mirror of https://github.com/MISP/MISP
Changes to link validation and minor fixes
- Links get validated now to filter malicios code - removed a double edit button in the case of an admin editing himself - fixed an error with adding new attributespull/63/head
parent
e88a3a9cf7
commit
afed0f2046
|
@ -231,7 +231,8 @@ class AttributesController extends AppController {
|
|||
//$this->request->data['Attribute']['event_id'] = $eventId;
|
||||
}
|
||||
// Notice (8): Undefined index: id [APP/Controller/AttributesController.php, line 234]
|
||||
$savedId = $this->request->data['Attribute']['id'];
|
||||
// Should be fixed
|
||||
$savedId = $this->Attribute->getId();
|
||||
|
||||
if ($this->Attribute->save($this->request->data)) {
|
||||
if ($this->_isRest()) {
|
||||
|
|
|
@ -237,6 +237,7 @@ class UsersController extends AppController {
|
|||
if (!$this->User->exists()) {
|
||||
throw new NotFoundException(__('Invalid user'));
|
||||
}
|
||||
$this->set('currentId', $id);
|
||||
if ($this->request->is('post') || $this->request->is('put')) {
|
||||
$fields = array();
|
||||
foreach (array_keys($this->request->data['User']) as $field) {
|
||||
|
|
|
@ -644,6 +644,11 @@ class Attribute extends AppModel {
|
|||
$returnValue = true;
|
||||
}
|
||||
break;
|
||||
case 'link':
|
||||
if (!preg_match("^(?:https?://)?(?:[a-z0-9-]+\\.)*((?:[a-z0-9-]+\\.)[a-z]+)", $value)) {
|
||||
$returnValue = true;
|
||||
}
|
||||
break;
|
||||
case 'url':
|
||||
// no newline
|
||||
if (!preg_match("#\n#", $value)) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<div class="users view">
|
||||
<div class="actions" style="float:right;">
|
||||
<ul><li><?php if ($isAclAdmin && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) echo $this->Html->link(__('Edit Profile', true), array('admin' => true, 'action' => 'edit', $user['User']['id'])); ?> </li></ul>
|
||||
<ul><li><?php if ($me['id'] == $user['User']['id']) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
|
||||
<ul><li><?php if ($me['id'] == $user['User']['id'] && (!$isAclAdmin)) echo $this->Html->link(__('Edit Profile', true), array('action' => 'edit', $user['User']['id'])); ?> </li></ul>
|
||||
</div>
|
||||
<h2><?php echo __('User');?></h2>
|
||||
<dl>
|
||||
|
@ -65,7 +65,7 @@ if (h($user['User']['gpgkey']) != 0) {
|
|||
if ($isAclAdmin && ($me['org'] == $user['User']['org'] || $me['org'] == 'ADMIN')) { ?>
|
||||
<li><?php echo $this->Html->link(__('Edit User', true), array('admin' => true, 'action' => 'edit', $user['User']['id'])); ?></li>
|
||||
<?php
|
||||
} else if ($me['id'] == $user['User']['id']) {
|
||||
} else if ($me['id'] == $user['User']['id'] && $me['org'] != 'ADMIN') {
|
||||
?>
|
||||
<li><?php echo $this->Html->link(__('Edit User', true), array('action' => 'edit', $user['User']['id'])); ?></li>
|
||||
<?php
|
||||
|
|
Loading…
Reference in New Issue