MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [templates controller] remove CSRF protection from the rearranging 

- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care
- removes the annoying blackholing for the drag and drop
pull/8902/merge
iglocska 2023-05-23 10:46:54 +02:00
parent 6243e03e5e
commit a94777231b
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/TemplatesController.php
View File

@ -18,7 +18,7 @@ class TemplatesController extends AppController
public function beforeFilter()
{ // TODO REMOVE
parent::beforeFilter();
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile');
$this->Security->unlockedActions = array('uploadFile', 'deleteTemporaryFile', 'saveElementSorting');
}
public function index()
@ -188,7 +188,7 @@ class TemplatesController extends AppController
$this->request->onlyAllow('ajax');
$orderedElements = $this->request->data;
foreach ($orderedElements as $key => $e) {
$orderedElements[$key] = ltrim($e, 'id_');
$orderedElements[$key] = (int)ltrim($e, 'id_');
}
$extractedIds = array();
foreach ($orderedElements as $element) {