Removal of more remnants of the old ACL and tightening of the filename

checks

- actAs acl removed from role and user models together with some extra
code related to the ACL

- Fix of the filename regex as pointed out by cvandeplas.

app/Controller/AttributesController.php

@@ -329,13 +329,13 @@ class AttributesController extends AppController {
 			if ($this->request->data['Attribute']['malware']) {
 				$this->request->data['Attribute']['type'] = "malware-sample";
 				// Validate filename
-				if (!preg_match('@[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
+				if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
 				$this->request->data['Attribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
 				$this->request->data['Attribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
 			} else {
 				$this->request->data['Attribute']['type'] = "attachment";
 				// Validate filename
-				if (!preg_match('@[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
+				if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
 				$this->request->data['Attribute']['value'] = $filename;
 				$this->request->data['Attribute']['to_ids'] = 0;
 			}

app/Controller/EventsController.php

@@ -1467,7 +1467,7 @@ class EventsController extends AppController {
 			$dir = new Folder($rootDir, true);
 			$destpath = $rootDir;
 			$file = new File ($destpath);
-			if (!preg_match('@[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $this->data['Event']['submittedfile']['name'])) throw new Exception ('Filename not allowed');
+			if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $this->data['Event']['submittedfile']['name'])) throw new Exception ('Filename not allowed');
 			$zipfile = new File ($destpath . DS . $this->data['Event']['submittedfile']['name']);
 			$result = $zipfile->write($zipData);
 			if (!$result) $this->Session->setFlash(__('Problem with writing the zip file. Please report to administrator.'));

app/Controller/ShadowAttributesController.php

@@ -351,13 +351,13 @@ class ShadowAttributesController extends AppController {
 			if ($this->request->data['ShadowAttribute']['malware']) {
 				$this->request->data['ShadowAttribute']['type'] = "malware-sample";
 				// Validate filename
-				if (!preg_match('@[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
+				if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
 				$this->request->data['ShadowAttribute']['value'] = $filename . '|' . $tmpfile->md5(); // TODO gives problems with bigger files
 				$this->request->data['ShadowAttribute']['to_ids'] = 1; // LATER let user choose to send this to IDS
 			} else {
 				$this->request->data['ShadowAttribute']['type'] = "attachment";
 				// Validate filename
-				if (!preg_match('@[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
+				if (!preg_match('@^[\w-,\s]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
 				$this->request->data['ShadowAttribute']['value'] = $filename;
 				$this->request->data['ShadowAttribute']['to_ids'] = 0;
 			}

app/Model/Role.php

@@ -47,14 +47,12 @@ class Role extends AppModel {
 	);
 
 /**
- * TODO ACL: 1: be requester to CakePHP ACL system
  *
  * @var unknown_type
  */
 	public $actsAs = array(
-			'Acl' => array('type' => 'requester'),
-			'MagicTools.OrphansProtectable',
 			'Trim',
+			'MagicTools.OrphansProtectable',
 			'SysLogLogable.SysLogLogable' => array(	// TODO Audit, logable
 					'roleModel' => 'Role',
 					'roleKey' => 'role_id',
@@ -62,12 +60,6 @@ class Role extends AppModel {
 			),
 	);
 
-/**
- * TODO ACL: 2: hook Role into CakePHP ACL system (so link to aros)
- */
-	public function parentNode() {
-		return null;
-	}
 
 /**
  * Virtual field

app/Model/User.php

@@ -74,7 +74,7 @@ class User extends AppModel {
 		'org_id' => array(
 			'notempty' => array(
 				'rule' => array('notempty'),
-				'message' => 'Please specify the organisation ID where you are working.',	// TODO ACL, org_id in Users
+				'message' => 'Please specify the organisation ID where you are working.',
 				//'allowEmpty' => false,
 				//'required' => false,
 				//'last' => false, // Stop validation after this rule
@@ -230,14 +230,7 @@ class User extends AppModel {
 		)
 	);
 
-/**
- * TODO ACL: 1: be requester to CakePHP ACL system
- */
 	public $actsAs = array(
-		'Acl' => array(	// TODO ACL, + 'enabled' => false
-			'type' => 'requester',
-			'enabled' => false
-		),
 		'SysLogLogable.SysLogLogable' => array(	// TODO Audit, logable
 			'userModel' => 'User',
 			'userKey' => 'user_id',
@@ -247,33 +240,6 @@ class User extends AppModel {
 		//'RemoveNewline' => array('fields' => array('gpgkey')),
 	);
 
-/**
- * TODO ACL: 2: hook User into CakePHP ACL system (so link to aros)
- */
-	public function parentNode() {
-		if (!$this->id && empty($this->data)) {
-			return null;
-		}
-		if (isset($this->data['User']['role_id'])) {
-			$roleId = $this->data['User']['role_id'];
-		} else {
-			$roleId = $this->field('role_id');
-		}
-		if (!$roleId) {
-			return null;
-		} else {
-			return array('Role' => array('id' => $roleId));
-		}
-	}
-
-/**
- * TODO ACL: 3: rights on Roles: http://stackoverflow.com/questions/6154285/aros-table-in-cakephp-is-still-including-users-even-after-bindnode
- */
-	public function bindNode($user) {
-		// return array('model' => 'Group', 'foreign_key' => $user['User']['role_id']);
-		return array('Role' => array('id' => $user['User']['role_id']));
-	}
-
 	public function beforeSave() {
 		if (isset($this->data[$this->alias]['password'])) {
 			$this->data[$this->alias]['password'] = AuthComponent::password($this->data[$this->alias]['password']);