MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Notification on rest add of published events. Fixes #138

pull/195/head
iglocska 2013-08-06 09:43:00 +02:00
parent cb6482fd54
commit 5011b50c65
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Config/bootstrap.default.php
View File

@ -141,6 +141,7 @@ Configure::write('CyDefSIG.dns', 'false'); // there is a nameserver available
//Configure::write('MISP.welcome_text_top', 'Welcome to the Organisation community\'s'); // used in Events::login before the MISP logo
//Configure::write('MISP.welcome_text_bottom', 'instance'); // used in Events::login after the MISP logo
//Configure::write('MISP.welcome_logo', 'organisation'); // used in Events::login to the left of the MISP logo, place a .png file in app/webroot/img with the name specified here. In this case it would be organisation.png
Configure::write('MISP.disablerestalert', 'true');
/**
* The settings below can be used to set additional paths to models, views and controllers.

6
app/Controller/EventsController.php
View File

@ -83,7 +83,7 @@ class EventsController extends AppController {
*/
public function index() {
// list the events
// TODO information exposure vulnerability - as we don't limit the filter depending on the CyDefSIG.showorg parameter
// this filter will work if showorg=false and users will be able to perform the filtering and see what events were posted by what org.
// same goes for orgc in all cases
@ -562,6 +562,9 @@ class EventsController extends AppController {
if ($saveResult) {
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
// do the necessary actions to publish the event (email, upload,...)
if ('true' != Configure::read('MISP.disablerestalert')) {
$this->__sendAlertEmail($this->Event->getId());
}
$this->__publish($this->Event->getId(), $passAlong);
}
return true;
@ -2057,7 +2060,6 @@ class EventsController extends AppController {
array_push($temp2, array('(SELECT events.org FROM events WHERE events.id = Attribute.event_id) LIKE' => $org));
$conditionsAttributes['OR'] = $temp2;
}
$conditionsAttributes['AND'] = array('Attribute.to_ids =' => 1);
// do not expose all the data ...
$fields = array('Event.id', 'Event.date', 'Event.risk', 'Event.analysis', 'Event.info', 'Event.published', 'Event.uuid');