From a380458d2e9072c1f5affa52ad259b38108e3ca6 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 13 Nov 2015 23:48:29 +0100
Subject: [PATCH] Fixed a security issue with the site admin file uploader

- as discovered and reported by Egidio Romano of Minded Security

- The site admin file upload tool allowed for unrestricted file upload that could lead to RCE
- Fixed the file uploader to be much more restrictive
- removed the interactive terms file upload
---
 app/Model/Server.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/Model/Server.php b/app/Model/Server.php
index b4dac41c2..8438a8fb1 100755
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@@ -1408,11 +1408,11 @@ class Server extends AppModel {
 						'expected' => array(),
 						'valid_format' => '48x48 pixel .png files',
 						'path' => APP . 'webroot' . DS . 'img' . DS . 'orgs',
-						'regex' => '.*\.(png|PNG)',
+						'regex' => '.*\.(png|PNG)$',
 						'regex_error' => 'Filename must be in the following format: *.png',
 						'files' => array(),
 				),
-				'terms' => array(
+				/*'terms' => array(
 						'name' => 'Terms of Use file',
 						'description' => 'Terms of use file viewable / downloadable by users. Make sure that it is either in text / html format if served inline.',
 						'expected' => array('MISP.terms_file' => Configure::read('MISP.terms_file')),
@@ -1421,7 +1421,7 @@ class Server extends AppModel {
 						'regex' => '^(?!empty).*$',
 						'regex_error' => 'Filename can be any string consisting of characters between a-z, A-Z, 0-9 or one of the following: "_" or "-". The filename can also have an extension.',
 						'files' => array(),
-				),
+				),*/
 				'img' => array(
 						'name' => 'Additional image files',
 						'description' => 'Image files uploaded into this directory can be used for various purposes, such as for the login page logos',
@@ -1432,7 +1432,7 @@ class Server extends AppModel {
 						),
 						'valid_format' => 'text/html if served inline, anything that conveys the terms of use if served as download',
 						'path' => APP . 'webroot' . DS . 'img' . DS . 'custom',
-						'regex' => '.*\.(png|PNG)',
+						'regex' => '.*\.(png|PNG)$',
 						'regex_error' => 'Filename must be in the following format: *.png',
 						'files' => array(),
 				),