MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'hotfix-2.1.29'

pull/195/head
iglocska 2013-11-05 13:51:18 +01:00
parent c95f8ea283 2a28591bf7
commit acdf9f1b6c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/AttributesController.php
View File

@ -317,7 +317,7 @@ class AttributesController extends AppController {
if ($this->request->data['Attribute']['malware']) {
$this->request->data['Attribute']['type'] = "malware-sample";
// Validate filename
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
if (!preg_match('@^[\w\-. ]+$@', $filename)) throw new Exception ('Filename not allowed');
$this->request->data['Attribute']['value'] = $filename . '|' . hash_file('md5', $tmpfile->path); // TODO gives problems with bigger files
$sha256 = (hash_file('sha256', $tmpfile->path));
$sha1 = (hash_file('sha1', $tmpfile->path));
@ -325,7 +325,7 @@ class AttributesController extends AppController {
} else {
$this->request->data['Attribute']['type'] = "attachment";
// Validate filename
if (!preg_match('@^[\w-,\s,\.]+\.[A-Za-z0-9_]{2,4}$@', $filename)) throw new Exception ('Filename not allowed');
if (!preg_match('@^[\w\-. ]+$@', $filename)) throw new Exception ('Filename not allowed');
$this->request->data['Attribute']['value'] = $filename;
$this->request->data['Attribute']['to_ids'] = 0;
}