MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Changes to link validation and minor fixes 

- Links get validated now to filter malicios code

- removed a double edit button in the case of an admin editing himself

- fixed an error with adding new attributes
pull/63/head
Andras Iklody 2013-02-11 11:26:34 +01:00
parent e88a3a9cf7
commit afed0f2046
4 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/AttributesController.php
View File

@ -231,7 +231,8 @@ class AttributesController extends AppController {
//$this->request->data['Attribute']['event_id'] = $eventId;
}
// Notice (8): Undefined index: id [APP/Controller/AttributesController.php, line 234]
$savedId = $this->request->data['Attribute']['id'];
// Should be fixed
$savedId = $this->Attribute->getId();
if ($this->Attribute->save($this->request->data)) {
if ($this->_isRest()) {

1
app/Controller/UsersController.php
View File

@ -237,6 +237,7 @@ class UsersController extends AppController {
if (!$this->User->exists()) {
throw new NotFoundException(__('Invalid user'));
}
$this->set('currentId', $id);
if ($this->request->is('post') || $this->request->is('put')) {
$fields = array();
foreach (array_keys($this->request->data['User']) as $field) {

5
app/Model/Attribute.php
View File

@ -644,6 +644,11 @@ class Attribute extends AppModel {
$returnValue = true;
}
break;
case 'link':
if (!preg_match("^(?:https?://)?(?:[a-z0-9-]+\\.)*((?:[a-z0-9-]+\\.)[a-z]+)", $value)) {
$returnValue = true;
}
break;
case 'url':
// no newline
if (!preg_match("#\n#", $value)) {

4
app/View/Users/view.ctp
View File

@ -1,7 +1,7 @@
<div class="users view">
<div class="actions" style="float:right;">
<ul><li><?php if ($isAclAdmin && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) echo $this->Html->link(__('Edit Profile', true), array('admin' => true, 'action' => 'edit', $user['User']['id'])); ?> </li></ul>
<ul><li><?php if ($me['id'] == $user['User']['id']) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
<ul><li><?php if ($me['id'] == $user['User']['id'] && (!$isAclAdmin)) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
</div>
<h2><?php echo __('User');?></h2>
<dl>
@ -65,7 +65,7 @@ if (h($user['User']['gpgkey']) != 0) {
if ($isAclAdmin && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) { ?>
<li><?php echo $this->Html->link(__('Edit User', true), array('admin' => true, 'action' => 'edit', $user['User']['id'])); ?></li>
<?php
} else if ($me['id'] == $user['User']['id']) {
} else if ($me['id'] == $user['User']['id'] && $me['org'] != 'ADMIN') {
?>
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
<?php