
@ -3170,7 +3170,7 @@ class EventsController extends AppController {
} else {
$this->Event->create();
$result = $this->Event->save(
array(
array(
'info' => $data['info'],
'analysis' => $data['analysis'],
'threat_level_id' => $data['threat_level_id'],

8
app/Controller/FeedsController.php
View File

@ -45,7 +45,7 @@ class FeedsController extends AppController {
public function add() {
if ($this->request->is('post')) {
if (isset($this->request->data['Feed']['pull_rules'])) $this->request->data['Feed']['rules'] = $this->request->data['Feed']['pull_rules'];
if ($this->request->data['Feed']['distribution'] != 4) $this->request->data['Feed']['sharing_group_id'] = 0;
if ($this->request->data['Feed']['distribution'] != 4) $this->request->data['Feed']['sharing_group_id'] = 0;
$this->request->data['Feed']['default'] = 0;
$result = $this->Feed->save($this->request->data);
if ($result) {
@ -183,7 +183,7 @@ class FeedsController extends AppController {
$this->Feed->read();
$HttpSocket = $syncTool->setupHttpSocketFeed($this->Feed->data);
$events = $this->Feed->getManifest($this->Feed->data, $HttpSocket);
if (isset($events['code'])) throw new NotFoundException('Feed could not be fetched. The HTTP error code returned was: ' .$events['code']);
if (isset($events['code'])) throw new NotFoundException('Feed could not be fetched. The HTTP error code returned was: ' .$events['code']);
$pageCount = count($events);
App::uses('CustomPaginationTool', 'Tools');
$customPagination = new CustomPaginationTool();
@ -203,7 +203,7 @@ class FeedsController extends AppController {
$this->set('shortDist', $shortDist);
$this->set('id', $feedId);
$this->set('feed', $this->Feed->data);
$this->set('urlparams', $urlparams);
$this->set('urlparams', $urlparams);
$this->set('passedArgs', json_encode($passedArgs));
$this->set('passedArgsArray', $passedArgs);
}
@ -250,7 +250,7 @@ class FeedsController extends AppController {
} else {
$this->set('errors', $result);
$this->set('_serialize', array('name', 'message', 'url', 'errors'));
}
}
}
public function disable($id) {

4
app/Controller/JobsController.php
View File

@ -69,7 +69,7 @@ class JobsController extends AppController {
public function getProgress($type) {
$org = $this->Auth->user('Organisation')['name'];
if ($this->_isSiteAdmin()) $org = 'ADMIN';
if ($this->_isSiteAdmin()) $org = 'ADMIN';
$progress = $this->Job->find('first', array(
'conditions' => array(
'job_type' => $type,
@ -89,7 +89,7 @@ class JobsController extends AppController {
public function cache($type) {
if ($this->_isSiteAdmin()) {
$target = 'All events.';
} else {
} else {
$target = 'Events visible to: '.$this->Auth->user('Organisation')['name'];
}
$id = $this->Job->cache($type, $this->Auth->user(), $target);

2
app/Controller/OrganisationsController.php
View File

@ -215,7 +215,7 @@ class OrganisationsController extends AppController {
} else {
$currentOrg = $this->Organisation->find('first', array('fields' => array('id', 'name', 'uuid', 'local'), 'recursive' => -1, 'conditions' => array('Organisation.id' => $id)));
$orgs['local'] = $this->Organisation->find('all', array(
'fields' => array('id', 'name', 'uuid'),
'fields' => array('id', 'name', 'uuid'),
'conditions' => array('Organisation.id !=' => $id, 'Organisation.local' => true),
'order' => 'lower(Organisation.name) ASC'
));

14
app/Controller/PostsController.php
View File

@ -24,12 +24,12 @@ class PostsController extends AppController {
parent::beforeFilter();
}
// Find the thread_id and post_id in advance. If a user clicks post comment on the event view, send the event's related thread's ID
// Find the thread_id and post_id in advance. If a user clicks post comment on the event view, send the event's related thread's ID
// Usage:
// /posts/add : Creates new thread with the added post as the first post. Title set by user
// /posts/add/event/id : Checks if the event already has a thread, if no it creates one. The post is added to the event's thread
// /posts/add/thread/id : Adds a post to the thread specified
// /posts/add/post/id : Adds a post as a reply to another post. The system finds the appropriate thread, adds the post to the thread and links to the post that is being replied to.
// /posts/add/post/id : Adds a post as a reply to another post. The system finds the appropriate thread, adds the post to the thread and links to the post that is being replied to.
public function add($target_type = null, $target_id = null, $quick = false) {
$this->loadModel('Thread');
$this->Thread->recursive = -1;
@ -37,8 +37,8 @@ class PostsController extends AppController {
$event_id = 0;
$post_id = 0;
if ($this->request->is('ajax')) $this->layout = 'ajax';
// we have a target type and a target id. The target id defines what type of object we want to attach this event to (is it a reply to another post,
// did someone add a post to a thread, does a thread for the event exist already, etc.
// we have a target type and a target id. The target id defines what type of object we want to attach this event to (is it a reply to another post,
// did someone add a post to a thread, does a thread for the event exist already, etc.
switch ($target_type) {
case 'event' :
$this->loadModel('Event');
@ -114,7 +114,7 @@ class PostsController extends AppController {
if ($target_thread_id == null) {
// We have a post that was posted in a new thread. This could also mean that someone created the first post related to an event!
$this->Thread->create();
// Take the title from above if we are adding a post to an event.
// Take the title from above if we are adding a post to an event.
if ($target_type === 'event') {
$title = $eventDiscussionTitle;
}
@ -137,7 +137,7 @@ class PostsController extends AppController {
$this->Thread->data['Thread']['date_modified'] = date('Y/m/d H:i:s');
$this->Thread->save();
}
// Time to create our post!
// Time to create our post!
$this->Post->create();
$newPost = array(
'date_created' => date('Y/m/d H:i:s'),
@ -145,7 +145,7 @@ class PostsController extends AppController {
'user_id' => $this->Auth->user('id'),
'contents' => $this->request->data['Post']['message'],
'post_id' => $post_id,
'thread_id' => $target_thread_id,
'thread_id' => $target_thread_id,
);
if ($this->Post->save($newPost)) {
$this->Thread->recursive = 0;

30
app/Controller/ServersController.php
View File

@ -42,7 +42,7 @@ class ServersController extends AppController {
switch ($this->request->params['action']) {
case 'push':
case 'pull':
case 'getVersion':
case 'getVersion':
case 'testConnection':
$this->Security->csrfUseOnce = false;
}
@ -73,7 +73,7 @@ class ServersController extends AppController {
public function previewIndex($id) {
if (isset($this->passedArgs['pages'])) $currentPage = $this->passedArgs['pages'];
else $currentPage = 1;
else $currentPage = 1;
$urlparams = '';
$passedArgs = array();
if (!$this->_isSiteAdmin()) {
@ -85,8 +85,8 @@ class ServersController extends AppController {
foreach($validFilters as $k => $filter) {
if (isset($this->passedArgs[$filter])) {
$passedArgs[$filter] = $this->passedArgs[$filter];
if ($k != 0) $urlparams .= '/';
$urlparams .= $filter . ':' . $this->passedArgs[$filter];
if ($k != 0) $urlparams .= '/';
$urlparams .= $filter . ':' . $this->passedArgs[$filter];
}
}
$events = $this->Server->previewIndex($id, $this->Auth->user(), array_merge($this->passedArgs, $passedArgs));
@ -109,7 +109,7 @@ class ServersController extends AppController {
$this->set('shortDist', $shortDist);
$this->set('ajax', $this->request->is('ajax'));
$this->set('id', $id);
$this->set('urlparams', $urlparams);
$this->set('urlparams', $urlparams);
$this->set('passedArgs', json_encode($passedArgs));
$this->set('passedArgsArray', $passedArgs);
$this->set('server', $server);
@ -454,7 +454,7 @@ class ServersController extends AppController {
break;
case '4' :
$this->redirect(array('action' => 'index'));
break;
break;
}
$this->redirect($this->referer());
} else {
@ -549,7 +549,7 @@ class ServersController extends AppController {
$dir = new Folder(APP . "files" . DS . "certs", true);
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $server['Server']['submitted_cert']['name'])) throw new Exception ('Filename not allowed');
$pemfile = new File($destpath . $id . '.' . $ext);
$result = $pemfile->write($pemData);
$result = $pemfile->write($pemData);
$s = $this->Server->read(null, $id);
$s['Server']['cert_file'] = $s['Server']['id'] . '.' . $ext;
if ($result) $this->Server->save($s);
@ -600,23 +600,23 @@ class ServersController extends AppController {
$sessionErrors = array(0 => 'OK', 1 => 'High', 2 => 'Alternative setting used', 3 => 'Test failed');
$finalSettings = $this->Server->serverSettingsRead();
$issues = array(
$issues = array(
'errors' => array(
0 => array(
'value' => 0,
'description' => 'MISP will not operate correctly or will be unsecure until these issues are resolved.'
),
),
1 => array(
'value' => 0,
'description' => 'Some of the features of MISP cannot be utilised until these issues are resolved.'
),
),
2 => array(
'value' => 0,
'description' => 'There are some optional tweaks that could be done to improve the looks of your MISP instance.'
),
),
'deprecated' => array(),
'overallHealth' => 3,
'overallHealth' => 3,
);
$dumpResults = array();
$tempArray = array();
@ -655,17 +655,17 @@ class ServersController extends AppController {
'explanation' => 'The maximum duration that a script can run (does not affect the background workers). A too low number will break long running scripts like comprehensive API exports',
'recommended' => 300,
'unit' => false
),
),
'memory_limit' => array(
'explanation' => 'The maximum memory that PHP can consume. It is recommended to raise this number since certain exports can generate a fair bit of memory usage',
'recommended' => 512,
'unit' => 'M'
),
),
'upload_max_filesize' => array(
'explanation' => 'The maximum size that an uploaded file can be. It is recommended to raise this number to allow for the upload of larger samples',
'recommended' => 50,
'unit' => 'M'
),
),
'post_max_size' => array(
'explanation' => 'The maximum size of a POSTed message, this has to be at least the same size as the upload_max_filesize setting',
'recommended' => 50,
@ -1061,7 +1061,7 @@ class ServersController extends AppController {
$this->set('events', $result['publishCount']);
$this->set('time', date('Y/m/d H:i:s', $result['timestamp']));
$this->set('time2', date('Y/m/d H:i:s', $result['timestampSettings']));
}
}
$this->render('ajax/zeromqstatus');
}

32
app/Controller/ShadowAttributesController.php
View File

@ -61,13 +61,13 @@ class ShadowAttributesController extends AppController {
$this->loadModel('Attribute');
$this->Attribute->Behaviors->detach('SysLogLogable.SysLogLogable');
$shadow = $this->ShadowAttribute->find(
'first',
'first',
array(
'recursive' => -1,
'conditions' => array(
'ShadowAttribute.id' => $id,
'deleted' => false
),
),
)
);
if (empty($shadow)) return array('false' => true, 'errors' => 'Proposal not found or you are not authorised to accept it.');
@ -95,7 +95,7 @@ class ShadowAttributesController extends AppController {
}
$date = new DateTime();
if (isset($shadow['proposal_to_delete']) && $shadow['proposal_to_delete']) {
$this->Attribute->delete($activeAttribute['Attribute']['id']);
$this->Attribute->delete($activeAttribute['Attribute']['id']);
} else {
// Update the live attribute with the shadow data
$fieldsToUpdate = array('value1', 'value2', 'value', 'type', 'category', 'comment', 'to_ids');
@ -280,7 +280,7 @@ class ShadowAttributesController extends AppController {
}
} else {
if ($this->_isRest()) {
throw new MethodNotAllowedException('Could not discard proposal.');
throw new MethodNotAllowedException('Could not discard proposal.');
} else {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('false' => true, 'errors' => 'Could not discard proposal.')),'status'=>200));
@ -316,7 +316,7 @@ class ShadowAttributesController extends AppController {
}
$event = $this->ShadowAttribute->Event->fetchEvent($this->Auth->user(), array('eventid' => $eventId));
if (empty($event)) throw new NotFoundException('Invalid Event');
$event = $event[0];
$event = $event[0];
if ($this->request->is('post')) {
if (isset($this->request->data['request'])) $this->request->data = $this->request->data['request'];
@ -419,9 +419,9 @@ class ShadowAttributesController extends AppController {
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Proposal added' . $emailResult)),'status'=>200));
} else if($this->_isRest()) {
$sa = $this->ShadowAttribute->find(
'first',
'first',
array(
'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id),
'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id),
'recursive' => -1,
'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp')
)
@ -437,7 +437,7 @@ class ShadowAttributesController extends AppController {
$this->autoRender = false;
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $this->ShadowAttribute->validationErrors)),'status'=>200));
} else if($this->_isRest()) {
$message = '';
$message = '';
foreach ($this->ShadowAttribute->validationErrors as $k => $v) {
$message .= '[' . $k . ']: ' . $v[0] . PHP_EOL;
}
@ -509,7 +509,7 @@ class ShadowAttributesController extends AppController {
public function add_attachment($eventId = null) {
$event = $this->ShadowAttribute->Event->fetchEvent($this->Auth->user(), array('eventid' => $eventId));
if (empty($event)) throw new NotFoundException('Invalid Event');
$event = $event[0];
$event = $event[0];
if ($this->request->is('post')) {
// Check if there were problems with the file upload
@ -747,9 +747,9 @@ class ShadowAttributesController extends AppController {
}
$existingAttribute = $this->ShadowAttribute->Event->Attribute->find(
'first',
'first',
array(
'recursive' => -1,
'recursive' => -1,
'conditions' => array(
'Attribute.id' => $id
),
@ -803,7 +803,7 @@ class ShadowAttributesController extends AppController {
'recursive' => -1,
'contain' => 'Event',
'fields' => array(
'ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id',
'ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id',
'Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.distribution', 'Event.uuid'
),
'conditions' => array('AND' => array('ShadowAttribute.id' => $id, $distConditions, 'ShadowAttribute.deleted' => 0))
@ -814,7 +814,7 @@ class ShadowAttributesController extends AppController {
$a = $this->ShadowAttribute->Event->Attribute->find('first', array(
'recursive' => -1,
'fields' => array('Attribute.id', 'Attribute.distribution'),
'conditions' => array('Attribute.id' => $sa['ShadowAttribute']['old_id'], 'Attribute.distribution >' => 0)
'conditions' => array('Attribute.id' => $sa['ShadowAttribute']['old_id'], 'Attribute.distribution >' => 0)
));
if (empty($a)) throw new NotFoundException('Invalid proposal.');
}
@ -870,7 +870,7 @@ class ShadowAttributesController extends AppController {
}
}
// takes a uuid and finds all proposals that belong to an event with the given uuid. These are then returned.
// takes a uuid and finds all proposals that belong to an event with the given uuid. These are then returned.
public function getProposalsByUuid($uuid) {
if (!$this->_isRest() || !$this->userRole['perm_sync']) {
throw new MethodNotAllowedException(__('This feature is only available using the API to Sync users'));
@ -883,8 +883,8 @@ class ShadowAttributesController extends AppController {
'recursive' => -1,
'contain' => array(
'Org' => array('fields' => array('uuid', 'name')),
'EventOrg' => array('fields' => array('uuid', 'name')),
)
'EventOrg' => array('fields' => array('uuid', 'name')),
)
));
foreach ($temp as &$t) {
if ($this->ShadowAttribute->typeIsAttachment($t['ShadowAttribute']['type'])) {

