MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [Feeds API] blackholes due to invalid csrf check relaxation call

pull/4147/head
iglocska 2019-02-11 22:28:59 +01:00
parent 4a6ed2f56a
commit 358a8f2eac
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/FeedsController.php
View File

@ -22,7 +22,7 @@ class FeedsController extends AppController
public function beforeFilter() public function beforeFilter()
{ {
parent::beforeFilter(); parent::beforeFilter();
$this->Security->unlockedActions = array('previewIndex'); $this->Security->unlockedActions[] = 'previewIndex';
if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != Configure::read('MISP.host_org_id')) { if (!$this->_isSiteAdmin() && $this->Auth->user('org_id') != Configure::read('MISP.host_org_id')) {
throw new MethodNotAllowedException(__('You don\'t have the required privileges to do that.')); throw new MethodNotAllowedException(__('You don\'t have the required privileges to do that.'));
} }
@ -159,6 +159,9 @@ class FeedsController extends AppController
$this->request->data['Feed']['sharing_group_id'] = 0; $this->request->data['Feed']['sharing_group_id'] = 0;
} }
$this->request->data['Feed']['default'] = 0; $this->request->data['Feed']['default'] = 0;
if (!isset($this->request->data['Feed']['source_format'])) {
$this->request->data['Feed']['source_format'] = 'freetext';
}
if ($this->request->data['Feed']['source_format'] == 'freetext') { if ($this->request->data['Feed']['source_format'] == 'freetext') {
if ($this->request->data['Feed']['fixed_event'] == 1) { if ($this->request->data['Feed']['fixed_event'] == 1) {
if (!empty($this->request->data['Feed']['target_event']) && is_numeric($this->request->data['Feed']['target_event'])) { if (!empty($this->request->data['Feed']['target_event']) && is_numeric($this->request->data['Feed']['target_event'])) {