mirror of https://github.com/MISP/MISP
Incorrect check in the API when using the authkey in the URL
- check lead to the user incorrectly being passed on after authentication, not returning any private data of their own organisation. - Also, publishing an event with the background jobs enabled now correctly shows that the job was added to the queue instead of telling the user that the event has been published.pull/224/head
parent
c11a492f10
commit
764161e998
|
@ -1025,7 +1025,11 @@ class EventsController extends AppController {
|
|||
if (!is_array($result)) {
|
||||
|
||||
// redirect to the view event page
|
||||
$this->Session->setFlash(__('Email sent to all participants.', true));
|
||||
if (Configure::read('MISP.background_jobs')) {
|
||||
$this->Session->setFlash(__('Job queued.', true));
|
||||
} else {
|
||||
$this->Session->setFlash(__('Email sent to all participants.', true));
|
||||
}
|
||||
} else {
|
||||
$lastResult = array_pop($result);
|
||||
$resultString = (count($result) > 0) ? implode(', ', $result) . ' and ' . $lastResult : $lastResult;
|
||||
|
@ -1205,6 +1209,7 @@ class EventsController extends AppController {
|
|||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
$this->header('Content-Disposition: download; filename="misp.xml"');
|
||||
$results = $this->__fetchEvent($eventid, null, $user['User']['org'], $user['User']['siteAdmin'], $tags);
|
||||
} else {
|
||||
if (!$this->Auth->user('id')) {
|
||||
throw new UnauthorizedException('You have to be logged in to do that.');
|
||||
|
@ -1217,8 +1222,9 @@ class EventsController extends AppController {
|
|||
} else {
|
||||
$this->header('Content-Disposition: download; filename="misp.export.event' . $eventid . '.xml"');
|
||||
}
|
||||
$results = $this->__fetchEvent($eventid, null, null, false, $tags);
|
||||
}
|
||||
$results = $this->__fetchEvent($eventid, null, null, false, $tags);
|
||||
|
||||
if ($withAttachment) {
|
||||
$this->loadModel('Attribute');
|
||||
foreach ($results[0]['Attribute'] as &$attribute) {
|
||||
|
|
Loading…
Reference in New Issue