mirror of https://github.com/MISP/MISP
Merge branch 'master' into feature/rpz
iglocska
commit
a0031a48e0
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":65}
|
||||
{"major":2, "minor":3, "hotfix":67}
|
||||
|
|
|
|||
|
|
@ -89,26 +89,30 @@ class AppController extends Controller {
|
|||
$this->Security->csrfCheck = false;
|
||||
// Authenticate user with authkey in Authorization HTTP header
|
||||
if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
$found_misp_auth_key = false;
|
||||
$authentication = explode(',', $_SERVER['HTTP_AUTHORIZATION']);
|
||||
$user = false;
|
||||
foreach ($authentication as $auth_key) {
|
||||
if (preg_match('/^[a-zA-Z0-9]{40}$/', trim($auth_key))) {
|
||||
$found_misp_auth_key = true;
|
||||
$user = $this->checkAuthUser(trim($auth_key));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if ($user) {
|
||||
unset($user['User']['gpgkey']);
|
||||
// User found in the db, add the user info to the session
|
||||
$this->Session->renew();
|
||||
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
|
||||
} else {
|
||||
// User not authenticated correctly
|
||||
// reset the session information
|
||||
$this->Session->destroy();
|
||||
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
|
||||
if ($found_misp_auth_key) {
|
||||
if ($user) {
|
||||
unset($user['User']['gpgkey']);
|
||||
// User found in the db, add the user info to the session
|
||||
$this->Session->renew();
|
||||
$this->Session->write(AuthComponent::$sessionKey, $user['User']);
|
||||
} else {
|
||||
// User not authenticated correctly
|
||||
// reset the session information
|
||||
$this->Session->destroy();
|
||||
throw new ForbiddenException('The authentication key provided cannot be used for syncing.');
|
||||
}
|
||||
unset($user);
|
||||
}
|
||||
unset($user);
|
||||
}
|
||||
} else if(!$this->Session->read(AuthComponent::$sessionKey)) {
|
||||
// load authentication plugins from Configure::read('Security.auth')
|
||||
|
|
@ -190,7 +194,8 @@ class AppController extends Controller {
|
|||
|
||||
public $userRole = null;
|
||||
|
||||
protected function _isJson(){
|
||||
protected function _isJson($data=false){
|
||||
if ($data) return (json_decode($data) != NULL) ? true : false;
|
||||
return $this->request->header('Accept') === 'application/json';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1532,7 +1532,7 @@ class AttributesController extends AppController {
|
|||
}
|
||||
|
||||
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if (!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') {
|
||||
$this->response->type('xml'); // set the content type
|
||||
$this->layout = 'xml/default';
|
||||
|
|
@ -1772,7 +1772,7 @@ class AttributesController extends AppController {
|
|||
}
|
||||
if ($type === 'null' || $type === '0' || $type === 'false') $type = 'all';
|
||||
if ($from) $from = $this->Attribute->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Attribute->Event->dateFieldCheck($to);
|
||||
if ($key != 'download') {
|
||||
// check if the key is valid -> search for users based on key
|
||||
$user = $this->checkAuthUser($key);
|
||||
|
|
|
|||
|
|
@ -1729,7 +1729,7 @@ class EventsController extends AppController {
|
|||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
|
||||
$eventIdArray = array();
|
||||
|
|
@ -1809,7 +1809,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
// backwards compatibility, swap key and format
|
||||
if ($format != 'snort' && $format != 'suricata') {
|
||||
|
|
@ -1847,7 +1847,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$this->response->type('txt'); // set the content type
|
||||
$this->header('Content-Disposition: download; filename="misp.' . $type . '.rules"');
|
||||
|
|
@ -1882,7 +1882,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
$list = array();
|
||||
if ($key != 'download') {
|
||||
|
|
@ -2415,7 +2415,7 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
if ($searchall === 'true') $searchall = "1";
|
||||
|
||||
|
|
@ -2992,7 +2992,7 @@ class EventsController extends AppController {
|
|||
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
|
||||
}
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $from = $this->Event->dateFieldCheck($to);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
|
||||
// set null if a null string is passed
|
||||
$numeric = false;
|
||||
|
|
|
|||
Loading…
Reference in New Issue