6
app/Controller/SharingGroupsController.php
View File

@ -100,14 +100,14 @@ class SharingGroupsController extends AppController {
'contain' => array(
'SharingGroupOrg' => array(
'Organisation' => array('name', 'local', 'id')
),
),
'SharingGroupServer' => array(
'Server' => array(
'fields' => array('name', 'url', 'id')
)
),
),
'Organisation' => array(
'fields' => array('name', 'local', 'id')
'fields' => array('name', 'local', 'id')
),
),
));

12
app/Controller/TagsController.php
View File

@ -67,7 +67,7 @@ class TagsController extends AppController {
}
unset($tag['EventTag']);
if (!empty($tag['FavouriteTag'])) {
foreach ($tag['FavouriteTag'] as &$ft) if ($ft['user_id'] == $this->Auth->user('id')) $tag['Tag']['favourite'] = true;
foreach ($tag['FavouriteTag'] as &$ft) if ($ft['user_id'] == $this->Auth->user('id')) $tag['Tag']['favourite'] = true;
if (!isset($tag['Tag']['favourite'])) $tag['Tag']['favourite'] = false;
} else $tag['Tag']['favourite'] = false;
unset($tag['FavouriteTag']);
@ -98,7 +98,7 @@ class TagsController extends AppController {
public function add() {
if (!$this->_isSiteAdmin() && !$this->userRole['perm_tag_editor']) throw new NotFoundException('You don\'t have permission to do that.');
if ($this->request->is('post')) {
if (isset($this->request->data['Tag']['request'])) $this->request->data['Tag'] = $this->request->data['Tag']['request'];
if (isset($this->request->data['Tag']['request'])) $this->request->data['Tag'] = $this->request->data['Tag']['request'];
if (!isset($this->request->data['Tag']['colour'])) $this->request->data['Tag']['colour'] = $this->Tag->random_color();
if (isset($this->request->data['Tag']['id'])) unset($this->request->data['Tag']['id']);
if ($this->Tag->save($this->request->data)) {
@ -108,7 +108,7 @@ class TagsController extends AppController {
} else {
if ($this->_isRest()) {
$error_message = '';
foreach ($this->Tag->validationErrors as $k => $v) $error_message .= '[' . $k . ']: ' . $v[0];
foreach ($this->Tag->validationErrors as $k => $v) $error_message .= '[' . $k . ']: ' . $v[0];
throw new MethodNotAllowedException('Could not add the Tag. ' . $error_message);
} else {
$this->Session->setFlash('The tag could not be saved. Please, try again.');
@ -189,7 +189,7 @@ class TagsController extends AppController {
'recursive' => -1,
'contain' => array('EventTag' => array('fields' => 'event_id'))
));
if (empty($tag)) throw MethodNotAllowedException('Invalid Tag');
if (empty($tag)) throw MethodNotAllowedException('Invalid Tag');
$eventIDs = array();
if (empty($tag['EventTag'])) $tag['Tag']['count'] = 0;
else {
@ -329,7 +329,7 @@ class TagsController extends AppController {
$tags[$r['Tag']['name']] = $r[0]['count'];
$totalCount += $r[0]['count'];
foreach ($taxonomies as $taxonomy => $count) {
if (substr(strtolower($r['Tag']['name']), 0, strlen($taxonomy)) === strtolower($taxonomy)) $taxonomies[$taxonomy] += $r[0]['count'];
if (substr(strtolower($r['Tag']['name']), 0, strlen($taxonomy)) === strtolower($taxonomy)) $taxonomies[$taxonomy] += $r[0]['count'];
}
}
if ($keysort === 'true') {
@ -338,7 +338,7 @@ class TagsController extends AppController {
} else {
arsort($tags);
arsort($taxonomies);
}
}
if ($percentage === 'true') {
foreach ($tags as $tag => &$count) {
$count = round(100 * $count / $totalCount, 3) . '%';

2
app/Controller/TasksController.php
View File

@ -32,7 +32,7 @@ class TasksController extends AppController {
}
// checks if all the mandatory tasks exist, and if not, creates them
// default tasks are:
// default tasks are:
// 'cache_exports'
private function __checkTasks() {
$existingTasks = $this->Task->find('list', array('fields' => array('type')));

6
app/Controller/TaxonomiesController.php
View File

@ -29,7 +29,7 @@ class TaxonomiesController extends AppController {
foreach ($taxonomies as &$taxonomy) {
$total = 0;
foreach ($taxonomy['TaxonomyPredicate'] as &$predicate) {
$total += empty($predicate['TaxonomyEntry']) ? 1 : count($predicate['TaxonomyEntry']);
$total += empty($predicate['TaxonomyEntry']) ? 1 : count($predicate['TaxonomyEntry']);
}
$taxonomy['total_count'] = $total;
$taxonomy['current_count'] = $this->Tag->find('count', array('conditions' => array('lower(Tag.name) LIKE ' => strtolower($taxonomy['Taxonomy']['namespace']) . ':%')));
@ -136,7 +136,7 @@ class TaxonomiesController extends AppController {
'change' => $change,
));
$successes++;
}
}
}
if (isset($result['fails'])) {
foreach ($result['fails'] as $id => &$fail) {
@ -185,7 +185,7 @@ class TaxonomiesController extends AppController {
if (isset($this->request->data['Taxonomy'])) {
$this->request->data['Tag'] = $this->request->data['Taxonomy'];
unset($this->request->data['Taxonomy']);
}
}
if (isset($this->request->data['Tag']['request'])) $this->request->data['Tag'] = $this->request->data['Tag']['request'];
if (!isset($this->request->data['Tag']['nameList'])) $this->request->data['Tag']['nameList'] = array($this->request->data['Tag']['name']);
else $this->request->data['Tag']['nameList'] = json_decode($this->request->data['Tag']['nameList'], true);

2
app/Controller/TemplateElementsController.php
View File

@ -142,7 +142,7 @@ class TemplateElementsController extends AppController {
$ModelType = 'TemplateElement' . ucfirst($type);
$templateElement = $this->TemplateElement->find('first', array(
'conditions' => array('TemplateElement.id' => $id),
'contain' => array('Template', $ModelType)
'contain' => array('Template', $ModelType)
));
$this->set('template_id', $templateElement['Template']['id']);
if (!$this->_isSiteAdmin() && !$this->TemplateElement->Template->checkAuthorisation($id, $this->Auth->user(), true)) return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'You are not authorised to do that.')), 'status' => 200));

12
app/Controller/TemplatesController.php
View File

@ -70,7 +70,7 @@ class TemplatesController extends AppController {
));
foreach($oldTags as $k => $oT) {
if (!in_array($oT['Tag'], $newTags)) $this->TemplateTag->delete($oT['TemplateTag']['id']);
if (!in_array($oT['Tag'], $newTags)) $this->TemplateTag->delete($oT['TemplateTag']['id']);
}
foreach($newTags as $k => $nT) {
@ -249,7 +249,7 @@ class TemplatesController extends AppController {
'TemplateElement' => array(
'TemplateElementAttribute',
'TemplateElementText',
'TemplateElementFile'
'TemplateElementFile'
),
'TemplateTag' => array(
'Tag'
@ -267,7 +267,7 @@ class TemplatesController extends AppController {
if (empty($template)) throw new MethodNotAllowedException('Template not found or you are not authorised to edit it.');
if (!$this->_isSiteAdmin()) {
if ($event['Event']['orgc_id'] != $this->Auth->user('org_id')) throw new MethodNotAllowedException('Event not found or you are not authorised to edit it.');
if ($template['Template']['org'] != $this->Auth->user('Organisation')['name'] && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
if ($template['Template']['org'] != $this->Auth->user('Organisation')['name'] && !$template['Template']['share']) throw new MethodNotAllowedException('Template not found or you are not authorised to use it.');
}
$this->set('template_id', $template_id);
@ -356,7 +356,7 @@ class TemplatesController extends AppController {
if ($fails == 0) $this->Session->setFlash(__('Event populated, ' . $count . ' attributes successfully created.'));
else $this->Session->setFlash(__('Event populated, but ' . $fails . ' attributes could not be saved.'));
$this->redirect(array('controller' => 'events', 'action' => 'view', $event_id));
} else {
} else {
throw new MethodNotAllowedException('No attributes submitted for creation.');
}
} else {
@ -413,8 +413,8 @@ class TemplatesController extends AppController {
return $array;
}
// deletes a temporary file created by the user while populating a template
// users can add files to attachment fields and when they change their mind about it, they can remove a file (deleting the temporary file)
// deletes a temporary file created by the user while populating a template
// users can add files to attachment fields and when they change their mind about it, they can remove a file (deleting the temporary file)
// before it gets saved as an attribute and moved to the persistent attachment store
public function deleteTemporaryFile($filename) {
if (!$this->request->is('post')) throw new MethodNotAllowedException('This action is restricted to accepting POST requests only.');

4
app/Controller/ThreadsController.php
View File

@ -192,7 +192,7 @@ class ThreadsController extends AppController {
if (!$this->_isSiteAdmin()) {
$conditions['AND']['OR'] = array(
'Thread.distribution' => array(1, 2, 3),
'AND' => array(
'AND' => array(
'Thread.distribution' => 0,
'Thread.org_id' => $this->Auth->user('org_id'),
),
@ -219,7 +219,7 @@ class ThreadsController extends AppController {
),
),
'Organisation' => array(
'fields' => array('id', 'name')
'fields' => array('id', 'name')
),
'SharingGroup' => array(
'fields' => array('id', 'name')

16
app/Controller/UsersController.php
View File

@ -224,7 +224,7 @@ class UsersController extends AppController {
if (isset($this->request->data['all']) && !empty($this->request->data['all'])) {
$passedArgs['searchall'] = $this->request->data['all'];
$conditions['OR'][] = array('User.email LIKE' => '%' . $passedArgs['searchall'] . '%');
}
}
}
$this->set('passedArgs', json_encode($passedArgs));
$this->paginate = array(
@ -295,7 +295,7 @@ class UsersController extends AppController {
}
$temp = $this->User->Organisation->find('all', array(
'conditions' => array('local' => 1),
'recursive' => -1,
'recursive' => -1,
'fields' => array('id', 'name'),
'order' => array('LOWER(name) ASC')
));
@ -583,7 +583,7 @@ class UsersController extends AppController {
if (!$this->request->is('post')) throw new MethodNotAllowedException('This feature is only accessible via POST requests');
$user = $this->User->find('first', array(
'recursive' => -1,
'conditions' => array('User.id' => $this->Auth->user('id'))
'conditions' => array('User.id' => $this->Auth->user('id'))
));
$this->User->id = $this->Auth->user('id');
$this->User->saveField('last_login', time());
@ -717,8 +717,8 @@ class UsersController extends AppController {
$newkey = $this->User->generateAuthKey();
$this->User->saveField('authkey', $newkey);
$this->__extralog(
'reset_auth_key',
'Authentication key for user ' . $user['User']['id'] . ' (' . $user['User']['email'] . ')',
'reset_auth_key',
'Authentication key for user ' . $user['User']['id'] . ' (' . $user['User']['email'] . ')',
$fieldsResult = 'authkey(' . $oldKey . ') => (' . $newkey . ')'
);
$this->Session->setFlash(__('New authkey generated.', true));
@ -794,7 +794,7 @@ class UsersController extends AppController {
$colours = $paletteTool->createColourPalette(count($sigTypes));
$typeDb = array();
foreach($sigTypes as $k => $type) {
$typeDb[$type] = $colours[$k];
$typeDb[$type] = $colours[$k];
}
$this->set('typeDb', $typeDb);
$this->set('sigTypes', $sigTypes);
@ -947,12 +947,12 @@ class UsersController extends AppController {
throw new MethodNotAllowedException('You are not authorised to do that.');
}
if ($this->request->is('post')) {
if (isset($this->request->data['User']['firstTime'])) $firstTime = $this->request->data['User']['firstTime'];
if (isset($this->request->data['User']['firstTime'])) $firstTime = $this->request->data['User']['firstTime'];
$org = Configure::read('MISP.org');
$options = array('passwordResetText', 'newUserText');
$subjects = array('[' . $org . ' MISP] New user registration', '[' . $org . ' MISP] Password reset');
$textToFetch = $options[($firstTime ? 0 : 1)];
$subject = $subjects[($firstTime ? 0 : 1)];
$subject = $subjects[($firstTime ? 0 : 1)];
$this->loadModel('Server');
$body = Configure::read('MISP.' . $textToFetch);
if (!$body) $body = $this->Server->serverSettings['MISP'][$textToFetch]['value'];

2
app/Lib/CamelCase.php
View File

@ -43,7 +43,7 @@ class CamelCase {
}
/**
*
*
**/
public function toCamelCase($underscored) {
//App::uses('Inflector', 'lib');

2
app/Lib/Export/HidsExport.php
View File

@ -11,7 +11,7 @@ class HidsExport {
array_unshift($this->rules, '# Keep in mind MD5 is not collision resistant');
} else if ($type === 'SHA1') {
array_unshift($this->rules, '# Keep in mind SHA-1 still has a theoretical collision possibility');
}
}
array_unshift($this->rules, '# These HIDS export contains ' . $type . ' checksums.');
}

8
app/Lib/Tools/ComplexTypeTool.php
View File

@ -23,10 +23,10 @@ class ComplexTypeTool {
break;
default:
return false;
}
}
}
// checks if the passed input matches a valid file description attribute's pattern (filename, md5, sha1, sha256, filename|md5, filename|sha1, filename|sha256)
// checks if the passed input matches a valid file description attribute's pattern (filename, md5, sha1, sha256, filename|md5, filename|sha1, filename|sha256)
public function checkComplexFile($input) {
$original = $input;
$type = '';
@ -135,7 +135,7 @@ class ComplexTypeTool {
if (preg_match('/(:[0-9]{2,5})$/', $inputRefanged, $port)) {
$comment = 'On port ' . substr($port[0], 1);
$inputRefangedNoPort = str_replace($port[0], '', $inputRefanged);
} else $inputRefangedNoPort = $inputRefanged;
} else $inputRefangedNoPort = $inputRefanged;
// check for IP
if (filter_var($inputRefangedNoPort, FILTER_VALIDATE_IP)) return array('types' => array('ip-dst', 'ip-src', 'ip-src/ip-dst'), 'to_ids' => true, 'default_type' => 'ip-dst', 'comment' => $comment, 'value' => $inputRefangedNoPort);
if (strpos($inputRefangedNoPort, '/')) {
@ -160,7 +160,7 @@ class ComplexTypeTool {
// check if it is a URL
// Adding http:// infront of the input in case it was left off. github.com/MISP/MISP should still be counted as a valid link
if (count($temp) > 1 && (filter_var($inputRefangedNoPort, FILTER_VALIDATE_URL) || filter_var('http://' . $inputRefangedNoPort, FILTER_VALIDATE_URL))) {
// TODO: add comment explaining why there is a check for a specific domain
// TODO: add comment explaining why there is a check for a specific domain
if (preg_match('/^https:\/\/www.virustotal.com\//i', $inputRefangedNoPort)) return array('types' => array('link'), 'to_ids' => false, 'default_type' => 'link', 'comment' => $comment, 'value' => $inputRefangedNoPort);
if (strpos($inputRefangedNoPort, '/')) return array('types' => array('url'), 'to_ids' => true, 'default_type' => 'url', 'comment' => $comment, 'value' => $inputRefangedNoPort);
}

2
app/Lib/Tools/CustomPaginationTool.php
View File

@ -35,7 +35,7 @@ class CustomPaginationTool {
if ($params['page'] < $maxPage) $params['nextPage'] = true;
}
$params['pageCount'] = $maxPage;
return $params;
return $params;
}
function truncateByPagination(&$items, $params) {

4
app/Lib/Tools/FinancialTool.php
View File

@ -110,7 +110,7 @@ class FinancialTool {
else $temp2 .= ord(strtolower($temp[$i])) - 87;
}
$temp = bcmod($temp2, 97);
return intval($temp)===1 ? true : false;
return intval($temp)===1 ? true : false;
}
public function validateBIC($bic) {
@ -142,7 +142,7 @@ class FinancialTool {
return false;
}
return false;
}
}
// based on the php implementation of the BTC address validation example from
// http://rosettacode.org/wiki/Bitcoin/address_validation

2
app/Lib/Tools/JSONConverterTool.php
View File

@ -72,7 +72,7 @@ class JSONConverterTool {
foreach ($array as $k => $element) {
$temp = $this->arrayPrinter($element, false);
if (!is_array($temp)) {
$resultArray[] = '[' . $k .']' . $temp;
$resultArray[] = '[' . $k .']' . $temp;
} else {
foreach ($temp as &$t) $resultArray[] = '[' . $k . ']' . $t;
}

2
app/Lib/Tools/XMLConverterTool.php
View File

@ -65,7 +65,7 @@ class XMLConverterTool {
unset($event['RelatedAttribute']);
}
else $event['Event']['RelatedAttribute'] = array();
foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
foreach ($attribute_w_relation as &$relation) {
$this->__sanitizeField($relation['info']);
$this->__sanitizeField($relation['value']);

8
app/Model/AppModel.php
View File

@ -260,7 +260,7 @@ class AppModel extends Model {
) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
$sqlArray[] = "INSERT INTO `admin_settings` (`setting`, `value`) VALUES ('db_version', '2.4.0')";
break;
case '2.4.18':
case '2.4.18':
$sqlArray[] = "ALTER TABLE `users` ADD `current_login` INT(11) DEFAULT 0;";
$sqlArray[] = "ALTER TABLE `users` ADD `last_login` INT(11) DEFAULT 0;";
$sqlArray[] = "CREATE TABLE IF NOT EXISTS `event_delegations` (
@ -367,7 +367,7 @@ class AppModel extends Model {
$sqlArray[] = "ALTER TABLE `attributes` ADD `deleted` tinyint(1) NOT NULL DEFAULT '0';";
break;
case '2.4.44':
$sqlArray[] = "UPDATE `servers` SET `url` = TRIM(TRAILING '/' FROM `url`)";
$sqlArray[] = "UPDATE `servers` SET `url` = TRIM(TRAILING '/' FROM `url`)";
break;
case '2.4.45':
$sqlArray[] = 'ALTER TABLE `users` CHANGE `newsread` `newsread` int(11) unsigned;';
@ -481,7 +481,7 @@ class AppModel extends Model {
return $version_array;
}
// wrapper for UUID generation, compatible with cakephp <= 2.6 and cakephp and cakephp >= 2.7
// wrapper for UUID generation, compatible with cakephp <= 2.6 and cakephp and cakephp >= 2.7
public function generateUuid() {
$version = Configure::version();
$version = explode('.', $version);
@ -503,7 +503,7 @@ class AppModel extends Model {
$field = array_keys($value);
$field = $field[0];
$value[$field] = trim($value[$field]);
if (!isset($value[$field]) || ($value[$field] == false && $value[$field] !== "0")) return ucfirst($field) . ' cannot be empty.';
if (!isset($value[$field]) || ($value[$field] == false && $value[$field] !== "0")) return ucfirst($field) . ' cannot be empty.';
return true;
}

42
app/Model/Attribute.php
View File

@ -138,7 +138,7 @@ class Attribute extends AppModel {
'btc' => array('desc' => 'Bitcoin Address'),//
'iban' => array('desc' => 'International Bank Account Number'),//
'bic' => array('desc' => 'Bank Identifier Code Number'),
'bank-account-nr' => array('desc' => 'Bank account number without any routing number'),
'bank-account-nr' => array('desc' => 'Bank account number without any routing number'),
'aba-rtn' => array('desc' => 'ABA routing transit number'),
'bin' => array('desc' => 'Bank Identification Number'),//
'cc-number' => array('desc' => 'Credit-Card Number'),//
@ -280,7 +280,7 @@ class Attribute extends AppModel {
// typeGroupings are a mapping to high level groups for attributes
// for example, IP addresses, domain names, hostnames and e-mail addresses are network related attribute types
// whilst filenames and hashes are file related attribute types
// This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?)
// This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?)
public $typeGroupings = array(
'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample', 'x509-fingerprint-sha1'),
'network' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-traffic', 'x509-fingerprint-sha1'),
@ -377,7 +377,7 @@ class Attribute extends AppModel {
);
// automatic resolution of complex types
// If the complex type "file" is chosen for example, then the system will try to categorise the values entered into a complex template field based
// If the complex type "file" is chosen for example, then the system will try to categorise the values entered into a complex template field based
// on the regular expression rules
public $validTypeGroups = array(
'File' => array(
@ -656,7 +656,7 @@ class Attribute extends AppModel {
if (substr_count($value, ':') == 2) {
$parts = explode(':', $value);
if (is_numeric($parts[0])) $returnValue = true;
}
}
if (!$returnValue) $returnValue = 'Invalid SSDeep hash. The format has to be blocksize:hash:hash';
break;
case 'http-method':
@ -675,7 +675,7 @@ class Attribute extends AppModel {
}
break;
case 'filename|md5':
case 'filename|sha1':
case 'filename|sha1':
case 'filename|imphash':
case 'filename|sha224':
case 'filename|sha256':
@ -753,7 +753,7 @@ class Attribute extends AppModel {
} else {
$returnValue = 'Domain name has an invalid format.';
}
break;
break;
case 'email-src':
case 'email-dst':
case 'target-email':
@ -828,7 +828,7 @@ class Attribute extends AppModel {
case 'whois-registrant-name':
case 'whois-registrar':
case 'whois-creation-date':
// no newline
// no newline
if (!preg_match("#\n#", $value)) {
$returnValue = true;
}
@ -894,7 +894,7 @@ class Attribute extends AppModel {
if (is_numeric($value)) {
$returnValue = true;
}
break;
break;
*/
}
return $returnValue;
@ -925,7 +925,7 @@ class Attribute extends AppModel {
$value = strtolower($value);
break;
case 'filename|md5':
case 'filename|sha1':
case 'filename|sha1':
case 'filename|imphash':
case 'filename|sha224':
case 'filename|sha256':
@ -1284,7 +1284,7 @@ class Attribute extends AppModel {
App::uses('HidsExport', 'Export');
$continue = false;
foreach ($eventIds as $event) {
$conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1, 'Attribute.type' => $typeArray, 'Attribute.event_id' => $event['Event']['id']);
$conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1, 'Attribute.type' => $typeArray, 'Attribute.event_id' => $event['Event']['id']);
$options = array(
'conditions' => $conditions,
'group' => array('Attribute.type', 'Attribute.value1'),
@ -1364,7 +1364,7 @@ class Attribute extends AppModel {
//restricting to non-private or same org if the user is not a site-admin.
$conditions['AND'] = array();
if ($allowNonIDS === false) $conditions['AND'] = array('Attribute.to_ids =' => 1, 'Event.published =' => 1);
if ($type !== 'all') $conditions['AND']['Attribute.type'] = $type;
if ($type !== 'all') $conditions['AND']['Attribute.type'] = $type;
if ($from) $conditions['AND']['Event.date >='] = $from;
if ($to) $conditions['AND']['Event.date <='] = $to;
if ($last) $conditions['AND']['Event.publish_timestamp >='] = $last;
@ -1388,7 +1388,7 @@ class Attribute extends AppModel {
$conditions['AND'][] = $temp;
}
$attributes = $this->fetchAttributes($user, array(
'conditions' => $conditions,
'conditions' => $conditions,
'order' => 'Attribute.value1 ASC',
'fields' => array('value'),
'contain' => array('Event' => array(
@ -1405,7 +1405,7 @@ class Attribute extends AppModel {
if ($to) $conditions['AND']['Event.date <='] = $to;
if ($eventId !== false) {
$conditions['AND'][] = array('Event.id' => $eventId);
}
}
if ($tags !== false) {
// If we sent any tags along, load the associated tag names for each attribute
$tag = ClassRegistry::init('Tag');
@ -1425,7 +1425,7 @@ class Attribute extends AppModel {
$values = array();
foreach ($typesToFetch as $k => $v) {
$temp = $this->fetchAttributes(
$user,
$user,
array(
'conditions' => array(
$conditions,
@ -1440,7 +1440,7 @@ class Attribute extends AppModel {
$found = false;
if (isset($values['domain'])) {
foreach ($values['domain'] as $domain) {
if (strpos($value['Attribute']['value'], $domain) != 0) {
if (strpos($value['Attribute']['value'], $domain) != 0) {
$found = true;
}
}
@ -1506,7 +1506,7 @@ class Attribute extends AppModel {
$result[$i]['id'] = $attribute['Attribute']['id'];
$result[$i]['error'] = array();
foreach ($errors as $field => $error) {
$result[$i]['error'][$field] = array('value' => $attribute['Attribute'][$field], 'error' => $error[0]);
$result[$i]['error'][$field] = array('value' => $attribute['Attribute'][$field], 'error' => $error[0]);
}
$result[$i]['details'] = 'Event ID: [' . $attribute['Attribute']['event_id'] . "] - Category: [" . $attribute['Attribute']['category'] . "] - Type: [" . $attribute['Attribute']['type'] . "] - Value: [" . $attribute['Attribute']['value'] . ']';
$i++;
@ -1631,7 +1631,7 @@ class Attribute extends AppModel {
$element['type'] = 'attachment';
$element['to_ids'] = false;
}
foreach ($files as $file) {
foreach ($files as $file) {
if (!preg_match('@^[\w\-. ]+$@', $file['filename'])) {
$errors = 'Filename not allowed.';
continue;
@ -1730,7 +1730,7 @@ class Attribute extends AppModel {
// Method that fetches all attributes for the various exports
// very flexible, it's basically a replacement for find, with the addition that it restricts access based on user
// options:
// options:
// fields
// contain
// conditions
@ -1743,7 +1743,7 @@ class Attribute extends AppModel {
'contain' => array(
'Event' => array(
'fields' => array('id', 'info', 'org_id'),
),
),
),
);
if (isset($options['contain'])) $params['contain'] = array_merge_recursive($params['contain'], $options['contain']);
@ -1757,7 +1757,7 @@ class Attribute extends AppModel {
if (Configure::read('MISP.unpublishedprivate')) $params['conditions']['AND'][] = array('OR' => array('Event.published' => 1, 'Event.orgc_id' => $user['org_id']));
$results = $this->find('all', $params);
if (isset($options['withAttachments']) && $options['withAttachments']) {
foreach ($results as &$attribute) {
foreach ($results as &$attribute) {
if ($this->typeIsAttachment($attribute['Attribute']['type'])) {
$encodedFile = $this->base64EncodeAttachment($attribute['Attribute']);
$attribute['Attribute']['data'] = $encodedFile;
@ -1837,7 +1837,7 @@ class Attribute extends AppModel {
public function validateAttribute($attribute, $context = true) {
$this->set($attribute);
if (!$context) {
unset($this->validate['event_id']);
unset($this->validate['event_id']);
unset($this->validate['value']['uniqueValue']);
}
if ($this->validates()) return true;

