MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Slight update to the filename regex 

- accept extensions from 2 to 4 characters in length
pull/63/head
Andras Iklody 2013-03-04 15:42:16 +01:00
parent a72503161b
commit 581fc5e851
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/AttributesController.php
View File

@ -362,13 +362,13 @@ class AttributesController extends AppController {
if ($this->request->data['Attribute']['malware']) {
$this->request->data['Attribute']['type'] = "malware-sample";
//preg_replace('@[*|\||<|>|?|"|\\|/|\:]@', '', $filename);
if (!preg_match('@^[\w-,\s]+\.[A-Za-z]{4}$@', $filename)) throw new Exception ('Filename not allowed');
if (!preg_match('@[\w-,\s]+\.[A-Za-z]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
$this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
$this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
} else {
$this->request->data['Attribute']['type'] = "attachment";
//preg_replace('@[*|\||<|>|?|"|\\|/|\:]@', '', $filename);
if (!preg_match('@^[\w-,\s]+\.[A-Za-z]{4}$@', $filename)) throw new Exception ('Filename not allowed');
if (!preg_match('@[\w-,\s]+\.[A-Za-z]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
$this->request->data['Attribute']['value'] = $filename;
$this->request->data['Attribute']['to_ids'] = 0;
}