mirror of https://github.com/MISP/MISP
Some minor changes and fix to a vulnerability
- fix to the creator of a proposal being able to also accept it - new attributes are now shown in the e-mail denoted by a * when an event is republished - the date of an attribute's creation is shownpull/217/head
parent
2114f55ddd
commit
2e82ee6a36
|
@ -119,7 +119,7 @@ class ShadowAttributesController extends AppController {
|
|||
$event = $this->Event->read(null, $shadow['event_id']);
|
||||
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if ((($event['Event']['orgc'] != $this->Auth->user('org')) && ($this->Auth->user('org') != $shadow['org'])) || (!$this->userRole['perm_modify'])) {
|
||||
if (($event['Event']['orgc'] != $this->Auth->user('org')) || (!$this->userRole['perm_modify'])) {
|
||||
$this->Session->setFlash('You don\'t have permission to do that');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'index'));
|
||||
}
|
||||
|
|
|
@ -1009,7 +1009,7 @@ class Event extends AppModel {
|
|||
|
||||
// The mail body, h() is NOT needed as we are sending plain-text mails.
|
||||
$body = "";
|
||||
$body .= '----------------------------------------------' . "\n";
|
||||
$body .= '==============================================' . "\n";
|
||||
$appendlen = 20;
|
||||
$body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n";
|
||||
$body .= 'Event : ' . $event['Event']['id'] . "\n";
|
||||
|
@ -1024,21 +1024,21 @@ class Event extends AppModel {
|
|||
$user['org'] = $org;
|
||||
$relatedEvents = $this->getRelatedEvents($user, false);
|
||||
if (!empty($relatedEvents)) {
|
||||
$body .= '----------------------------------------------' . "\n";
|
||||
$body .= '==============================================' . "\n";
|
||||
$body .= 'Related to : '. "\n";
|
||||
foreach ($relatedEvents as &$relatedEvent) {
|
||||
$body .= Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ') ' ."\n";
|
||||
}
|
||||
$body .= '----------------------------------------------' . "\n";
|
||||
$body .= '==============================================' . "\n";
|
||||
}
|
||||
$body .= 'Attributes :' . "\n";
|
||||
$body .= 'Attributes (* infront of the attribute type :' . "\n";
|
||||
$bodyTempOther = "";
|
||||
if (isset($event['Attribute'])) {
|
||||
foreach ($event['Attribute'] as &$attribute) {
|
||||
if (isset($event['Event']['publish_timestamp']) && isset($attribute['timestamp']) && $attribute['timestamp'] > $event['Event']['publish_timestamp']) {
|
||||
$line = '(NEW!)- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n";
|
||||
$line = '*' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n";
|
||||
} else {
|
||||
$line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
|
||||
$line = $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n";
|
||||
}
|
||||
if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom.
|
||||
$bodyTempOther .= $line;
|
||||
|
@ -1049,7 +1049,7 @@ class Event extends AppModel {
|
|||
$body .= "\n";
|
||||
}
|
||||
$body .= $bodyTempOther; // append the 'other' attribute types to the bottom.
|
||||
$body .= '----------------------------------------------' . "\n";
|
||||
$body .= '==============================================' . "\n";
|
||||
// find out whether the event is private, to limit the alerted user's list to the org only
|
||||
if ($event['Event']['distribution'] == 0) {
|
||||
$eventIsPrivate = true;
|
||||
|
|
|
@ -255,12 +255,7 @@ if (!empty($event['Attribute'])):?>
|
|||
$extra = 'highlight2';
|
||||
foreach ($attribute['ShadowAttribute'] as $shadowAttribute): ?>
|
||||
<tr class="highlight2">
|
||||
<td class= "short <?php echo $extra; ?>">
|
||||
<?php
|
||||
if (isset($event['Event']['publish_timestamp'])) echo date('Y-m-d', $shadowAttribute['timestamp']);
|
||||
else echo ' ';
|
||||
?>
|
||||
</td>
|
||||
<td class= "short <?php echo $extra; ?>"> </td>
|
||||
<td class="short highlight2" title="
|
||||
<?php if('' != $shadowAttribute['category']) echo $categoryDefinitions[$shadowAttribute['category']]['desc'];?>
|
||||
">
|
||||
|
|
Loading…
Reference in New Issue