2
app/Model/Bruteforce.php
View File

@ -16,7 +16,7 @@ class Bruteforce extends AppModel {
$this->query("INSERT INTO `bruteforces` (`ip` , `username` , `expire` ) VALUES ('$ip', '$username', TIMESTAMPADD(SECOND,$expire, NOW()));");
if ($this->isBlacklisted($ip, $username)) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->create();
$this->Log->save(array(
'org' => 'SYSTEM',
'model' => 'Blacklist',

68
app/Model/Event.php
View File

@ -119,12 +119,12 @@ class Event extends AppModel {
);
public $csv_event_context_fields_to_fetch = array(
'event_info' => array('object' => false, 'var' => 'info'),
'event_member_org' => array('object' => 'Org', 'var' => 'name'),
'event_source_org' => array('object' => 'Orgc', 'var' => 'name'),
'event_distribution' => array('object' => false, 'var' => 'distribution'),
'event_threat_level_id' => array('object' => 'ThreatLevel', 'var' => 'name'),
'event_analysis' => array('object' => false, 'var' => 'analysis'),
'event_info' => array('object' => false, 'var' => 'info'),
'event_member_org' => array('object' => 'Org', 'var' => 'name'),
'event_source_org' => array('object' => 'Orgc', 'var' => 'name'),
'event_distribution' => array('object' => false, 'var' => 'distribution'),
'event_threat_level_id' => array('object' => 'ThreatLevel', 'var' => 'name'),
'event_analysis' => array('object' => false, 'var' => 'analysis'),
'event_date' => array('object' => false, 'var' => 'date'),
'event_tag' => array('object' => 'Tag', 'var' => 'name')
);
@ -399,7 +399,7 @@ class Event extends AppModel {
$values[$field] = $db->value($this->data['Event'][$field]);
$this->Correlation->updateAll(array('Correlation.' . $field => $values[$field]), array('Correlation.event_id' => $values['id']));
}
}
}
}
}
@ -483,7 +483,7 @@ class Event extends AppModel {
if (!isset($sgids) || empty($sgids)) $sgids = array(-1);
$this->Correlation = ClassRegistry::init('Correlation');
// search the correlation table for the event ids of the related events
// Rules:
// Rules:
// 1. Event is owned by the user (org_id matches)
// 2. User is allowed to see both the event and the org:
// a. Event:
@ -531,7 +531,7 @@ class Event extends AppModel {
$context = $shadowAttribute ? 'ShadowAttribute' : 'Attribute';
$settings = array(
'Attribute' => array('model' => 'Attribute', 'correlationModel' => 'Correlation', 'parentIdField' => '1_attribute_id'),
'ShadowAttribute' => array('model' => 'ShadowAttribute', 'correlationModel' => 'ShadowAttributeCorrelation', 'parentIdField' => '1_shadow_attribute_id')
'ShadowAttribute' => array('model' => 'ShadowAttribute', 'correlationModel' => 'ShadowAttributeCorrelation', 'parentIdField' => '1_shadow_attribute_id')
);
if ($id == null) $id = $this->data['Event']['id'];
if (!isset($sgids) || empty($sgids)) $sgids = array(-1);
@ -666,8 +666,8 @@ class Event extends AppModel {
$this->Server = ClassRegistry::init('Server');
$push = $this->Server->checkVersionCompatibility($server['Server']['id']);
$deletedAttributes = false;
if (($push['version'][0] > 2) ||
($push['version'][0] == 2 && $push['version'][1] > 4) ||
if (($push['version'][0] > 2) ||
($push['version'][0] == 2 && $push['version'][1] > 4) ||
($push['version'][0] == 2 && $push['version'][1] == 4 && $push['version'][2] > 42)) {
$deletedAttributes = true;
}
@ -1131,7 +1131,7 @@ class Event extends AppModel {
}
//Once the data about the user is gathered from the appropriate sources, fetchEvent is called from the controller or background process.
// Possible options:
// Possible options:
// eventid: single event ID
// idList: array with event IDs
// tags: string with the usual tag syntax
@ -1166,7 +1166,7 @@ class Event extends AppModel {
'Event.distribution >' => 0,
'Event.distribution <' => 4,
Configure::read('MISP.unpublishedprivate') ? array('Event.published =' => 1) : array(),
$options['distribution'] !== false ? array('Event.distribution =' => $options['distribution']) : array(),
$options['distribution'] !== false ? array('Event.distribution =' => $options['distribution']) : array(),
),
),
array(
@ -1277,7 +1277,7 @@ class Event extends AppModel {
'ThreatLevel' => array(
'fields' => array('ThreatLevel.name')
),
'Org' => array('fields' => $fieldsOrg),
'Org' => array('fields' => $fieldsOrg),
'Orgc' => array('fields' => $fieldsOrg),
'Attribute' => array(
'fields' => $fieldsAtt,
@ -1451,9 +1451,9 @@ class Event extends AppModel {
foreach ($attribute['Event']['EventTag'] as $eventTag) {
if (!empty($attribute['Event']['Tag']['name'])) $attribute['Event']['Tag']['name'] .= ',';
$attribute['Event']['Tag']['name'] .= str_replace(array('"'), '""', $eventTag['Tag']['name']);
}
}
}
if (!empty($attribute['Event']['Tag']['name'])) $attribute['Event']['Tag']['name'] = '"' . $attribute['Event']['Tag']['name'] . '"';
if (!empty($attribute['Event']['Tag']['name'])) $attribute['Event']['Tag']['name'] = '"' . $attribute['Event']['Tag']['name'] . '"';
}
}
return $attributes;
@ -1544,7 +1544,7 @@ class Event extends AppModel {
} else {
return ($this->sendAlertEmail($id, $user));
}
}
}
public function sendAlertEmail($id, $senderUser, $processId = null) {
$event = $this->fetchEvent($senderUser, array('eventid' => $id, 'includeAllTags' => true));
@ -1553,11 +1553,11 @@ class Event extends AppModel {
$this->User = ClassRegistry::init('User');
$users = $this->User->getUsersWithAccess(
$owners = array(
$event[0]['Event']['orgc_id'],
$event[0]['Event']['orgc_id'],
$event[0]['Event']['org_id']
),
$event[0]['Event']['distribution'],
$event[0]['Event']['sharing_group_id'],
),
$event[0]['Event']['distribution'],
$event[0]['Event']['sharing_group_id'],
$userConditions
);
if (Configure::read('MISP.extended_alert_subject')) {
@ -1780,8 +1780,8 @@ class Event extends AppModel {
if (isset($data['Event']['Attribute'])) {
if (!isset($data['Event']['Attribute'][0])) $data['Event']['Attribute'] = array(0 => $data['Event']['Attribute']);
foreach ($data['Event']['Attribute'] as &$attribute) {
if (isset($attribute['SharingGroup']) && !empty($attribute['SharingGroup']) && isset($attribute['SharingGroup'][0])) $attribute['SharingGroup'] = $attribute['SharingGroup'][0];
if (isset($attribute['distribution']) && $attribute['distribution'] == 4 && !isset($sgs[$attribute['SharingGroup']['uuid']])) $sgs[$attribute['SharingGroup']['uuid']] = $attribute['SharingGroup'];
if (isset($attribute['SharingGroup']) && !empty($attribute['SharingGroup']) && isset($attribute['SharingGroup'][0])) $attribute['SharingGroup'] = $attribute['SharingGroup'][0];
if (isset($attribute['distribution']) && $attribute['distribution'] == 4 && !isset($sgs[$attribute['SharingGroup']['uuid']])) $sgs[$attribute['SharingGroup']['uuid']] = $attribute['SharingGroup'];
}
}
@ -1917,7 +1917,7 @@ class Event extends AppModel {
$saveResult = $this->save(array('Event' => $data['Event']), array('fieldList' => $fieldList['Event']));
$this->Log = ClassRegistry::init('Log');
if ($saveResult) {
if (isset($data['Event']['EventTag'])) {
if (isset($data['Event']['EventTag'])) {
foreach ($data['Event']['EventTag'] as $et) {
$this->EventTag->create();
$et['event_id'] = $this->id;
@ -1994,7 +1994,7 @@ class Event extends AppModel {
// If the above is true, we have two more options:
// For users that are of the creating org of the event, always allow the edit
// For users that are sync users, only allow the edit if the event is locked
if ($existingEvent['Event']['orgc_id'] === $user['org_id']
if ($existingEvent['Event']['orgc_id'] === $user['org_id']
|| ($user['Role']['perm_sync'] && $existingEvent['Event']['locked']) || $user['Role']['perm_site_admin']) {
if ($user['Role']['perm_sync']) {
if ($data['Event']['distribution'] == 4 && !$this->SharingGroup->checkIfAuthorised($user, $data['Event']['sharing_group_id'])) {
@ -2250,7 +2250,7 @@ class Event extends AppModel {
// get a list of the servers
$this->Server = ClassRegistry::init('Server');
$conditions = array('push' => 1);
if ($passAlong) $conditions[] = array('Server.id !=' => $passAlong);
if ($passAlong) $conditions[] = array('Server.id !=' => $passAlong);
$servers = $this->Server->find('all', array('conditions' => $conditions));
// iterate over the servers and upload the event
if(empty($servers))
@ -2328,7 +2328,7 @@ class Event extends AppModel {
$event['Event']['published'] = 1;
$event['Event']['publish_timestamp'] = time();
$this->save($event, array('fieldList' => $fieldList));
}
}
if (Configure::read('Plugin.ZeroMQ_enable')) {
App::uses('PubSubTool', 'Tools');
$pubSubTool = new PubSubTool();
@ -2504,15 +2504,15 @@ class Event extends AppModel {
if ($version == 1) throw new Exception('This XML file is from a MISP instance that is newer than the current instance. Please contact your administrator about upgrading this instance.');
// if the xml contains an event or events from an older MISP instance, let's try to upgrade it!
// Let's manually set the version to something below 2.2.0 if there is no version set in the xml
if (!isset($xmlArray['response']['xml_version'])) $xmlArray['response']['xml_version'] = '2.1.0';
// Let's manually set the version to something below 2.2.0 if there is no version set in the xml
if (!isset($xmlArray['response']['xml_version'])) $xmlArray['response']['xml_version'] = '2.1.0';
// Upgrade from versions below 2.2.0 will need to replace the risk field with threat level id
if ($this->compareVersions($xmlArray['response']['xml_version'], '2.2.0') < 0) {
if ($response) $xmlArray['response'] = $this->__updateXMLArray220($xmlArray['response']);
else $xmlArray = $this->__updateXMLArray220($xmlArray);
}
}
}
unset ($xmlArray['response']['xml_version']);
if ($response) return $xmlArray;
else return $xmlArray['response'];
@ -2548,7 +2548,7 @@ class Event extends AppModel {
}
$localEvents = $this->find('list', array('recursive' => -1, 'fields' => array('Event.uuid', 'Event.timestamp')));
foreach ($uuidsToCheck as $uuid => $eventArrayId) {
if (isset($localEvents[$uuid]) && $localEvents[$uuid] >= $eventArray[$eventArrayId]['timestamp']) unset($eventArray[$eventArrayId]);
if (isset($localEvents[$uuid]) && $localEvents[$uuid] >= $eventArray[$eventArrayId]['timestamp']) unset($eventArray[$eventArrayId]);
}
}
@ -2622,7 +2622,7 @@ class Event extends AppModel {
// get all of the event IDs based on includedTags / excludedTags
if (!empty($includedTags) || !empty($excludedTags)) {
$eventIDsFromTags = $this->EventTag->getEventIDsFromTags($includedTags, $excludedTags);
// get the intersect of the two
// get the intersect of the two
$ids = array_intersect($ids, $eventIDsFromTags);
}
return $ids;
@ -2680,7 +2680,7 @@ class Event extends AppModel {
$delta = substr($delta, 0, -1);
}
if (!is_numeric($delta)) return false;
return time() - ($delta * $multiplier);
return time() - ($delta * $multiplier);
}
public function rearrangeEventForView(&$event, $passedArgs = array(), $all = false) {
@ -2774,7 +2774,7 @@ class Event extends AppModel {
$event_ids = $this->EventTag->find('list', array(
'recursive' => -1,
'conditions' => array('EventTag.tag_id' => $rules['tags'][$op]),
'fields' => array('EventTag.event_id')
'fields' => array('EventTag.event_id')
));
$rules['events'][$op] = $event_ids;
}

8
app/Model/EventDelegation.php
View File

@ -65,11 +65,11 @@ class EventDelegation extends AppModel {
'contain' => array(
'ShadowAttribute' => array(
'conditions' => array(
'ShadowAttribute.old_id' => 0,
'ShadowAttribute.old_id' => 0,
'ShadowAttribute.event_id' => $delegation['EventDelegation']['event_id']
)
),
'EventTag',
),
'EventTag',
'Attribute' => array(
'ShadowAttribute'
)
@ -105,7 +105,7 @@ class EventDelegation extends AppModel {
// unset ID fields and relations
foreach ($fields as $field) {
unset($object[$field]);
unset($object[$field]);
}
}
if (in_array($object_type, $objectsToRearrange)) {

2
app/Model/Feed.php
View File

@ -5,7 +5,7 @@ class Feed extends AppModel {
public $actsAs = array('SysLogLogable.SysLogLogable' => array(
'change' => 'full'
),
),
'Trim',
'Containable'
);

2
app/Model/Log.php
View File

@ -77,7 +77,7 @@ class Log extends AppModel {
if (Configure::read('MISP.log_client_ip') && isset($_SERVER['REMOTE_ADDR'])) $this->data['Log']['ip'] = $_SERVER['REMOTE_ADDR'];
$setEmpty = array('title' => '', 'model' => '', 'model_id' => 0, 'action' => '', 'user_id' => 0, 'change' => '', 'email' => '', 'org' => '', 'description' => '');
foreach ($setEmpty as $field => $empty) {
if (!isset($this->data['Log'][$field]) || empty($this->data['Log'][$field])) $this->data['Log'][$field] = $empty;
if (!isset($this->data['Log'][$field]) || empty($this->data['Log'][$field])) $this->data['Log'][$field] = $empty;
}
if (!isset($this->data['Log']['created'])) $this->data['Log']['created'] = time();
return true;

6
app/Model/Organisation.php
View File

@ -130,11 +130,11 @@ class Organisation extends AppModel{
$date = date('Y-m-d H:i:s');
$this->create();
$organisation = array(
'name' => $name,
'local' => 0,
'name' => $name,
'local' => 0,
'created_by' => $user['id'],
'date_modified' => $date,
'date_created' => $date
'date_created' => $date
);
if (isset($uuid)) $organisation['uuid'] = $uuid;
$this->save($organisation);

50
app/Model/Server.php
View File

@ -12,7 +12,7 @@ class Server extends AppModel {
'userModel' => 'User',
'userKey' => 'user_id',
'change' => 'full'
),
),
'Trim',
'Containable'
);
@ -877,7 +877,7 @@ class Server extends AppModel {
'test' => 'testForEmpty',
'type' => 'string',
),
'ZeroMQ_enable' => array(
'ZeroMQ_enable' => array(
'level' => 2,
'description' => 'Enables or disables the pub/sub feature of MISP. Make sure that you install the requirements for the plugin to work. Refer to the installation instructions for more information.',
'value' => false,
@ -886,7 +886,7 @@ class Server extends AppModel {
'type' => 'boolean',
'afterHook' => 'zmqAfterHook',
),
'ZeroMQ_port' => array(
'ZeroMQ_port' => array(
'level' => 2,
'description' => 'The port that the pub/sub feature will use.',
'value' => 50000,
@ -1368,7 +1368,7 @@ class Server extends AppModel {
'action' => 'pull',
'user_id' => $user['id'],
'title' => 'Pull from ' . $server['Server']['url'] . ' initiated by ' . $email,
'change' => count($successes) . ' events and ' . count($pulledProposals) . ' proposals pulled or updated. ' . count($fails) . ' events failed or didn\'t need an update.'
'change' => count($successes) . ' events and ' . count($pulledProposals) . ' proposals pulled or updated. ' . count($fails) . ' events failed or didn\'t need an update.'
));
if (!isset($lastpulledid)) $lastpulledid = 0;
return array($successes, $fails, $pulledProposals, $lastpulledid);
@ -1693,7 +1693,7 @@ class Server extends AppModel {
} else {
$fails++;
if ($error_message == "") $result['message'];
else $error_message .= " --- " . $result['message'];
else $error_message .= " --- " . $result['message'];
}
} else {
$fails++;
@ -1799,7 +1799,7 @@ class Server extends AppModel {
$leafValue['subGroup'] = $pluginData[0];
}
if (strpos($branchKey, 'Secur') === 0) $leafValue['tab'] = 'Security';
else $leafValue['tab'] = $branchKey;
else $leafValue['tab'] = $branchKey;
$finalSettingsUnsorted[$branchKey . '.' . $leafKey] = $leafValue;
}
}
@ -2079,7 +2079,7 @@ class Server extends AppModel {
$version_array = $this->checkMISPVersion();
$current = 'v' . $version_array['major'] . '.' . $version_array['minor'] . '.' . $version_array['hotfix'];
$newest_array = $this->__dissectVersion($newest);
$upToDate = $this->__compareVersions(array($version_array['major'], $version_array['minor'], $version_array['hotfix']), $newest_array, 0);
$upToDate = $this->__compareVersions(array($version_array['major'], $version_array['minor'], $version_array['hotfix']), $newest_array, 0);
return array ('current' => $current, 'newest' => $newest, 'upToDate' => $upToDate);
}
@ -2118,7 +2118,7 @@ class Server extends AppModel {
'name' => 'Additional image files',
'description' => 'Image files uploaded into this directory can be used for various purposes, such as for the login page logos',
'expected' => array(
'MISP.footer_logo' => Configure::read('MISP.footer_logo'),
'MISP.footer_logo' => Configure::read('MISP.footer_logo'),
'MISP.home_logo' => Configure::read('MISP.home_logo'),
'MISP.welcome_logo' => Configure::read('MISP.welcome_logo'),
'MISP.welcome_logo2' => Configure::read('MISP.welcome_logo2'),
@ -2195,7 +2195,7 @@ class Server extends AppModel {
}
public function checkVersionCompatibility($id, $user = array(), $HttpSocket = false) {
// for event publishing when we don't have a user.
// for event publishing when we don't have a user.
if (empty($user)) $user = array('Organisation' => array('name' => 'SYSTEM'), 'email' => 'SYSTEM', 'id' => 0);
App::uses('Folder', 'Utility');
$file = new File(ROOT . DS . 'VERSION.json', true);
@ -2305,7 +2305,7 @@ class Server extends AppModel {
'conditions' => array('url' => $server['url'])
));
// unlike with other capture methods, if we find a server that we don't know
// we don't want to save it.
// we don't want to save it.
if (empty($existingServer)) {
return false;
}
@ -2317,18 +2317,18 @@ class Server extends AppModel {
App::uses('Folder', 'Utility');
// check writeable directories
$writeableDirs = array(
'tmp' => 0,
'files' => 0,
'tmp' => 0,
'files' => 0,
'files' . DS . 'scripts' . DS . 'tmp' => 0,
'tmp' . DS . 'csv_all' => 0,
'tmp' . DS . 'csv_sig' => 0,
'tmp' . DS . 'md5' => 0,
'tmp' . DS . 'csv_all' => 0,
'tmp' . DS . 'csv_sig' => 0,
'tmp' . DS . 'md5' => 0,
'tmp' . DS . 'sha1' => 0,
'tmp' . DS . 'snort' => 0,
'tmp' . DS . 'suricata' => 0,
'tmp' . DS . 'text' => 0,
'tmp' . DS . 'snort' => 0,
'tmp' . DS . 'suricata' => 0,
'tmp' . DS . 'text' => 0,
'tmp' . DS . 'xml' => 0,
'tmp' . DS . 'files' => 0,
'tmp' . DS . 'files' => 0,
'tmp' . DS . 'logs' => 0,
);
foreach ($writeableDirs as $path => &$error) {
@ -2379,7 +2379,7 @@ class Server extends AppModel {
foreach ($expected as $package => $version) {
$result[$package]['version'] = $scriptResult[$package];
$result[$package]['expected'] = $expected[$package];
$result[$package]['status'] = $result[$package]['version'] == $result[$package]['expected'] ? 1 : 0;
$result[$package]['status'] = $result[$package]['version'] == $result[$package]['expected'] ? 1 : 0;
if ($result[$package]['status'] == 0) $diagnostic_errors++;
${$package . 'Version'}[0] = str_replace('$current', $result[$package]['version'], ${$package . 'Version'}[0]);
${$package . 'Version'}[0] = str_replace('$expected', $result[$package]['expected'], ${$package . 'Version'}[0]);
@ -2578,9 +2578,9 @@ class Server extends AppModel {
$currentUser = posix_getpwuid(posix_geteuid());
$currentUser = $currentUser['name'];
} else $currentUser = trim(shell_exec('whoami'));
foreach ($workers as $pid => $worker) {
foreach ($workers as $pid => $worker) {
if (!is_numeric($pid)) throw new MethodNotAllowedException('Non numeric PID found!');
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
$pidTest = substr_count(trim(shell_exec('ps -p ' . $pid)), PHP_EOL) > 0 ? true : false;
if ($worker['user'] == $currentUser && !$pidTest) {
$this->ResqueStatus->removeWorker($pid);
$this->Log->create();
@ -2699,7 +2699,7 @@ class Server extends AppModel {
));
}
}
}
}
}
$this->Log->create();
$this->Log->save(array(
@ -2752,7 +2752,7 @@ class Server extends AppModel {
// For all intents and purposes, this oversimplification works fine when upgrading from 2.3
// Even though the distribution values stored in the correlation won't be correct, they will provide the exact same realeasability
// Event1 = distribution 0 and Attribute1 distribution 3 would lead to private = 1, so setting distribution = 0 and a_distribution = 0
// will result in the same visibility, etc. Once events / attributes get put into a sharing group this will get recorrelated anyway
// will result in the same visibility, etc. Once events / attributes get put into a sharing group this will get recorrelated anyway
// Also by unsetting the org field after the move the changes we ensure that these correlations won't get hit again by the script if we rerun it
// and that we don't accidentally "upgrade" a 2.4 correlation
$this->query('UPDATE `correlations` SET `distribution` = 1, `a_distribution` = 1 WHERE `org` != "" AND `private` = 0');
@ -2779,7 +2779,7 @@ class Server extends AppModel {
*/
public function previewIndex($id, $user, $passedArgs) {
$server = $this->find('first', array(
'conditions' => array('Server.id' => $id),
'conditions' => array('Server.id' => $id),
));
App::uses('SyncTool', 'Tools');
$syncTool = new SyncTool();

2
app/Model/ShadowAttribute.php
View File

@ -574,7 +574,7 @@ class ShadowAttribute extends AppModel {
$this->__afterSaveCorrelation($proposal['ShadowAttribute']);
if ($jobId && Configure::read('MISP.background_jobs') && $k > 0 && $proposalCount % $k == 10) {
$this->Job->saveField('progress', ($k / $proposalCount * 100));
}
}
}
}
if ($jobId && Configure::read('MISP.background_jobs')) {

12
app/Model/SharingGroup.php
View File

@ -66,7 +66,7 @@ class SharingGroup extends AppModel {
$sameNameSG = $this->find('first', array(
'conditions' => array('SharingGroup.name' => $this->data['SharingGroup']['name']),
'recursive' => -1,
'fields' => array('SharingGroup.name')
'fields' => array('SharingGroup.name')
));
if (!empty($sameNameSG) && !isset($this->data['SharingGroup']['id'])) {
$this->data['SharingGroup']['name'] = $this->data['SharingGroup']['name'] . '_' . rand(0, 9999);
@ -151,7 +151,7 @@ class SharingGroup extends AppModel {
// 2. Sharing group enabled users
// a. as long as they are creator or extender of the SG object
// 3. Sync users
// a. as long as they are at least users of the SG (they can circumvent the extend rule to
// a. as long as they are at least users of the SG (they can circumvent the extend rule to
// avoid situations where no one can create / edit an SG on an instance after a push)
public function checkIfAuthorisedToSave($user, $sg) {
@ -169,7 +169,7 @@ class SharingGroup extends AppModel {
$serverCheck = false;
if (isset($sg['SharingGroupOrg'])) {
foreach ($sg['SharingGroupOrg'] as $org) {
if (isset($org['Organisation'][0])) $org['Organisation'] = $org['Organisation'][0];
if (isset($org['Organisation'][0])) $org['Organisation'] = $org['Organisation'][0];
if ($org['Organisation']['uuid'] == $user['Organisation']['uuid']) {
if ($user['Role']['perm_sync'] || $org['extend'] == 1) $orgCheck = true;
}
@ -187,11 +187,11 @@ class SharingGroup extends AppModel {
if ($serverCheck && $orgCheck) return true;
} else {
return $this->checkIfAuthorisedExtend($user, $local['SharingGroup']['id']);
}
}
return false;
}
// Who is authorised to extend a sharing group?
// Who is authorised to extend a sharing group?
// 1. Site admins
// 2. Sharing group permission enabled users that:
// a. Belong to the organisation that created the SG
@ -325,7 +325,7 @@ class SharingGroup extends AppModel {
'Organisation',
'SharingGroupServer' => array('Server'),
'SharingGroupOrg' => array('Organisation')
)
)
));
$force = false;
if (empty($existingSG)) {

4
app/Model/SharingGroupOrg.php
View File

@ -39,7 +39,7 @@ class SharingGroupOrg extends AppModel {
unset($old_orgs[$k]);
break;
}
}
}
// If we have not found the org previously, create a new sharing group org object.
// Otherwise, if we have found it check whether the extended field has been altered, if not just continue without saving
if (!$found) {
@ -73,7 +73,7 @@ class SharingGroupOrg extends AppModel {
));
$ids = array();
foreach ($sgs as $sg) $ids[] = $sg['SharingGroupOrg']['sharing_group_id'];
return $ids;
return $ids;
}
// pass a sharing group ID and an organisation ID, returns true if it has a matching attached organisation object

4
app/Model/SharingGroupServer.php
View File

@ -34,7 +34,7 @@ class SharingGroupServer extends AppModel {
'all_orgs' => $server['all_orgs']
);
$server_name = 'server (' . $server['id'] . ')';
if ($server['id'] == 0) $server_name = 'the local server';
if ($server['id'] == 0) $server_name = 'the local server';
$found = false;
// If there is a match between a new server and an old server, keep the server in $found and unset it in the old server array.
@ -61,7 +61,7 @@ class SharingGroupServer extends AppModel {
$log->create();
if ($isChange) $log->createLogEntry($user, 'edit', 'SharingGroupServer', $this->id, 'Sharing group (' . $id . '): Modified access rights for users on ' . $server_name . '.', ($server['all_orgs'] ? 'All organisations on server ' . $server['id'] . ' are now part of the sharing group.' : 'Organisations on ' . $server_name . ' are now not part of the sharing group unless they are present in the list of organisations.'));
else $log->createLogEntry($user, 'add', 'SharingGroupServer', $this->id, 'Sharing group (' . $id . '): Added server (' . $server['id'] . ').', ucfirst($server_name) . ' added to Sharing group.' . ($server['all_orgs'] ? ' Sharing group visible to all organisations on the server.' : ''));
}
}
}
// We are left with some "old orgs" that are not in the new list. This means that they can be safely deleted.
foreach ($old_servers as $old_server) {

6
app/Model/Sighting.php
View File

@ -69,7 +69,7 @@ class Sighting extends AppModel{
if ($sighting['Sighting']['org_id'] != $user['org_id']) {
unset($sightings[$k]['Sighting']['org_id']);
unset($sightings[$k]['Organisation']);
}
}
}
// rearrange it to match the event format of fetchevent
if (isset($sightings[$k]['Organisation'])) {
@ -77,7 +77,7 @@ class Sighting extends AppModel{
}
$sightings[$k] = $sightings[$k]['Sighting'] ;
}
return $sightings;
return $sightings;
}
public function saveSightings($id, $values, $timestamp, $user) {
@ -90,7 +90,7 @@ class Sighting extends AppModel{
foreach ($values as &$value) {
foreach (array('value1', 'value2') as $field) {
$conditions['OR'][] = array(
'LOWER(Attribute.' . $field . ') LIKE' => strtolower($value)
'LOWER(Attribute.' . $field . ') LIKE' => strtolower($value)
);
}
}

