mirror of https://github.com/MISP/MISP
Loosened the filename validation on attachments
- filenames without extensions were blocked for examplepull/195/head
parent
c95f8ea283
commit
2a28591bf7
|
@ -317,7 +317,7 @@ class AttributesController extends AppController {
|
|||
if ($this->request->data['Attribute']['malware']) {
|
||||
$this->request->data['Attribute']['type'] = "malware-sample";
|
||||
// Validate filename
|
||||
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
if (!preg_match('@^[\w\-. ]+$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
$this->request->data['Attribute']['value'] = $filename . '|' . hash_file('md5', $tmpfile->path); // TODO gives problems with bigger files
|
||||
$sha256 = (hash_file('sha256', $tmpfile->path));
|
||||
$sha1 = (hash_file('sha1', $tmpfile->path));
|
||||
|
@ -325,7 +325,7 @@ class AttributesController extends AppController {
|
|||
} else {
|
||||
$this->request->data['Attribute']['type'] = "attachment";
|
||||
// Validate filename
|
||||
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
if (!preg_match('@^[\w\-. ]+$@', $filename)) throw new Exception ('Filename not allowed');
|
||||
$this->request->data['Attribute']['value'] = $filename;
|
||||
$this->request->data['Attribute']['to_ids'] = 0;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue