Merge branch 'hotfix-2.1.1' into develop

2013-08-06 09:55:38 +02:00 · 2013-08-06 09:55:38 +02:00 · 392b48772b
parent fa1af3cd3b 5011b50c65
commit 392b48772b
5 changed files with 8 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -48,4 +48,4 @@ License

 This software is licensed under GNU Affero General Public License version 3

-Copyright (c) 2012, 2013 Belgian Defence, NATO / NCIRC.
+Copyright (c) 2012, 2013 Belgian Defence, NATO / NCIRC.
--- a/app/Config/bootstrap.default.php
+++ b/app/Config/bootstrap.default.php
@ -141,6 +141,7 @@ Configure::write('CyDefSIG.dns', 'false');				// there is a nameserver available
 //Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s');     // used in Events::login before the MISP logo
 //Configure::write('MISP.welcome_text_bottom', 'instance');     // used in Events::login after the MISP logo
 //Configure::write('MISP.welcome_logo', 'organisation');     // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png
+Configure::write('MISP.disablerestalert', 'true');

 /**
 * The settings below can be used to set additional paths to models, views and controllers.
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@ -83,7 +83,7 @@ class EventsController extends AppController {
 	 */
 	public function index() {
 		// list the events
-
+		
 		// TODO information exposure vulnerability - as we don't limit the filter depending on the CyDefSIG.showorg parameter
 		// this filter will work if showorg=false and users will be able to perform the filtering and see what events were posted by what org.
 		// same goes for orgc in all cases
@ -562,6 +562,9 @@ class EventsController extends AppController {
 		if ($saveResult) {
 			if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
 				// do the necessary actions to publish the event (email, upload,...)
+				if ('true' != Configure::read('MISP.disablerestalert')) {
+					$this->__sendAlertEmail($this->Event->getId());
+				}
 				$this->__publish($this->Event->getId(), $passAlong);
 			}
 			return true;
--- a/app/View/Attributes/index.ctp
+++ b/app/View/Attributes/index.ctp
@ -159,4 +159,4 @@ $(document).ready(function () {
 		});

 });
-</script>
+</script>
--- a/app/View/Events/view.ctp
+++ b/app/View/Events/view.ctp
@ -198,7 +198,7 @@ if (!empty($event['Attribute'])):?>
 			</td>
 			<td class="showspaces <?php echo $extra; ?>"><?php $sigDisplay = $attribute['value'];
 			if ('attachment' == $attribute['type'] || 'malware-sample' == $attribute['type'] ) {
-				$filenameHash = explode('|', $attribute['value']);
+				$filenameHash = explode('|', nl2br(h($attribute['value'])));
 				if (strrpos($filenameHash[0], '\\')) {
 					$filepath = substr($filenameHash[0], 0, strrpos($filenameHash[0], '\\'));
 					$filename = substr($filenameHash[0], strrpos($filenameHash[0], '\\'));