mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
4bcad73c1e
|
@ -2732,7 +2732,9 @@ class EventsController extends AppController
|
|||
} else {
|
||||
$filename = 'misp.csv.filtered_results.csv';
|
||||
}
|
||||
|
||||
if (!isset($filters['ignore'])) {
|
||||
$filters['ignore'] = 0;
|
||||
}
|
||||
$final = $this->Event->restSearch($user, 'csv', $filters);
|
||||
// if it's a search, grab the attributeIDList from the session and get the IDs from it. Use those as the condition
|
||||
// We don't need to look out for permissions since that's filtered by the search itself
|
||||
|
|
|
@ -194,6 +194,7 @@ class ObjectsController extends AppController
|
|||
$error = 'Could not save the object as no attributes were set.';
|
||||
} else {
|
||||
foreach ($object['Attribute'] as $k => $attribute) {
|
||||
unset($object['Attribute'][$k]['id']);
|
||||
$object['Attribute'][$k]['event_id'] = $eventId;
|
||||
$this->MispObject->Event->Attribute->set($attribute);
|
||||
if (!$this->MispObject->Event->Attribute->validates()) {
|
||||
|
@ -220,6 +221,7 @@ class ObjectsController extends AppController
|
|||
$error = $this->MispObject->ObjectTemplate->checkTemplateConformity($template, $object);
|
||||
}
|
||||
if ($error === true) {
|
||||
unset($object['Object']['id']);
|
||||
$result = $this->MispObject->saveObject($object, $eventId, $template, $this->Auth->user(), $errorBehaviour = 'halt');
|
||||
if (is_numeric($result)) {
|
||||
$this->MispObject->Event->unpublishEvent($eventId);
|
||||
|
|
|
@ -1375,70 +1375,110 @@ class UsersController extends AppController
|
|||
$this->set('user', $user);
|
||||
}
|
||||
|
||||
public function admin_email()
|
||||
public function admin_email($isPreview=false)
|
||||
{
|
||||
if (!$this->_isAdmin()) {
|
||||
throw new MethodNotAllowedException();
|
||||
}
|
||||
// User has filled in his contact form, send out the email.
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$conditions = array('org_id' => $this->Auth->user('org_id'));
|
||||
}
|
||||
if ($this->request->data['User']['recipient'] != 1) {
|
||||
$conditions['id'] = $this->request->data['User']['recipientEmailList'];
|
||||
}
|
||||
$conditions['AND'][] = array('User.disabled' => 0);
|
||||
$users = $this->User->find('all', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions));
|
||||
$this->request->data['User']['message'] = $this->User->adminMessageResolve($this->request->data['User']['message']);
|
||||
$failures = '';
|
||||
foreach ($users as $user) {
|
||||
$password = $this->User->generateRandomPassword();
|
||||
$body = str_replace('$password', $password, $this->request->data['User']['message']);
|
||||
$body = str_replace('$username', $user['User']['email'], $body);
|
||||
$result = $this->User->sendEmail($user, $body, false, $this->request->data['User']['subject']);
|
||||
// if sending successful and action was a password change, update the user's password.
|
||||
if ($result && $this->request->data['User']['action'] != '0') {
|
||||
$this->User->id = $user['User']['id'];
|
||||
$this->User->saveField('password', $password);
|
||||
$this->User->saveField('change_pw', '1');
|
||||
}
|
||||
if (!$result) {
|
||||
if ($failures != '') {
|
||||
$failures .= ', ';
|
||||
}
|
||||
$failures .= $user['User']['email'];
|
||||
}
|
||||
}
|
||||
if ($failures != '') {
|
||||
$this->Flash->success(__('E-mails sent, but failed to deliver the messages to the following recipients: ' . $failures));
|
||||
} else {
|
||||
$this->Flash->success(__('E-mails sent.'));
|
||||
}
|
||||
}
|
||||
$isPostOrPut = $this->request->is('post') || $this->request->is('put');
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$conditions = array('org_id' => $this->Auth->user('org_id'));
|
||||
}
|
||||
$conditions['User.disabled'] = 0;
|
||||
$temp = $this->User->find('all', array('recursive' => -1, 'fields' => array('id', 'email'), 'order' => array('email ASC'), 'conditions' => $conditions));
|
||||
$emails = array();
|
||||
// save all the emails of the users and set it for the dropdown list in the form
|
||||
foreach ($temp as $user) {
|
||||
$emails[$user['User']['id']] = $user['User']['email'];
|
||||
|
||||
// harvest parameters
|
||||
if ($isPostOrPut) {
|
||||
$recipient = $this->request->data['User']['recipient'];
|
||||
} else {
|
||||
$recipient = isset($this->request->query['recipient']) ? $this->request->query['recipient'] : NULL;
|
||||
}
|
||||
$this->set('users', $temp);
|
||||
$this->set('recipientEmail', $emails);
|
||||
$this->set('org', Configure::read('MISP.org'));
|
||||
$textsToFetch = array('newUserText', 'passwordResetText');
|
||||
$this->loadModel('Server');
|
||||
foreach ($textsToFetch as $text) {
|
||||
${$text} = Configure::read('MISP.' . $text);
|
||||
if (!${$text}) {
|
||||
${$text} = $this->Server->serverSettings['MISP'][$text]['value'];
|
||||
if ($isPostOrPut) {
|
||||
$recipientEmailList = $this->request->data['User']['recipientEmailList'];
|
||||
} else {
|
||||
$recipientEmailList = isset($this->request->query['recipientEmailList']) ? $this->request->query['recipientEmailList'] : NULL;
|
||||
}
|
||||
if ($isPostOrPut) {
|
||||
$orgNameList = $this->request->data['User']['orgNameList'];
|
||||
} else {
|
||||
$orgNameList = isset($this->request->query['orgNameList']) ? $this->request->query['orgNameList'] : NULL;
|
||||
}
|
||||
|
||||
if (!is_null($recipient) && $recipient == 0) {
|
||||
if (is_null($recipientEmailList)) {
|
||||
throw new NotFoundException(__('Recipient email not provided'));
|
||||
}
|
||||
$conditions['id'] = $recipientEmailList;
|
||||
} else if (!is_null($recipient) && $recipient == 2) {
|
||||
if (is_null($orgNameList)) {
|
||||
throw new NotFoundException(__('Recipient organisation not provided'));
|
||||
}
|
||||
$conditions['org_id'] = $orgNameList;
|
||||
}
|
||||
$conditions['AND'][] = array('User.disabled' => 0);
|
||||
|
||||
// Allow to mimic real form post
|
||||
if ($isPreview) {
|
||||
$users = $this->User->find('list', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions, 'fields' => array('email')));
|
||||
$this->set('emails', $users);
|
||||
$this->set('emailsCount', count($users));
|
||||
$this->render('ajax/emailConfirmTemplate');
|
||||
} else {
|
||||
$users = $this->User->find('all', array('recursive' => -1, 'order' => array('email ASC'), 'conditions' => $conditions));
|
||||
// User has filled in his contact form, send out the email.
|
||||
if ($isPostOrPut) {
|
||||
$this->request->data['User']['message'] = $this->User->adminMessageResolve($this->request->data['User']['message']);
|
||||
$failures = '';
|
||||
foreach ($users as $user) {
|
||||
$password = $this->User->generateRandomPassword();
|
||||
$body = str_replace('$password', $password, $this->request->data['User']['message']);
|
||||
$body = str_replace('$username', $user['User']['email'], $body);
|
||||
$result = $this->User->sendEmail($user, $body, false, $this->request->data['User']['subject']);
|
||||
// if sending successful and action was a password change, update the user's password.
