diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index 21f8c61f3..c815e697f 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -497,7 +497,7 @@ class EventsController extends AppController {
public function xml($key) {
- // FIXME implement XML output
+ // LATER filter out private events AND private signatures
// check if the key is valid -> search for users based on key
$this->loadModel('User');
// no input sanitization necessary, it's done by model
@@ -506,40 +506,32 @@ class EventsController extends AppController {
throw new UnauthorizedException('Incorrect authentication key');
}
// display the full xml
- $this->header('Content-Type: text/xml'); // set the content type
+ $this->response->type('xml'); // set the content type
$this->layout = 'xml/default';
-// $this->header('Content-Disposition: attachment; filename="cydefsig.xml"');
+ $this->header('Content-Disposition: inline; filename="cydefsig.xml"');
$conditions = array("Event.alerted" => 1);
- $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info');
+ // do not expose all the data like user_id, ...
+ $fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.info', 'Event.uuid');
if ('true' == Configure::read('CyDefSIG.showorg')) {
$fields[] = 'Event.org';
}
- // $this->Event->Behaviors->attach('Containable');
- // $contain = array('Signature.id', 'Signature.type', 'Signature.value', 'Signature.to_snort');
$params = array('conditions' => $conditions,
- 'recursive' => 1,
- 'fields' => $fields,
- // 'contain' => $contain
+ 'recursive' => 1,
+ 'fields' => $fields,
);
$results = $this->Event->find('all', $params);
-/* $xml = Xml::build('
File upload
-Andrzej Dereszowski (NCIRC) added the file-uploading functionality.
+Andrzej Dereszowski (NCIRC) added the file-uploading functionality. Malware samples are password protected with the password infected.
Backend rewrite + security
Complete rewrite of the backend code to migrate to CakePHP 2.x (from CakePHP 1.3).