MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Stronger escaping of special characters in the XML exports

pull/435/head
iglocska 2014-11-14 09:04:36 +01:00
parent 6758650c78
commit ad77555daa
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":24}
{"major":2, "minor":3, "hotfix":25}

6
app/View/Events/xml.ctp
View File

@ -1,11 +1,13 @@
<?php
$xmlArray = array();
$toEscape = array("&", "<");
$escapeWith = array('&amp;', '&lt;');
$toEscape = array("&", "<", ">", "\"", "'");
$escapeWith = array('&amp;', '&lt;', '&gt;', '&quot;', '&apos;');
foreach ($results as $result) {
$result['Event']['Attribute'] = $result['Attribute'];
$result['Event']['ShadowAttribute'] = $result['ShadowAttribute'];
$result['Event']['RelatedEvent'] = $result['RelatedEvent'];
$result['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['info']);
$result['Event']['info'] = str_replace($toEscape, $escapeWith, $result['Event']['info']);
//
// cleanup the array from things we do not want to expose

6
app/View/Events/xml/xml.ctp
View File

@ -1,11 +1,13 @@
<?php
$xmlArray = array();
$toEscape = array("&", "<");
$escapeWith = array('&amp;', '&lt;');
$toEscape = array("&", "<", ">", "\"", "'");
$escapeWith = array('&amp;', '&lt;', '&gt;', '&quot;', '&apos;');
foreach ($results as $result) {
$result['Event']['Attribute'] = $result['Attribute'];
$result['Event']['ShadowAttribute'] = $result['ShadowAttribute'];
$result['Event']['RelatedEvent'] = $result['RelatedEvent'];
$result['Event']['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $result['Event']['info']);
$result['Event']['info'] = str_replace($toEscape, $escapeWith, $result['Event']['info']);
//
// cleanup the array from things we do not want to expose