mirror of https://github.com/MISP/MISP
fix: [security] Always capture attribute sharing groups
- via object edits it was omitted, leading to a possible misassociation of sharing groups by using the local ID of a referenced SG - as reported by Jeroen Pinoypull/7479/head
parent
cda48b006e
commit
a71aafdeb5
|
@ -3628,6 +3628,13 @@ class Attribute extends AppModel
|
|||
if (!empty($parentEvent)) {
|
||||
$params['parentEvent'] = $parentEvent;
|
||||
}
|
||||
if (!empty($attribute['SharingGroup'])) {
|
||||
$attribute['sharing_group_id'] = $this->SharingGroup->captureSG($attribute['SharingGroup'], $user);
|
||||
} elseif (!empty($attribute['sharing_group_id'])) {
|
||||
if (!$this->SharingGroup->checkIfAuthorised($user, $attribute['sharing_group_id'])) {
|
||||
unset($attribute['sharing_group_id']);
|
||||
}
|
||||
}
|
||||
if (!$this->save($attribute, $params)) {
|
||||
$attribute_short = (isset($attribute['category']) ? $attribute['category'] : 'N/A') . '/' . (isset($attribute['type']) ? $attribute['type'] : 'N/A') . ' ' . (isset($attribute['value']) ? $attribute['value'] : 'N/A');
|
||||
$log->create();
|
||||
|
|
Loading…
Reference in New Issue