MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Some minor changes and fix to a vulnerability 

- fix to the creator of a proposal being able to also accept it
- new attributes are now shown in the e-mail denoted by a * when an event is republished
- the date of an attribute's creation is shown
pull/217/head
iglocska 2014-01-13 16:38:49 +01:00
parent 2114f55ddd
commit 2e82ee6a36
3 changed files with 9 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/ShadowAttributesController.php
View File

@ -119,7 +119,7 @@ class ShadowAttributesController extends AppController {
$event = $this->Event->read(null, $shadow['event_id']);
if (!$this->_isSiteAdmin()) {
if ((($event['Event']['orgc'] != $this->Auth->user('org')) && ($this->Auth->user('org') != $shadow['org'])) || (!$this->userRole['perm_modify'])) {
if (($event['Event']['orgc'] != $this->Auth->user('org')) || (!$this->userRole['perm_modify'])) {
$this->Session->setFlash('You don\'t have permission to do that');
$this->redirect(array('controller' => 'events', 'action' => 'index'));
}

14
app/Model/Event.php
View File

@ -1009,7 +1009,7 @@ class Event extends AppModel {
// The mail body, h() is NOT needed as we are sending plain-text mails.
$body = "";
$body .= '----------------------------------------------' . "\n";
$body .= '==============================================' . "\n";
$appendlen = 20;
$body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n";
$body .= 'Event : ' . $event['Event']['id'] . "\n";
@ -1024,21 +1024,21 @@ class Event extends AppModel {
$user['org'] = $org;
$relatedEvents = $this->getRelatedEvents($user, false);
if (!empty($relatedEvents)) {
$body .= '----------------------------------------------' . "\n";
$body .= '==============================================' . "\n";
$body .= 'Related to : '. "\n";
foreach ($relatedEvents as &$relatedEvent) {
$body .= Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ') ' ."\n";
}
$body .= '----------------------------------------------' . "\n";
$body .= '==============================================' . "\n";
}
$body .= 'Attributes :' . "\n";
$body .= 'Attributes (* infront of the attribute type :' . "\n";
$bodyTempOther = "";
if (isset($event['Attribute'])) {
foreach ($event['Attribute'] as &$attribute) {
if (isset($event['Event']['publish_timestamp']) && isset($attribute['timestamp']) && $attribute['timestamp'] > $event['Event']['publish_timestamp']) {
$line = '(NEW!)- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n";
$line = '*' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n";
} else {
$line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
$line = $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
}
if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom.
$bodyTempOther .= $line;
@ -1049,7 +1049,7 @@ class Event extends AppModel {
$body .= "\n";
}
$body .= $bodyTempOther; // append the 'other' attribute types to the bottom.
$body .= '----------------------------------------------' . "\n";
$body .= '==============================================' . "\n";
// find out whether the event is private, to limit the alerted user's list to the org only
if ($event['Event']['distribution'] == 0) {
$eventIsPrivate = true;

7
app/View/Events/view.ctp
View File

@ -255,12 +255,7 @@ if (!empty($event['Attribute'])):?>
$extra = 'highlight2';
foreach ($attribute['ShadowAttribute'] as $shadowAttribute): ?>
<tr class="highlight2">
<td class= "short <?php echo $extra; ?>">
<?php
if (isset($event['Event']['publish_timestamp'])) echo date('Y-m-d', $shadowAttribute['timestamp']);
else echo '&nbsp';
?>
</td>
<td class= "short <?php echo $extra; ?>">&nbsp</td>
<td class="short highlight2" title="
<?php if('' != $shadowAttribute['category']) echo $categoryDefinitions[$shadowAttribute['category']]['desc'];?>
">