MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [upload_analysis_file] Prevent object creation on non-existing events

pull/3940/head
Sami Mokaddem 2018-12-12 11:16:00 +01:00
parent 244f62e355
commit 260f75d8c3
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Controller/EventsController.php
View File

@ -5159,6 +5159,20 @@ class EventsController extends AppController
//$result = $this->Event->upload_mactime($this->Auth->user(), );
} elseif ($this->request->is('post') && $this->request['data']['SelectedData']['mactime_data']) {
// Find the event that is to be updated
if (Validation::uuid($eventId)) {
$eventFindParams['conditions']['Event.uuid'] = $eventId;
} elseif (is_numeric($eventId)) {
$eventFindParams['conditions']['Event.id'] = $eventId;
} else {
throw new NotFoundException(__('Invalid event.'));
}
$event = $this->Event->find('first', $eventFindParams);
if (empty($event) || (!$this->_isSiteAdmin() && $event['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
throw new NotFoundException(__('Invalid event.'));
}
$eventId = $event['Event']['id'];
$fileName = $this->request['data']['SelectedData']['mactime_file_name'];
$fileData = $this->request['data']['SelectedData']['mactime_file_content'];
$object = array();