MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

pull/9924/head
iglocska 2024-09-12 15:21:28 +02:00
parent 4f27f83a77 42d252e8a5
commit 657a3d15f4
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
5 changed files with 62 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app/Console/cake.php
View File

@ -17,24 +17,22 @@
* @since CakePHP(tm) v 2.0
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
if (!defined('DS')) {
define('DS', DIRECTORY_SEPARATOR);
}
const DS = DIRECTORY_SEPARATOR;
$dispatcher = 'Cake' . DS . 'Console' . DS . 'ShellDispatcher.php';
if (function_exists('ini_set')) {
$root = dirname(__DIR__, 2);
$appDir = basename(dirname(__DIR__));
$composerInstall = $root . DS . $appDir . DS . 'Vendor' . DS . 'cakephp' . DS . 'cakephp' . DS . 'lib';
if (function_exists('set_include_path')) {
$appDir = dirname(__DIR__);
$composerInstall = $appDir . DS . 'Vendor' . DS . 'cakephp' . DS . 'cakephp' . DS . 'lib';
if (file_exists($composerInstall . DS . $dispatcher)) {
$install = $composerInstall; // prefer compose install
$dispatcher = $composerInstall . DS . $dispatcher;
} else {
$install = $root . DS . $appDir . DS . 'Lib' . DS . 'cakephp' . DS . 'lib';
$install = $appDir . DS . 'Lib' . DS . 'cakephp' . DS . 'lib';
}
ini_set('include_path', $install . PATH_SEPARATOR . ini_get('include_path'));
unset($root, $appDir, $install, $composerInstall);
set_include_path($install . PATH_SEPARATOR . get_include_path());
unset($appDir, $install, $composerInstall);
}
if (!include $dispatcher) {

2
app/Controller/AppController.php
View File

@ -33,7 +33,7 @@ class AppController extends Controller
public $helpers = array('OrgImg', 'FontAwesome', 'UserName');
private $__queryVersion = '163';
private $__queryVersion = '164';
public $pyMispVersion = '2.4.197';
public $phpmin = '7.2';
public $phprec = '7.4';

38
app/Controller/UserLoginProfilesController.php
View File

@ -18,6 +18,32 @@ class UserLoginProfilesController extends AppController
)
);
private $user_allowed_fields = [
'id',
'org_id',
'server_id',
'email',
'autoalert',
'invited_by',
'gpgkey',
'certif_public',
'nids_sid',
'termsaccepted',
'newsread',
'role_id',
'change_pw',
'contactalert',
'disabled',
'expiration',
'current_login',
'last_login',
'last_api_access',
'force_logout',
'date_created',
'date_modified',
'last_pw_change',
];
public function index($user_id = null)
{
$delete_buttons = false;
@ -35,7 +61,17 @@ class UserLoginProfilesController extends AppController
$delete_buttons = true;
}
$this->CRUD->index([
'conditions' => $conditions
'conditions' => $conditions,
'afterFind' => function(array $userLoginProfiles) {
foreach ($userLoginProfiles as $i => $userLoginProfile) {
foreach ($userLoginProfile['User'] as $field => $value) {
if (!in_array($field, $this->user_allowed_fields)) {
unset($userLoginProfiles[$i]['User'][$field]);
}
}
}
return $userLoginProfiles;
}
]);
if ($this->IndexFilter->isRest()) {
return $this->restResponsePayload;

18
app/Controller/UsersController.php
View File

@ -20,7 +20,7 @@ class UsersController extends AppController
),
'contain' => array(
'Organisation' => array('id', 'uuid', 'name'),
'Role' => array('id', 'name', 'perm_auth', 'perm_site_admin')
'Role' => array('id', 'name', 'perm_auth', 'perm_site_admin', 'perm_admin')
)
);
@ -482,7 +482,7 @@ class UsersController extends AppController
),
'contain' => array(
'Organisation' => array('id', 'name'),
'Role' => array('id', 'name', 'perm_auth', 'perm_site_admin')
'Role' => array('id', 'name', 'perm_auth', 'perm_site_admin', 'perm_admin')
)
));
if (!$this->_isSiteAdmin()) {
@ -495,6 +495,11 @@ class UsersController extends AppController
foreach ($users as $key => $user) {
$users[$key]['User']['totp_is_set'] = !empty($user['User']['totp']);
unset($users[$key]['User']['totp']);
if (!empty(Configure::read('Security.advanced_authkeys'))) { // There is no point to show that authkey since it doesn't work when this setting is active
unset($users[$key]['User']['authkey']);
} else if ((!empty($user['Role']['perm_admin']) && $user['User']['id'] != $this->Auth->user('id'))) {
$users[$key]['User']['authkey'] = __('Redacted');
}
}
$users = $this->User->attachIsUserMonitored($users);
return $this->RestResponse->viewData($users, $this->response->type());
@ -512,6 +517,8 @@ class UsersController extends AppController
foreach ($users as $key => $value) {
if ($value['Role']['perm_site_admin']) {
$users[$key]['User']['authkey'] = __('Redacted');
} else if (!empty($value['Role']['perm_admin']) && $value['User']['id'] != $this->Auth->user('id')) {
$users[$key]['User']['authkey'] = __('Redacted');
}
}
}
@ -3082,7 +3089,12 @@ class UsersController extends AppController
public function view_login_history($userId = null)
{
if ($userId && $this->_isAdmin()) { // org and site admins
$userExists = $this->User->hasAny($this->__adminFetchConditions($userId));
$userExists = (bool) $this->User->find('first', [
'fields' => ['User' . '.' . 'id'],
'conditions' => $this->__adminFetchConditions($userId),
'recursive' => -1,
'contain' => ['Role'],
]);
if (!$userExists) {
throw new NotFoundException(__('Invalid user'));
}

2
app/webroot/js/markdownEditor/event-report.js
View File

@ -1448,7 +1448,7 @@ function getPriorityValue(mispObject, objectTemplate) {
function getTopPriorityValue(object) {
var associatedTemplate = object.template_uuid + '.' + object.template_version
var objectTemplate = proxyMISPElements['objectTemplates'][associatedTemplate]
var topPriorityValue = object.Attribute.length
var topPriorityValue = object.Attribute.length > 0 ? object.Attribute[0].value : ''
if (objectTemplate !== undefined) {
var temp = getPriorityValue(object, objectTemplate)
topPriorityValue = temp !== false ? temp : topPriorityValue