mirror of https://github.com/MISP/MISP
new: Stricter validation of baseurl when coming via the API tool
parent
4f90bf2dc7
commit
2ed4ecec02
|
@ -10,7 +10,12 @@ class BaseurlShell extends AppShell {
|
|||
|
||||
public function main() {
|
||||
$baseurl = $this->args[0];
|
||||
$this->Server->serverSettingsSaveValue('MISP.baseurl', $baseurl);
|
||||
echo 'Baseurl updated. Have a very safe and productive day.', PHP_EOL;
|
||||
$result = $this->Server->testBaseURL($baseurl);
|
||||
if (true !== $result) {
|
||||
echo $result . PHP_EOL;
|
||||
} else {
|
||||
$this->Server->serverSettingsSaveValue('MISP.baseurl', $baseurl);
|
||||
echo 'Baseurl updated. Have a very safe and productive day.', PHP_EOL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -51,6 +51,8 @@ class AppController extends Controller {
|
|||
public $phpmin = '5.6.5';
|
||||
public $phprec = '7.0.16';
|
||||
|
||||
public $baseurl = '';
|
||||
|
||||
// Used for _isAutomation(), a check that returns true if the controller & action combo matches an action that is a non-xml and non-json automation method
|
||||
// This is used to allow authentication via headers for methods not covered by _isRest() - as that only checks for JSON and XML formats
|
||||
public $automationArray = array(
|
||||
|
@ -152,6 +154,7 @@ class AppController extends Controller {
|
|||
if (trim($baseurl) == 'http://') {
|
||||
$this->Server->serverSettingsSaveValue('MISP.baseurl', '');
|
||||
}
|
||||
$this->baseurl = $baseurl;
|
||||
$this->set('baseurl', h($baseurl));
|
||||
|
||||
// send users away that are using ancient versions of IE
|
||||
|
|
|
@ -2480,9 +2480,14 @@ class Server extends AppModel {
|
|||
|
||||
public function testBaseURL($value) {
|
||||
// only run this check via the GUI, via the CLI it won't work
|
||||
if (php_sapi_name() == 'cli') return true;
|
||||
if (php_sapi_name() == 'cli') {
|
||||
if (!preg_match('/^http(s)?:\/\//i', $value)) {
|
||||
return 'Invalid baseurl, please make sure that the protocol is set.';
|
||||
}
|
||||
return true;
|
||||
}
|
||||
if ($this->testForEmpty($value) !== true) return $this->testForEmpty($value);
|
||||
if ($value != strtolower($this->getProto()) . '://' . $this->getHost()) return false;
|
||||
if ($value != strtolower($this->getProto()) . '://' . $this->getHost()) return 'critical_error##COMMA##block';
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue