mirror of https://github.com/MISP/MISP
fix: [Feeds API] blackholes due to invalid csrf check relaxation call
parent
4a6ed2f56a
commit
358a8f2eac
|
@ -22,7 +22,7 @@ class FeedsController extends AppController
|
|||
public function beforeFilter()
|
||||
{
|
||||
parent::beforeFilter();
|
||||
$this->Security->unlockedActions = array('previewIndex');
|
||||
$this->Security->unlockedActions[] = 'previewIndex';
|
||||
if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != Configure::read('MISP.host_org_id')) {
|
||||
throw new MethodNotAllowedException(__('You don\'t have the required privileges to do that.'));
|
||||
}
|
||||
|
@ -159,6 +159,9 @@ class FeedsController extends AppController
|
|||
$this->request->data['Feed']['sharing_group_id'] = 0;
|
||||
}
|
||||
$this->request->data['Feed']['default'] = 0;
|
||||
if (!isset($this->request->data['Feed']['source_format'])) {
|
||||
$this->request->data['Feed']['source_format'] = 'freetext';
|
||||
}
|
||||
if ($this->request->data['Feed']['source_format'] == 'freetext') {
|
||||
if ($this->request->data['Feed']['fixed_event'] == 1) {
|
||||
if (!empty($this->request->data['Feed']['target_event']) && is_numeric($this->request->data['Feed']['target_event'])) {
|
||||
|
|
Loading…
Reference in New Issue