|
||||
if ($result && $this->request->data['User']['action'] != '0') {
|
||||
$this->User->id = $user['User']['id'];
|
||||
$this->User->saveField('password', $password);
|
||||
$this->User->saveField('change_pw', '1');
|
||||
}
|
||||
if (!$result) {
|
||||
if ($failures != '') {
|
||||
$failures .= ', ';
|
||||
}
|
||||
$failures .= $user['User']['email'];
|
||||
}
|
||||
}
|
||||
if ($failures != '') {
|
||||
$this->Flash->success(__('E-mails sent, but failed to deliver the messages to the following recipients: ' . $failures));
|
||||
} else {
|
||||
$this->Flash->success(__('E-mails sent.'));
|
||||
}
|
||||
}
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$conditions = array('org_id' => $this->Auth->user('org_id'));
|
||||
}
|
||||
$conditions['User.disabled'] = 0;
|
||||
$temp = $this->User->find('all', array('recursive' => -1, 'fields' => array('id', 'email', 'Organisation.name'), 'order' => array('email ASC'), 'conditions' => $conditions, 'contain' => array('Organisation')));
|
||||
$emails = array();
|
||||
$orgName = array();
|
||||
// save all the emails of the users and set it for the dropdown list in the form
|
||||
foreach ($temp as $user) {
|
||||
$emails[$user['User']['id']] = $user['User']['email'];
|
||||
$orgName[$user['Organisation']['id']] = $user['Organisation']['name'];
|
||||
}
|
||||
|
||||
$this->set('users', $temp);
|
||||
$this->set('recipientEmail', $emails);
|
||||
$this->set('orgName', $orgName);
|
||||
$this->set('org', Configure::read('MISP.org'));
|
||||
$textsToFetch = array('newUserText', 'passwordResetText');
|
||||
$this->loadModel('Server');
|
||||
foreach ($textsToFetch as $text) {
|
||||
${$text} = Configure::read('MISP.' . $text);
|
||||
if (!${$text}) {
|
||||
${$text} = $this->Server->serverSettings['MISP'][$text]['value'];
|
||||
}
|
||||
$this->set($text, ${$text});
|
||||
}
|
||||
$this->set($text, ${$text});
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1412,6 +1412,7 @@ class Event extends AppModel
|
|||
'category' => array('function' => 'set_filter_simple_attribute'),
|
||||
'type' => array('function' => 'set_filter_simple_attribute'),
|
||||
'tags' => array('function' => 'set_filter_tags', 'pop' => true),
|
||||
'ignore' => array('function' => 'set_filter_ignore'),
|
||||
'uuid' => array('function' => 'set_filter_uuid'),
|
||||
'deleted' => array('function' => 'set_filter_deleted'),
|
||||
'to_ids' => array('function' => 'set_filter_to_ids'),
|
||||
|
@ -1706,6 +1707,10 @@ class Event extends AppModel
|
|||
if (!empty($options['includeRelatedTags'])) {
|
||||
$options['includeGranularCorrelations'] = 1;
|
||||
}
|
||||
if (isset($options['ignore']) && empty($options['ignore'])) {
|
||||
$conditions['AND'][] = array('Event.published' => 1);
|
||||
$conditionsAttributes['AND'][] = array('Attribute.to_ids' => 1);
|
||||
}
|
||||
$softDeletables = array('Attribute', 'Object', 'ObjectReference');
|
||||
if (isset($options['deleted']) && $options['deleted']) {
|
||||
if (!$user['Role']['perm_sync']) {
|
||||
|
@ -2234,8 +2239,17 @@ class Event extends AppModel
|
|||
public function set_filter_ignore(&$params, $conditions, $options)
|
||||
{
|
||||
if (empty($params['ignore'])) {
|
||||
$conditions['AND']['Event.published'] = 1;
|
||||
$conditions['AND']['Attribute.to_ids'] = 1;
|
||||
if (empty($options['scope'])) {
|
||||
$scope = 'Attribute';
|
||||
} else {
|
||||
$scope = $options['scope'];
|
||||
}
|
||||
if ($scope === 'Attribute') {
|
||||
$conditions['AND']['Attribute.to_ids'] = 1;
|
||||
} else {
|
||||
$conditions['AND']['Event.published'] = 1;
|
||||
}
|
||||
|
||||
}
|
||||
return $conditions;
|
||||
}
|
||||
|
@ -5461,7 +5475,7 @@ class Event extends AppModel
|
|||
$filters['published'] = 1;
|
||||
}
|
||||
}
|
||||
if (isset($filters['ignore'])) {
|
||||
if (!empty($filters['ignore'])) {
|
||||
$filters['to_ids'] = array(0, 1);
|
||||
$filters['published'] = array(0, 1);
|
||||
}
|
||||
|
|
|
@ -47,6 +47,17 @@ class MispObject extends AppModel
|
|||
);
|
||||
|
||||
public $validate = array(
|
||||
'uuid' => array(
|
||||
'uuid' => array(
|
||||
'rule' => array('custom', '/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/'),
|
||||
'message' => 'Please provide a valid UUID'
|
||||
),
|
||||
'unique' => array(
|
||||
'rule' => 'isUnique',
|
||||
'message' => 'The UUID provided is not unique',
|
||||
'required' => 'create'
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
public function beforeValidate($options = array())
|
||||
|
|
|
@ -199,7 +199,9 @@ class SharingGroup extends AppModel
|
|||
'conditions' => array('id' => $sgo['org_id'])
|
||||
));
|
||||
}
|
||||
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']];
|
||||
if (!empty($this->__sgoCache[$sgo['org_id']]['Organisation'])) {
|
||||
$sgo['Organisation'] = $this->__sgoCache[$sgo['org_id']]['Organisation'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -55,9 +55,7 @@
|
|||
$branchColour = $branch == '2.4' ? 'green' : 'red bold';
|
||||
?>
|
||||
<span class="<?php echo h($branchColour); ?>">
|
||||
<?php
|
||||
echo h($branch);
|
||||
?>
|
||||
<?=($branch == '2.4') ? h($branch) : "You are not on a branch, Update MISP will fail"; ?>
|
||||
</span>
|
||||
</span><br />
|
||||
<pre class="hidden green bold" id="gitResult"></pre>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
<?php
|
||||
// This choice will determine
|
||||
$actionOptions=array(__('Custom message'), __('Welcome message'), __('Reset password'));
|
||||
$recipientOptions=array(__('A single user'), __('All users'));
|
||||
$recipientOptions=array(__('A single user'), __('All users'), __('All users of the same organisation'));
|
||||
?>
|
||||
<div class="row-fluid">
|
||||
<?php echo $this->Form->input('action', array('type' => 'select', 'options' => $actionOptions, 'id' => 'action')); ?>
|
||||
|
@ -29,6 +29,9 @@
|
|||
<div id="recipientEmailList" class="hideAble">
|
||||
<?php echo $this->Form->input('recipientEmailList', array('type' => 'select', 'options' => $recipientEmail, 'label' => 'Recipient Email')); ?>
|
||||
</div>
|
||||
<div id="orgNameList" class="hideAble">
|
||||
<?php echo $this->Form->input('orgNameList', array('type' => 'select', 'options' => $orgName, 'label' => 'Recipient Organisation Name')); ?>
|
||||
</div>
|
||||
</div>
|
||||
<div id="customMessage" class="row-fluid hideAble">
|
||||
<?php
|
||||
|
@ -64,13 +67,33 @@ $("#customMessage").change(setAll);
|
|||
$("#action").change(populateSubject);
|
||||
var subjects = [];
|
||||
var standardTexts = [];
|
||||
var submitAllowed = false;
|
||||
$(document).ready(function() {
|
||||
var org = "<?php echo $org;?>";
|
||||
subjects = ["", "[" + org + " MISP] " + "<?php echo __('New user registration');?>" , "[" + org + " MISP] " + "<?php echo __('Password reset');?>"];
|
||||
standardTexts = ['', '<?php echo h($newUserText); ?>', '<?php echo h($passwordResetText); ?>'];
|
||||
//setAll();
|
||||
setAll();
|
||||
|
||||
// Confirm before submit
|
||||
$('#UserAdminEmailForm').submit(function(e) {
|
||||
var url = '<?php echo $baseurl; ?>/admin/users/email/true?';
|
||||
url += 'recipient=' + $('#recipient').val();
|
||||
url += '&recipientEmailList=' + $('#UserRecipientEmailList').val();
|
||||
url += '&orgNameList=' + $('#UserOrgNameList').val();
|
||||
$.get(url, function(data) {
|
||||
$("#confirmation_box").html(data);
|
||||
openPopup("#confirmation_box");
|
||||
});
|
||||
return submitAllowed;
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
function submitMailsForm() {
|
||||
submitAllowed = true;
|
||||
$('#UserAdminEmailForm').submit();
|
||||
}
|
||||
|
||||
function populateSubject() {
|
||||
$("#UserSubject").val(subjects[$("#action").val()]);
|
||||
$("#UserMessage").html(standardTexts[$("#action").val()]).text();
|
||||
|
@ -82,6 +105,7 @@ function setAll() {
|
|||
if ($("#action option:selected").val() == 0) $("#subject").show();
|
||||
else $("#customMessage").show();
|
||||
if ($("#recipient option:selected").val() == 0) $("#recipientEmailList").show();
|
||||
if ($("#recipient option:selected").val() == 2) $("#orgNameList").show();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
<div class="confirmation">
|
||||
<legend><?php echo __('Confirm sending'); ?> </legend>
|
||||
<div style="padding-left:5px;padding-right:5px;padding-bottom:5px;">
|
||||
<p><?php echo __('You are about to send a mail to %s recipient(s)?', '<strong>' . h($emailsCount) . '</strong>'); ?></p>
|
||||
<div>
|
||||
<select multiple=1 size=15 style="width: 100%">
|
||||
<?php foreach($emails as $email): ?>
|
||||
<option><?php echo h($email); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
</div>
|
||||
<div>
|
||||
<span role="button" tabindex="0" aria-label="<?php echo __('Send');?>" title="<?php echo __('Send');?>" class="btn btn-primary" id="PromptYesButton" onClick="submitMailsForm();"><?php echo __('Send');?></span>
|
||||
<span role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="btn btn-inverse" id="PromptNoButton" style="float:right;" onClick="cancelPrompt();"><?php echo __('Cancel');?></span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
|
@ -1 +1 @@
|
|||
Subproject commit 34bee5f3bb4953fb00d75e1cb11c346659a692df
|
||||
Subproject commit 162802f486427933f5cd0602dd4cf62e24f145ae
|
|
@ -123,6 +123,8 @@ sudo -u www-data git submodule foreach --recursive git config core.filemode fals
|
|||
sudo -u www-data git config core.filemode false
|
||||
|
||||
# Create a python3 virtualenv
|
||||
sudo apt-get install python3-pip
|
||||
pip3 install virtualenv
|
||||
sudo -u www-data virtualenv -p python3 ${PATH_TO_MISP}/venv
|
||||
|
||||
# make pip happy
|
||||
|
|
|
@ -6,7 +6,7 @@ set -x
|
|||
AUTH="$1"
|
||||
|
||||
curl -i -H "Accept: application/json" -H "content-type: application/json" -H "Authorization: $AUTH" --data "@event.json" -X POST http://misp.local/events
|
||||
curl -H "Authorization: $AUTH" -X GET http://misp.local/events/csv/download/1 | sed -e 's/^M//g' | cut -d, -f2 --complement | sort > 1.csv
|
||||
curl -H "Authorization: $AUTH" -X GET http://misp.local/events/csv/download/1/ignore:1 | sed -e 's/^M//g' | cut -d, -f2 --complement | sort > 1.csv
|
||||
cat 1.csv
|
||||
cut -d, -f2 --complement event.csv | sort > compare.csv
|
||||
diff compare.csv 1.csv
|
||||
|
|
|
@ -26,7 +26,7 @@ echo '-- Starting MISP restore process'
|
|||
|
||||
FILE=./misp-backup.conf
|
||||
|
||||
if [ -f $1 ];
|
||||
if [ ! -z $1 ] && [ -f $1 ];
|
||||
then
|
||||
BackupFile=$1
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue