mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
iglocska
commit
75061f6266
2
PyMISP
2
PyMISP
|
|
@ -1 +1 @@
|
|||
Subproject commit 872005d0eb940fd5c3d9790cb33329e261d957ac
|
||||
Subproject commit ded44278af8f427577f27c4c8293f7e8723148c4
|
||||
|
|
@ -134,6 +134,15 @@ class AppController extends Controller
|
|||
$this->_stop();
|
||||
}
|
||||
}
|
||||
if (Configure::read('Security.check_sec_fetch_site_header')) {
|
||||
$secFetchSite = $this->request->header('Sec-Fetch-Site');
|
||||
if ($secFetchSite !== false && $secFetchSite !== 'same-origin' && ($this->request->is('post') || $this->request->is('put') || $this->request->is('ajax'))) {
|
||||
throw new MethodNotAllowedException("POST, PUT and AJAX requests are allowed just from same origin.");
|
||||
}
|
||||
}
|
||||
if (Configure::read('Security.disable_browser_cache')) {
|
||||
$this->response->disableCache();
|
||||
}
|
||||
$this->response->header('X-XSS-Protection', '1; mode=block');
|
||||
|
||||
if (!empty($this->params['named']['sql'])) {
|
||||
|
|
|
|||
|
|
@ -550,6 +550,9 @@ class RestResponseComponent extends Component
|
|||
$headers["Access-Control-Allow-Origin"] = explode(',', Configure::read('Security.cors_origins'));
|
||||
$headers["Access-Control-Expose-Headers"] = ["X-Result-Count"];
|
||||
}
|
||||
if (Configure::read('Security.disable_browser_cache')) {
|
||||
$cakeResponse->disableCache();
|
||||
}
|
||||
if (!empty($this->headers)) {
|
||||
$cakeResponse->header($this->headers);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -134,6 +134,8 @@ class CryptGpgExtended extends Crypt_GPG
|
|||
// add last key
|
||||
if ($key !== null) {
|
||||
$keys[] = $key;
|
||||
} else {
|
||||
throw new Crypt_GPG_Exception("Key data provided, but gpg process output could not be parsed: $output");
|
||||
}
|
||||
|
||||
return $keys;
|
||||
|
|
|
|||
|
|
@ -95,9 +95,6 @@ class GpgTool
|
|||
throw new InvalidArgumentException("Valid CryptGpgExtended instance required.");
|
||||
}
|
||||
$fetchedKeyInfo = $this->gpg->keyInfo($keyData);
|
||||
if (empty($fetchedKeyInfo)) {
|
||||
throw new Exception("No key found");
|
||||
}
|
||||
if (count($fetchedKeyInfo) !== 1) {
|
||||
throw new Exception("Multiple keys found");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1396,6 +1396,24 @@ class Server extends AppModel
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'disable_browser_cache' => array(
|
||||
'level' => 0,
|
||||
'description' => __('If enabled, HTTP headers that block browser cache will be send. Static files (like images or JavaScripts) will still be cached, but not generated pages.'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true,
|
||||
),
|
||||
'check_sec_fetch_site_header' => [
|
||||
'level' => 0,
|
||||
'description' => __('If enabled, any POST, PUT or AJAX request will be allow just when Sec-Fetch-Site header is not defined or contains "same-origin".'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true,
|
||||
],
|
||||
'email_otp_enabled' => array(
|
||||
'level'=> 2,
|
||||
'description' => __('Enable two step authentication with a OTP sent by email. Requires e-mailing to be enabled. Warning: You cannot use it in combination with external authentication plugins.'),
|
||||
|
|
|
|||
|
|
@ -279,8 +279,10 @@ class Warninglist extends AppModel
|
|||
return false;
|
||||
}
|
||||
|
||||
if (method_exists($redis, 'unlink')) {
|
||||
// Delete attributes cache non blocking way if available
|
||||
// Unlink is non blocking way how to delete keys from Redis, but it must be supported by PHP extension and
|
||||
// Redis itself
|
||||
$unlinkSupported = method_exists($redis, 'unlink') && $redis->unlink(null) !== false;
|
||||
if ($unlinkSupported) {
|
||||
$redis->unlink($redis->keys('misp:wlc:*'));
|
||||
} else {
|
||||
$redis->del($redis->keys('misp:wlc:*'));
|
||||
|
|
|
|||
Loading…
Reference in New Issue