2
app/Model/Task.php
View File

@ -38,7 +38,7 @@ class Task extends AppModel {
)
);
// takes a time in the 24h format (13:49) and an integer representing the number of hours
// takes a time in the 24h format (13:49) and an integer representing the number of hours
// by which it needs to be incremeneted. Returns a string in the first parameters format
public function breakTime($time, $timeToAdd) {
$temp = explode(':', $time);

4
app/Model/Taxonomy.php
View File

@ -189,7 +189,7 @@ class Taxonomy extends AppModel{
$tags = $this->Tag->getTagsForNamespace($taxonomy['Taxonomy']['namespace']);
foreach ($taxonomy['entries'] as $k => &$entry) {
if (isset($tags[strtoupper($entry['tag'])])) {
$temp = $tags[strtoupper($entry['tag'])];
$temp = $tags[strtoupper($entry['tag'])];
if ((in_array('colour', $skipUpdateFields) && $temp['Tag']['colour'] != $colours[$k]) || (in_array('name', $skipUpdateFields) && $temp['Tag']['name'] !== $entry['tag'])) {
if (!in_array('colour', $skipUpdateFields)) $temp['Tag']['colour'] = $colours[$k];
if (!in_array('name', $skipUpdateFields)) $temp['Tag']['name'] = $entry['tag'];
@ -241,7 +241,7 @@ class Taxonomy extends AppModel{
));
$taxonomies = array();
foreach ($temp as &$t) {
$taxonomies[$t['Taxonomy']['namespace']] = $t['Taxonomy'];
$taxonomies[$t['Taxonomy']['namespace']] = $t['Taxonomy'];
}
return $taxonomies;
}

2
app/Model/TaxonomyEntry.php
View File

@ -14,7 +14,7 @@ class TaxonomyEntry extends AppModel{
'expanded' => array(
'rule' => array('stringNotEmpty'),
),
);
);
public $belongsTo = array(
'TaxonomyPredicate'

4
app/Model/Template.php
View File

@ -10,8 +10,8 @@ class Template extends AppModel {
public $actsAs = array('Containable');
public $hasMany = array(
'TemplateTag' => array(
'dependent' => true,
),
'dependent' => true,
),
'TemplateElement' => array(
'order' => 'TemplateElement.position',
'dependent' => true,

4
app/Model/TemplateElement.php
View File

@ -11,10 +11,10 @@ class TemplateElement extends AppModel {
public $hasMany = array(
'TemplateElementAttribute' => array(
'dependent' => true
),
),
'TemplateElementText' => array(
'dependent' => true
),
),
'TemplateElementFile' => array(
'dependent' => true
)

2
app/Model/Thread.php
View File

@ -17,7 +17,7 @@ class Thread extends AppModel {
);
public $hasMany = 'Post';
public $belongsTo = array(
'Event',
'Event',
'Organisation' => array(
'className' => 'Organisation',
'foreignKey' => 'org_id'

8
app/Model/User.php
View File

@ -373,7 +373,7 @@ class User extends AppModel {
} else {
return false;
}
}
}
public function passwordLength($check) {
$length = Configure::read('Security.password_policy_length');
@ -624,7 +624,7 @@ class User extends AppModel {
}
// Fetch all users that have access to an event / discussion for e-mailing (or maybe something else in the future.
// parameters are an array of org IDs that are owners (for an event this would be orgc and org)
// parameters are an array of org IDs that are owners (for an event this would be orgc and org)
public function getUsersWithAccess($owners = array(), $distribution, $sharing_group_id = 0, $userConditions = array()) {
$sgModel = ClassRegistry::init('SharingGroup');
$conditions = array();
@ -719,8 +719,8 @@ class User extends AppModel {
$failed = true;
}
}
$Email = new CakeEmail();
// If we cannot encrypt the mail and the server settings restricts sending unencrypted messages, return false
$Email = new CakeEmail();
// If we cannot encrypt the mail and the server settings restricts sending unencrypted messages, return false
if (!$failed && Configure::read('GnuPG.onlyencrypted') && !$canEncryptGPG && !$canEncryptSMIME) {
$failed = true;
$failureReason = " encrypted messages are enforced and the message could not be encrypted for this user as no valid encryption key was found.";

2
app/Model/Warninglist.php
View File

@ -105,7 +105,7 @@ class Warninglist extends AppModel{
public function fetchForEventView() {
$warninglists = $this->find('all', array('contain' => array('WarninglistType'), 'conditions' => array('enabled' => true)));
if (empty($warninglists)) return array();
if (empty($warninglists)) return array();
foreach ($warninglists as $k => &$t) {
$t['values'] = $this->WarninglistEntry->find('list', array(
'recursive' => -1,

2
app/Model/WarninglistEntry.php
View File

@ -11,7 +11,7 @@ class WarninglistEntry extends AppModel{
'value' => array(
'rule' => array('valueNotEmpty'),
)
);
);
public $belongsTo = array(
'Warninglist' => array(

2
app/Model/WarninglistType.php
View File

@ -11,7 +11,7 @@ class WarninglistType extends AppModel{
'type' => array(
'rule' => array('valueNotEmpty'),
)
);
);
public $belongsTo = array(
'Warninglist'

8
app/Plugin/CertAuth/Controller/Component/Auth/CertificateAuthenticate.php
View File

@ -22,21 +22,21 @@ App::uses('BaseAuthenticate', 'Controller/Component/Auth');
class CertificateAuthenticate extends BaseAuthenticate
{
/**
* Holds the certificate issuer information (available at SSL_CLIENT_I_DN)
* Holds the certificate issuer information (available at SSL_CLIENT_I_DN)
*
* @var array
*/
protected static $ca;
/**
* Holds the certificate user information (available at SSL_CLIENT_S_DN)
* Holds the certificate user information (available at SSL_CLIENT_S_DN)
*
* @var array
*/
protected static $client;
/**
* Holds the user information
* Holds the user information
*
* @var array
*/
@ -256,7 +256,7 @@ class CertificateAuthenticate extends BaseAuthenticate
return self::$user;
}
protected static $instance;
protected static $instance;
public static function ca()
{

10
app/Plugin/CertAuth/README.md
View File

@ -2,7 +2,7 @@
This plugin enables CakePHP applications to use client SSL certificates to stateless authenticate its users. It reads information from the client certificate and can synchronize data with a foreign REST API and the client User model.
Basically it loads the `SSL_CLIENT_*` variables, parses and maps the certificate information to the user. So you first need a server that checks client certificates and forwards that information to the PHP `$_SERVER` environment.
Basically it loads the `SSL_CLIENT_*` variables, parses and maps the certificate information to the user. So you first need a server that checks client certificates and forwards that information to the PHP `$_SERVER` environment.
## Usage
@ -15,12 +15,12 @@ CakePlugin::load('CertAuth');
And configure it:
```php
Configure::write('CertAuth',
Configure::write('CertAuth',
array(
'ca' => array( 'FIRST.Org' ), // allowed CAs
'caId' => 'O', // which attribute will be used to verify the CA
'userModel' => 'User', // name of the User class to check if user exists
'userModelKey' => 'nids_sid', // User field that will be used for querying
'userModel' => 'User', // name of the User class to check if user exists
'userModelKey' => 'nids_sid', // User field that will be used for querying
'map' => array( // maps client certificate attributes to User properties
'O' => 'org',
'emailAddress'=>'email',
@ -29,7 +29,7 @@ Configure::write('CertAuth',
'restApi' => array( // API parameters
'url' => 'https://example.com/data/users', // URL to query
'headers' => array(), // additional headers, used for authentication
'param' => array( 'email' => 'email'), // query parameters to add to the URL, mapped to USer properties
'param' => array( 'email' => 'email'), // query parameters to add to the URL, mapped to USer properties
'map' => array( // maps REST result to the User properties
'uid' => 'id',
'name' => 'name',

20
app/Plugin/UrlCache/Lib/Routing/UrlCacheManager.php
View File

@ -2,13 +2,13 @@
/**
* This class will statically hold in memory url's indexed by a custom hash
*
*
* @licence MIT
* @modified Mark Scherer
* - now easier to integrate
* - optimization for `pageFiles` (still stores urls with only controller/action keys in global file)
* - can handle legacy `prefix` urls
*
*
* 2012-02-13 ms
*/
class UrlCacheManager {
@ -34,22 +34,22 @@ class UrlCacheManager {
/**
* type for the current set (triggered by last get)
*/
public static $type = 'cache';
public static $type = 'cache';
/**
* key for current get/set
*/
public static $key = null;
public static $key = null;
/**
* cache key for pageFiles
*/
public static $cacheKey = 'url_map';
public static $cacheKey = 'url_map';
/**
* cache key for pageFiles
*/
public static $cachePageKey = null;
public static $cachePageKey = null;
/**
* params that will always be present and will determine the global cache if pageFiles is used
@ -58,7 +58,7 @@ class UrlCacheManager {
/**
* should be called in beforeRender()
*
*
*/
public static function init(View $View) {
$params = $View->request->params;
@ -96,7 +96,7 @@ class UrlCacheManager {
/**
* should be called in afterLayout()
*
*
*/
public static function finalize() {
Cache::write(self::$cacheKey, self::$cache, '_cake_core_');
@ -109,7 +109,7 @@ class UrlCacheManager {
/**
* Returns the stored url if it was already generated, false otherwise
*
* @param string $key
* @param string $key
* @return mixed
*/
public static function get($url, $full) {
@ -143,7 +143,7 @@ class UrlCacheManager {
/**
* Stores a ney key in memory cache
*
* @param string $key
* @param string $key
* @param mixed data to be stored
* @return void
*/

14
app/View/Attributes/add.ctp
View File

@ -1,5 +1,5 @@
<div class="attributes <?php if (!isset($ajax) || !$ajax) echo 'form';?>">
<?php
<?php
echo $this->Form->create('Attribute', array('id'));
?>
<fieldset>
@ -18,7 +18,7 @@
$initialDistribution = 5;
if (Configure::read('MISP.default_attribute_distribution') != null) {
if (Configure::read('MISP.default_attribute_distribution') === 'event') {
$initialDistribution = 5;
$initialDistribution = 5;
} else {
$initialDistribution = Configure::read('MISP.default_attribute_distribution');
}
@ -44,7 +44,7 @@
}
?>
</div>
<?php
<?php
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
@ -95,15 +95,15 @@
</tr>
</table>
</div>
<?php
else:
<?php
else:
echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
endif;
echo $this->Form->end();
?>
<div id="confirmation_box" class="confirmation_box"></div>
</div>
<?php
<?php
if(!$ajax) {
$event['Event']['id'] = $this->request->data['Attribute']['event_id'];
$event['Event']['published'] = $published;
@ -223,7 +223,7 @@ $(document).ready(function() {
<?php if ($ajax): ?>
$('#cancel_attribute_add').click(function() {
cancelPopoverForm();
});
});
<?php endif; ?>
});

6
app/View/Attributes/add_attachment.ctp
View File

@ -11,7 +11,7 @@
$initialDistribution = 5;
if (Configure::read('MISP.default_attribute_distribution') != null) {
if (Configure::read('MISP.default_attribute_distribution') === 'event') {
$initialDistribution = 5;
$initialDistribution = 5;
} else {
$initialDistribution = Configure::read('MISP.default_attribute_distribution');
}
@ -32,7 +32,7 @@
}
?>
</div>
<?php
<?php
echo $this->Form->input('comment', array(
'type' => 'text',
'label' => 'Contextual Comment',
@ -72,7 +72,7 @@ echo $this->Form->end();
?>
<div id="confirmation_box" class="confirmation_box"></div>
</div>
<?php
<?php
$event['Event']['id'] = $this->request->data['Attribute']['event_id'];
$event['Event']['published'] = $published;
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttachment', 'event' => $event));

2
app/View/Attributes/add_threatconnect.ctp
View File

@ -20,7 +20,7 @@ echo $this->Form->end();
?>
<div id="confirmation_box" class="confirmation_box"></div>
</div>
<?php
<?php
$event['Event']['id'] = $this->request->data['Attribute']['event_id'];
$event['Event']['published'] = $published;
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addThreatConnect', 'event' => $event));

4
app/View/Attributes/ajax/attributeConfirmationForm.ctp
View File

@ -1,5 +1,5 @@
<div class="confirmation">
<?php
<?php
echo $this->Form->create('Attribute', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
if ($hard) $hard = '/true';
?>
@ -19,7 +19,7 @@
</tr>
</table>
</div>
<?php
<?php
echo $this->Form->end();
?>
</div>

10
app/View/Attributes/ajax/attributeEditCategoryForm.ctp
View File

@ -1,10 +1,10 @@
<?php
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_category_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
echo $this->Form->input('category', array(
'options' => array(array_combine($typeCategory[$object['type']], $typeCategory[$object['type']])),
'label' => false,

10
app/View/Attributes/ajax/attributeEditCommentForm.ctp
View File

@ -1,10 +1,10 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_comment_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
echo $this->Form->input('comment', array(
'type' => 'textarea',
'label' => false,
@ -17,6 +17,6 @@
echo $this->Form->end();
?>
</div>
<?php
<?php
echo $this->Form->end();
?>

12
app/View/Attributes/ajax/attributeEditDistributionForm.ctp
View File

@ -1,10 +1,10 @@
<?php
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_distribution_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
echo $this->Form->input('distribution', array(
'options' => array($distributionLevels),
'label' => false,
@ -15,5 +15,5 @@
'div' => false
));
echo $this->Form->end();
?>
?>
</div>

10
app/View/Attributes/ajax/attributeEditMassForm.ctp
View File

@ -1,5 +1,5 @@
<div class="attributes">
<?php
<?php
echo $this->Form->create('Attribute', array('url' => '/attributes/editSelected/' . $id));
?>
<fieldset>
@ -24,7 +24,7 @@
));
?>
</div>
<?php
<?php
echo $this->Form->input('to_ids', array(
'options' => array('No', 'Yes', 'Do not alter current settings'),
'data-content' => isset($attrDescriptions['signature']['formdesc']) ? $attrDescriptions['signature']['formdesc'] : $attrDescriptions['signature']['desc'],
@ -60,7 +60,7 @@
</tr>
</table>
</div>
<?php
<?php
echo $this->Form->end();
?>
</div>
@ -112,7 +112,7 @@ $(document).ready(function() {
trigger: 'focus',
placement: 'right',
container: 'body',
}).popover('show');
}).popover('show');
});
// workaround for browsers like IE and Chrome that do now have an onmouseover on the 'options' of a select.
@ -131,7 +131,7 @@ $(document).ready(function() {
$('#cancel_attribute_add').click(function() {
$('#gray_out').fadeOut();
$('#popover_form').fadeOut();
});
});
});
</script>

10
app/View/Attributes/ajax/attributeEditTo_idsForm.ctp
View File

@ -1,10 +1,10 @@
<?php
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute' . '_' . $object['id'] . '_to_ids_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<?php
$current = 0;
if ($object['to_ids']) $current = 1;
echo $this->Form->input('to_ids', array(
@ -17,4 +17,4 @@
));
echo $this->Form->end();
?>
</div>
</div>

10
app/View/Attributes/ajax/attributeEditTypeForm.ctp
View File

@ -1,10 +1,10 @@
<?php
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'id' => 'Attribute_' . $object['id'] . '_type_form', 'url' => '/attributes/editField/' . $object['id']));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
echo $this->Form->input('type', array(
'options' => array(array_combine($categoryDefinitions[$object['category']]['types'], $categoryDefinitions[$object['category']]['types'])),
'label' => false,

10
app/View/Attributes/ajax/attributeEditValueForm.ctp
View File

@ -2,10 +2,10 @@
<?php
echo $this->Form->create('Attribute', array('class' => 'inline-form inline-field-form', 'url' => '/attributes/editField/' . $object['id'], 'id' => 'Attribute_' . $object['id'] . '_value_form', 'default' => false));
?>
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
<div class='inline-input inline-input-container'>
<div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok"></span></div>
<div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove"></span></div>
<?php
echo $this->Form->input('value', array(
'type' => 'textarea',
'label' => false,
@ -17,6 +17,6 @@
));
?>
</div>
<?php
<?php
echo $this->Form->end();
?>

4
app/View/Attributes/ajax/attributeRestorationForm.ctp
View File

@ -1,5 +1,5 @@
<div class="confirmation">
<?php
<?php
echo $this->Form->create('Attribute', array('style' => 'margin:0px;', 'id' => 'PromptForm'));
?>
<legend>Attribute Restoration</legend>
@ -18,7 +18,7 @@
</tr>
</table>
</div>
<?php
<?php
echo $this->Form->end();
?>
</div>

4
app/View/Attributes/ajax/hover_enrichment.ctp
View File

@ -1,11 +1,11 @@
<?php
foreach ($results as &$r):
foreach ($r as $k => &$v):
foreach ($r as $k => &$v):
?>
<span class="bold blue"><?php echo h($k);?></span>: <span class="red">
<?php echo is_array($v) ? implode('<br />', h($v)) : h($v); ?>
</span><br />
<?php
<?php
endforeach;
endforeach;
?>

18
app/View/Attributes/alternate_search_result.ctp
View File

@ -13,13 +13,13 @@
</tr>
<?php
<?php
foreach ($events as $event) {
?>
<tr>
<td class="short"><a href="<?php echo $baseurl;?>/events/view/<?php echo (h($event['Event']['id'])); ?>"><?php echo (h($event['Event']['id'])); ?></a></td>
<td class="short">
<?php
<?php
$imgRelativePath = 'orgs' . DS . h($event['Event']['Orgc']['name']) . '.png';
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . $imgRelativePath;
if (file_exists($imgAbsolutePath)) echo $this->Html->image('orgs/' . h($event['Event']['Orgc']['name']) . '.png', array('alt' => h($event['Event']['Orgc']['name']), 'title' => h($event['Event']['Orgc']['name']), 'style' => 'width:24px; height:24px'));
@ -27,15 +27,15 @@
?>
</td>
<td>
<?php
if (strlen(h($event['Event']['info'])) > 63) {
echo (substr(h($event['Event']['info']), 0, 60)) . '...';
<?php
if (strlen(h($event['Event']['info'])) > 63) {
echo (substr(h($event['Event']['info']), 0, 60)) . '...';
} else echo h($event['Event']['info']);
?>
</td>
<td class="short"><?php echo h($event['Event']['date']); ?></td>
<?php
$to_ids = 100 * h($event['to_ids']) / (h($event['to_ids']) + h($event['no_ids']));
<?php
$to_ids = 100 * h($event['to_ids']) / (h($event['to_ids']) + h($event['no_ids']));
?>
<td>
<div class="progress" style="width:300px;">
@ -47,11 +47,11 @@
<td class="short"><?php echo h($event['to_ids']) + h($event['no_ids']) ?></td>
<td class="short"><?php echo (h($event['Event']['attribute_count'])) ?></td>
</tr>
<?php
<?php
}
?>
</table>
</div>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'searchAttributes'));
?>

2
app/View/Attributes/attribute_replace.ctp
View File

@ -147,7 +147,7 @@ $(document).ready(function() {
$('#cancel_attribute_add').click(function() {
cancelPopoverForm();
});
});
});
</script>
<?php echo $this->Js->writeBuffer(); // Write cached scripts

4
app/View/Attributes/edit.ctp
View File

@ -30,7 +30,7 @@
}
?>
</div>
<?php
<?php
echo $this->Form->input('value', array(
'type' => 'textarea',
'error' => array('escape' => false),
@ -66,7 +66,7 @@ echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
echo $this->Form->end();
?>
</div>
<?php
<?php
$event['Event']['id'] = $this->request->data['Attribute']['event_id'];
$event['Event']['published'] = $published;
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));

2
app/View/Attributes/index.ctp
View File

@ -153,7 +153,7 @@ if ($isSearch == 1){
$class = 'listAttributes';
}
?>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => $class));
?>
<script type="text/javascript">

6
app/View/Attributes/report_validation_issues_attributes.ctp
View File

@ -1,16 +1,16 @@
<div class="event index">
<h2>Listing invalid attribute validations</h2>
<?php
<?php
foreach ($result as $r) {
?>
<h3>Validation errors for attribute: <?php echo h($r['id']); ?></h3>
<?php
<?php
foreach ($r['error'] as $field => $error) {
echo '<b>[' . h($field) . ']</b>: Value found: ' . h($error['value']) . ' - Error: ' . h($error['error']) . '<br />';
}
?>
<b>[Attribute details]</b>: <?php echo h($r['details']); ?><br/>
<?php
<?php
}
?>
</div>

2
app/View/Attributes/search.ctp
View File

@ -196,7 +196,7 @@ $(document).ready(function() {
});
</script>
<?php
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'searchAttributes'));
?>
<?php echo $this->Js->writeBuffer(); // Write cached scripts ?>

4
app/View/Elements/ajaxTags.ctp
View File

@ -15,7 +15,7 @@
echo $this->Form->create('Event', array('id' => 'removeTag_' . h($tag['Tag']['id']), 'url' => '/events/removeTag/' . h($event['Event']['id']) . '/' . h($tag['Tag']['id']), 'style' => 'margin:0px;'));
?>
<div class="tagSecondHalf useCursorPointer noPrint" onClick="removeEventTag('<?php echo h($event['Event']['id']); ?>', '<?php echo h($tag['Tag']['id']); ?>');">x</div>
<?php
<?php
echo $this->Form->end();
?>
<?php else: ?>
@ -23,7 +23,7 @@
<?php endif; ?>
</div>
</div>
<?php
<?php
endforeach;
?>
<div style="float:left">

6
app/View/Elements/dashboard/dashboard_notifications.ctp
View File

@ -4,10 +4,10 @@
<b>Proposals: </b><span class="bold <?php echo $notifications['proposalCount'] ? 'red' : 'green'; ?>"><?php echo h($notifications['proposalCount']);?></span> (<a href="<?php echo $baseurl;?>/shadow_attributes/index">View</a>)<br />
<b>Events with proposals: </b><span class="bold <?php echo $notifications['proposalEventCount'] ? 'red' : 'green'; ?>"><?php echo h($notifications['proposalEventCount']);?></span> (<a href="<?php echo $baseurl;?>/events/proposalEventIndex">View</a>)<br />
<?php
if (isset($notifications['delegationCount'])):
?>
if (isset($notifications['delegationCount'])):
?>
<b>Delegation requests: </b><span class="bold <?php echo $notifications['delegationCount'] ? 'red' : 'green'; ?>"><?php echo h($notifications['delegationCount']);?></span> (<a href="<?php echo $baseurl;?>/events/delegation_index">View</a>)
<?php
<?php
endif;
?>
</p>

98
app/View/Elements/eventattribute.ctp
View File

@ -34,7 +34,7 @@
$attributeSightingsPopover[$sighting['attribute_id']]['Other organisations'] = 1;
}
}
}
}
if (!empty($attributeSightingsPopover)) {
$attributeSightingsPopoverText = array();
foreach ($attributeSightingsPopover as $aid => &$attribute) {
@ -67,9 +67,9 @@
if ($all):
?>
<span class="red">view all</span>
<?php
<?php
else:
echo $this->Paginator->link(__('view all'), 'all');
echo $this->Paginator->link(__('view all'), 'all');
endif;
?>
</li>
@ -77,34 +77,34 @@
</div>
<br />
<div id="edit_object_div">
<?php
<?php
echo $this->Form->create('Attribute', array('id' => 'delete_selected', 'url' => '/attributes/deleteSelected/' . $event['Event']['id']));
echo $this->Form->input('ids_delete', array(
'type' => 'text',
'value' => 'test',
'style' => 'display:none;',
'label' => false,
));
));
echo $this->Form->end();
?>
<?php
<?php
echo $this->Form->create('ShadowAttribute', array('id' => 'accept_selected', 'url' => '/shadow_attributes/acceptSelected/' . $event['Event']['id']));
echo $this->Form->input('ids_accept', array(
'type' => 'text',
'value' => '',
'style' => 'display:none;',
'label' => false,
));
));
echo $this->Form->end();
?>
<?php
<?php
echo $this->Form->create('ShadowAttribute', array('id' => 'discard_selected', 'url' => '/shadow_attributes/discardSelected/' . $event['Event']['id']));
echo $this->Form->input('ids_discard', array(
'type' => 'text',
'value' => '',
'style' => 'display:none;',
'label' => false,
));
));
echo $this->Form->end();
if (!isset($attributeFilter)) $attributeFilter = 'all';
?>
@ -124,7 +124,7 @@
<span id="freetext-button" title="Populate using the freetext import tool" class="icon-exclamation-sign icon-inverse useCursorPointer" onClick="getPopup(<?php echo $event['Event']['id']; ?>, 'events', 'freeTextImport');"></span>
<?php if ($mayModify): ?>
<span id="attribute-replace-button" title="Replace all attributes of a category/type combination within the event" class="icon-random useCursorPointer" onClick="getPopup(<?php echo $event['Event']['id']; ?>, 'attributes', 'attributeReplace');"></span>
<?php endif; ?>
<?php endif; ?>
</div>
<div class="tabMenu tabMenuFiltersBlock noPrint" style="padding-right:0px !important;">
<span id="filter_header" class="attribute_filter_header">Filters: </span>
@ -159,7 +159,7 @@
<?php endif; ?>
<th class="actions">Actions</th>
</tr>
<?php
<?php
foreach($event['objects'] as $k => $object):
$extra = '';
$extra2 = '';
@ -203,26 +203,26 @@
<input id = "select_proposal_<?php echo $object['id']; ?>" class="select_proposal" type="checkbox" data-id="<?php echo $object['id'];?>" />
<?php endif; ?>
</td>
<?php endif;
if (isset($object['proposal_to_delete']) && $object['proposal_to_delete']):
for ($i = 0; $i < 9; $i++):
<?php endif;
if (isset($object['proposal_to_delete']) && $object['proposal_to_delete']):
for ($i = 0; $i < 9; $i++):
?>
<td class="<?php echo $extra; ?>" style="font-weight:bold;"><?php echo ($i == 0 ? 'DELETE' : '&nbsp;'); ?></td>
<?php
<?php
endfor;
else:
?>
<td class="short <?php echo $extra; ?>">
<div id = "<?php echo $currentType . '_' . $object['id'] . '_timestamp_solid'; ?>">
<?php
<?php
if (isset($object['timestamp'])) echo date('Y-m-d', $object['timestamp']);
else echo '&nbsp';
else echo '&nbsp';
?>
</div>
</td>
<td class="short <?php echo $extra; ?>">
<?php
if ($object['objectType'] != 0) {
<?php
if ($object['objectType'] != 0) {
if (isset($object['Org']['name'])) {
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . 'orgs' . DS . h($object['Org']['name']) . '.png';
if (file_exists($imgAbsolutePath)) echo $this->Html->image('orgs/' . h($object['Org']['name']) . '.png', array('alt' => h($object['Org']['name']), 'title' => h($object['Org']['name']), 'style' => 'width:24px; height:24px'));
@ -230,7 +230,7 @@
}
} else { ?>
&nbsp;
<?php
<?php
}
?>
</td>
@ -248,13 +248,13 @@
</td>
<td id="<?php echo h($currentType) . '_' . h($object['id']) . '_container'; ?>" class="showspaces <?php echo $extra; ?> limitedWidth">
<div id = "<?php echo $currentType . '_' . $object['id'] . '_value_placeholder'; ?>" class = "inline-field-placeholder"></div>
<?php
<?php
if ('attachment' !== $object['type'] && 'malware-sample' !== $object['type']) $editable = ' ondblclick="activateField(\'' . $currentType . '\', \'' . $object['id'] . '\', \'value\', \'' . $event['Event']['id'] . '\');"';
else $editable = '';
?>
<div id = "<?php echo $currentType; ?>_<?php echo $object['id']; ?>_value_solid" class="inline-field-solid" <?php echo $editable; ?>>
<span <?php if (Configure::read('Plugin.Enrichment_hover_enable') && isset($modules) && isset($modules['hover_type'][$object['type']])) echo 'onMouseOver="hoverModuleExpand(\'' . $currentType . '\', \'' . $object['id'] . '\');";'?>>
<?php
<?php
$sigDisplay = $object['value'];
if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
$t = ($object['objectType'] == 0 ? 'attributes' : 'shadow_attributes');
@ -290,9 +290,9 @@
echo nl2br(h($sigDisplay));
}
if (isset($object['validationIssue'])) echo ' <span class="icon-warning-sign" title="Warning, this doesn\'t seem to be a legitimage ' . strtoupper(h($object['type'])) . ' value">&nbsp;</span>';
?>
</span>
<?php
?>
</span>
<?php
if (isset($object['warnings'])) {
$temp = '';
$components = array(1 => 0, 2 => 1);
@ -315,7 +315,7 @@
</td>
<td class="shortish <?php echo $extra; ?>">
<ul class="inline" style="margin:0px;">
<?php
<?php
if ($object['objectType'] == 0) {
$relatedObject = 'Attribute';
$otherColour = $object['hasChildren'] == 0 ? 'blue' : 'white';
@ -348,39 +348,39 @@
<td class="short <?php echo $extra; ?>">
<div id = "<?php echo $currentType . '_' . $object['id'] . '_to_ids_placeholder'; ?>" class = "inline-field-placeholder"></div>
<div id = "<?php echo $currentType . '_' . $object['id'] . '_to_ids_solid'; ?>" class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'to_ids', <?php echo $event['Event']['id'];?>);">
<?php
<?php
if ($object['to_ids']) echo 'Yes';
else echo 'No';
?>
</div>
</td>
<td class="shortish <?php echo $extra; ?>">
<?php
<?php
$turnRed = '';
if ($object['objectType'] == 0 && $object['distribution'] == 0) $turnRed = 'style="color:red"';
?>
<div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_placeholder'; ?>" class = "inline-field-placeholder"></div>
<div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_solid'; ?>" <?php echo $turnRed; ?> class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'distribution', <?php echo $event['Event']['id'];?>);">
<?php
<?php
if ($object['objectType'] == 0) {
if ($object['distribution'] == 4):
?>
<a href="/sharing_groups/view/<?php echo h($object['sharing_group_id']); ?>"><?php echo h($object['SharingGroup']['name']);?></a>
<?php
else:
echo h($shortDist[$object['distribution']]);
<?php
else:
echo h($shortDist[$object['distribution']]);
endif;
}
?>&nbsp;
</div>
</td>
<?php
<?php
endif;
if (Configure::read('Plugin.Sightings_enable')):
?>
<td class="short <?php echo $extra;?>">
<span id="sightingForm_<?php echo h($object['id']);?>">
<?php
<?php
if($object['objectType'] == 0):
echo $this->Form->create('Sighting', array('id' => 'Sighting_' . $object['id'], 'url' => '/sightings/add/' . $object['id'], 'style' => 'display:none;'));
echo $this->Form->end();
@ -393,11 +393,11 @@
<span id="ownSightingCount_<?php echo h($object['id']); ?>" class="bold green sightingsCounter_<?php echo h($object['id']); ?>" data-toggle="popover" data-trigger="hover" data-content="<?php echo isset($attributeSightingsPopoverText[$object['id']]) ? $attributeSightingsPopoverText[$object['id']] : ''; ?>">
<?php echo '(' . (isset($attributeOwnSightings[$object['id']]) ? $attributeOwnSightings[$object['id']] : 0) . ')'; ?>
</span>
<?php
<?php
endif;
?>
</td>
<?php
<?php
endif;
?>
<td class="short action-links <?php echo $extra;?>">
@ -415,13 +415,13 @@
if (isset($modules) && isset($modules['types'][$object['type']])):
?>
<span class="icon-asterisk useCursorPointer" onClick="simplePopup('<?php echo $baseurl;?>/events/queryEnrichment/<?php echo h($object['id']);?>/ShadowAttribute');" title="Propose enrichment">&nbsp;</span>
<?php
<?php
endif;
?>
<a href="<?php echo $baseurl;?>/shadow_attributes/edit/<?php echo $object['id']; ?>" title="Propose Edit" class="icon-share useCursorPointer"></a>
<span class="icon-trash useCursorPointer" title="Propose Deletion" onClick="deleteObject('shadow_attributes', 'delete', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']); ?>');"></span>
<?php
if ($isSiteAdmin):
<?php
if ($isSiteAdmin):
?>
<span class="verticalSeparator">&nbsp;</span>
<?php endif;
@ -430,12 +430,12 @@
if (isset($modules) && isset($modules['types'][$object['type']])):
?>
<span class="icon-asterisk useCursorPointer" onClick="simplePopup('<?php echo $baseurl;?>/events/queryEnrichment/<?php echo h($object['id']);?>/Attribute');" title="Add enrichment">&nbsp;</span>
<?php
<?php
endif;
?>
<a href="<?php echo $baseurl;?>/attributes/edit/<?php echo $object['id']; ?>" title="Edit" class="icon-edit useCursorPointer"></a>
<span class="icon-trash useCursorPointer" onClick="deleteObject('attributes', 'delete', '<?php echo h($object['id']); ?>', '<?php echo h($event['Event']['id']); ?>');"></span>
<?php
<?php
}
endif;
} else {
@ -444,18 +444,18 @@
echo $this->Form->end();
?>
<span class="icon-ok useCursorPointer" onClick="acceptObject('shadow_attributes', '<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
<?php
<?php
}
if (($event['Orgc']['id'] == $me['org_id'] && $mayModify) || $isSiteAdmin || ($object['org_id'] == $me['org_id'])) {
?>
<span class="icon-trash useCursorPointer" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
<?php
<?php
}
}
?>
</td>
</tr>
<?php
</tr>
<?php
endforeach;
?>
</table>
@ -463,7 +463,7 @@
<?php if (!isset($event['objects']) || empty($event['objects'])): ?>
<div class="background-red bold">
<span>
<?php
<?php
if ($me['org_id'] != $event['Event']['orgc_id']) {
echo 'Attribute warning: This event doesn\'t have any attributes visible to you. Either the owner of the event decided to have
a specific distribution scheme per attribute and wanted to still distribute the event alone either for notification or potential contribution with attributes without such restriction. Or the owner forgot to add the
@ -495,9 +495,9 @@ attributes or the appropriate distribution level. If you think there is a mistak
if ($all):
?>
<span class="red">view all</span>
<?php
<?php
else:
echo $this->Paginator->link(__('view all'), 'all');
echo $this->Paginator->link(__('view all'), 'all');
endif;
?>
</li>
@ -521,6 +521,6 @@ attributes or the appropriate distribution level. If you think there is a mistak
});
</script>
<?php
<?php
echo $this->Js->writeBuffer();
?>

4
app/View/Elements/eventattributecreation.ctp
View File

@ -20,7 +20,7 @@
$initialDistribution = 3;
if (Configure::read('MISP.default_attribute_distribution') != null) {
if (Configure::read('MISP.default_attribute_distribution') === 'event') {
$initialDistribution = 5;
$initialDistribution = 5;
} else {
$initialDistribution = Configure::read('MISP.default_attribute_distribution');
}
@ -92,7 +92,7 @@
</tr>
</table>
</div>
<?php
<?php
echo $this->Form->end();
?>

34
app/View/Elements/eventdiscussion.ctp
View File

@ -19,7 +19,7 @@
</ul>
</div>
<div id = "posts">
<?php
<?php
foreach ($posts as $post) {
?>
<a name="message_<?php echo h($post['Post']['id']);?>"></a>
@ -30,9 +30,9 @@
<table style="width:100%">
<tr>
<td>
<?php
<?php
echo 'Date: ' . h($post['Post']['date_created']);
?>
?>
</td>
<td style="text-align:right">
<a href="#top" class="whitelink">Top</a> |
@ -45,23 +45,23 @@
</tr>
<tr>
<td class="discussionBoxTD discussionBoxTDMid discussionBoxTDMidLeft">
<?php
<?php
if (isset($post['User']['Organisation'])) {
$imgAbsolutePath = APP . WEBROOT_DIR . DS . 'img' . DS . 'orgs' . DS . h($post['User']['Organisation']['name']) . '.png';
if (file_exists($imgAbsolutePath)) echo $this->Html->image('orgs/' . h($post['User']['Organisation']['name']) . '.png', array('alt' => h($post['User']['Organisation']['name']), 'title' => h($post['User']['Organisation']['name']), 'style' => 'width:48px; height:48px'));
else echo $this->Html->tag('span', h($post['User']['Organisation']['name']), array('class' => 'welcome', 'style' => 'float:center;'));
} else {
echo 'Deactivated user';
}
}
?>
</td>
<td class="discussionBoxTD discussionBoxTDMid discussionBoxTDMidRight">
<?php
<?php
echo $this->Command->convertQuotes(nl2br(h($post['Post']['contents'])));
if ($post['Post']['post_id'] !=0 || ($post['Post']['date_created'] != $post['Post']['date_modified'])) {
?>
<br /><br />
<?php
<?php
}
if ($post['Post']['post_id'] != 0) {
?>
@ -69,7 +69,7 @@
In reply to post
<a href="<?php echo "#".h($post['Post']['post_id']); ?>">#<?php echo h($post['Post']['post_id'])?></a>
</span>
<?php
<?php
}
if ($post['Post']['date_created'] != $post['Post']['date_modified']) {
echo '<span style="font-style:italic">Message edited at ' . h($post['Post']['date_modified']) . '<span>';
@ -85,7 +85,7 @@
<?php echo h($post['User']['email']); ?>
</td>
<td style="text-align:right">
<?php
<?php
if (!$isSiteAdmin) {
if ($post['Post']['user_id'] == $myuserid) {
echo $this->Html->link('', array('controller' => 'posts', 'action' => 'edit', h($post['Post']['id']), h($context)), array('class' => 'icon-edit', 'title' => 'Edit'));
@ -93,14 +93,14 @@
} else {
?>
<a href="<?php echo $baseurl.'/posts/add/post/'.h($post['Post']['id']); ?>" class="icon-comment" title = "Reply"></a>
<?php
<?php
}
} else {
echo $this->Html->link('', array('controller' => 'posts', 'action' => 'edit', h($post['Post']['id']), h($context)), array('class' => 'icon-edit', 'title' => 'Edit'));
echo $this->Form->postLink('', array('controller' => 'posts', 'action' => 'delete', h($post['Post']['id']), h($context)), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete this post?'));
?>
<a href = "<?php echo $baseurl.'/posts/add/post/'.h($post['Post']['id']); ?>" class="icon-comment" title = "Reply"></a>
<?php
<?php
}
?>
@ -111,7 +111,7 @@
</tr>
</table>
<br />
<?php
<?php
}
?>
</div>
@ -134,7 +134,7 @@
<?php endif; ?>
<div class="comment">
<?php
if (isset($currentEvent)) $url = '/posts/add/event/' . $currentEvent;
if (isset($currentEvent)) $url = '/posts/add/event/' . $currentEvent;
else $url = '/posts/add/thread/' . $thread_id;
echo $this->Form->create('Post', array('url' => $url));
?>
@ -165,15 +165,15 @@
?>
</div>
</div>
<script type="text/javascript">
<script type="text/javascript">
function insertQuote() {
document.getElementById("PostMessage").value+="[Quote][/Quote]";
document.getElementById("PostMessage").value+="[Quote][/Quote]";
}
function insertEvent() {
document.getElementById("PostMessage").value+="[Event][/Event]";
document.getElementById("PostMessage").value+="[Event][/Event]";
}
function insertThread() {
document.getElementById("PostMessage").value+="[Thread][/Thread]";
document.getElementById("PostMessage").value+="[Thread][/Thread]";
}
<?php if (isset($post_id) && $post_id): ?>
$(document).ready(function() {

6
app/View/Elements/footer.ctp
View File

@ -16,15 +16,15 @@
<span>Download: <?php echo $this->Html->link('SMIME certificate', $this->webroot.'public_certificate.pem');?></span>
<?php }else{ ?>
<span>Could not locate SMIME certificate.</span>
<?php }
endif;
<?php }
endif;
?>
</div>
<div class = "footerText footerCenterText">
<span><?php echo h(Configure::read('MISP.footermidleft')); ?> Powered by <a href="https://github.com/MISP/MISP">MISP <?php if (isset($me['id'])) echo h($mispVersionFull);?></a> <?php echo h(Configure::read('MISP.footermidright')); ?></span>
</div>
<div class="pull-right" style="position:relative;padding-top:9px;z-index:2;">
<?php
<?php
if (Configure::read('MISP.footer_logo')) {
if (Configure::read('MISP.footer_logo')) echo $this->Html->image('custom/' . h(Configure::read('MISP.footer_logo')), array('alt' => 'Footer Logo', 'onerror' => "this.style.display='none';", 'style' => 'height:24px'));
}

8
app/View/Elements/global_menu.ctp
View File

@ -11,7 +11,7 @@
<?php if ($me != false ):?>
<div class="nav-collapse collapse">
<ul class="nav">
<?php
<?php
$logo = 'Home';
if (Configure::read('MISP.home_logo')) $logo = '<img src="' . $baseurl . '/img/custom/' . Configure::read('MISP.home_logo') . '" style="height:24px;">';
?>
@ -138,12 +138,12 @@
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/tasks">Scheduled Tasks</a></li>
<?php endif; ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') && $isSiteAdmin): ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') && $isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/eventBlacklists/add">Blacklist Event</a></li>
<li><a href="<?php echo $baseurl;?>/eventBlacklists">Manage Event Blacklists</a></li>
<?php endif; ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') && $isSiteAdmin): ?>
<?php if (Configure::read('MISP.enableEventBlacklisting') && $isSiteAdmin): ?>
<li class="divider"></li>
<li><a href="<?php echo $baseurl;?>/orgBlacklists/add">Blacklist Organisation</a></li>
<li><a href="<?php echo $baseurl;?>/orgBlacklists">Manage Org Blacklists</a></li>
@ -224,7 +224,7 @@ function resizeLogo() {
}
if ($(window).width() > 1399) {
document.getElementById('fullLogo').style.display='block';
document.getElementById('smallLogo').style.display='none';
document.getElementById('smallLogo').style.display='none';
}
}

Some files were not shown because too many files have changed in this diff Show More