mirror of https://github.com/MISP/MISP
Entering a valid controller/action and an invalid one produced a different result pre-auth
- not authenticated users now automatically get redirected to the login page, no matter what action they requested - This as a nice side effect also removed the bug that was caused by a site admin looking at an admin function before logging out / timing out and being incorrectly redirected to /admin/users/loginpull/897/head
Iglocska
parent
0a97a1dfd6
commit
be62a6b053
|
|
@ -1 +1 @@
|
|||
{"major":2, "minor":4, "hotfix":11}
|
||||
{"major":2, "minor":4, "hotfix":12}
|
||||
|
|
|
|||
|
|
@ -79,8 +79,6 @@ class AppController extends Controller {
|
|||
public $mispVersion = '2.4.0';
|
||||
|
||||
public function beforeFilter() {
|
||||
$versionArray = $this->{$this->modelClass}->checkMISPVersion();
|
||||
$this->mispVersionFull = implode('.', array_values($versionArray));
|
||||
$this->Security->blackHoleCallback = 'blackHole';
|
||||
|
||||
// Let us access $baseurl from all views
|
||||
|
|
@ -209,6 +207,8 @@ class AppController extends Controller {
|
|||
$this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (!($this->params['controller'] === 'users' && $this->params['action'] === 'login')) $this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => false));
|
||||
}
|
||||
|
||||
// check if MISP is live
|
||||
|
|
@ -244,6 +244,8 @@ class AppController extends Controller {
|
|||
// getActions returns all the flags in a single SQL query
|
||||
if ($this->Auth->user()) {
|
||||
//$this->_refreshAuth();
|
||||
$versionArray = $this->{$this->modelClass}->checkMISPVersion();
|
||||
$this->mispVersionFull = implode('.', array_values($versionArray));
|
||||
$this->set('mispVersion', $this->mispVersion);
|
||||
$this->set('mispVersionFull', $this->mispVersionFull);
|
||||
$role = $this->getActions();
|
||||
|
|
@ -263,22 +265,12 @@ class AppController extends Controller {
|
|||
$this->set('isAclTemplate', $role['perm_template']);
|
||||
$this->set('isAclSharingGroup', $role['perm_sharing_group']);
|
||||
$this->userRole = $role;
|
||||
$proposalCount = $this->_getProposalCount();
|
||||
$this->set('proposalCount', $proposalCount[0]);
|
||||
$this->set('proposalEventCount', $proposalCount[1]);
|
||||
$this->set('mispVersion', $this->mispVersion);
|
||||
} else {
|
||||
$this->set('me', false);
|
||||
$this->set('isAdmin', false);
|
||||
$this->set('isSiteAdmin', false);
|
||||
$this->set('isAclAdd', false);
|
||||
$this->set('isAclModify', false);
|
||||
$this->set('isAclModifyOrg', false);
|
||||
$this->set('isAclPublish', false);
|
||||
$this->set('isAclSync', false);
|
||||
$this->set('isAclAdmin', false);
|
||||
$this->set('isAclAudit', false);
|
||||
$this->set('isAclAuth', false);
|
||||
$this->set('isAclRegexp', false);
|
||||
$this->set('isAclTagger', false);
|
||||
$this->set('isAclTemplate', false);
|
||||
$this->set('isAclSharingGroup', false);
|
||||
}
|
||||
if (Configure::read('site_admin_debug') && $this->_isSiteAdmin() && (Configure::read('debug') < 2)) {
|
||||
Configure::write('debug', 1);
|
||||
|
|
@ -287,10 +279,6 @@ class AppController extends Controller {
|
|||
if (Configure::read('debug') > 1) $this->debugMode = 'debugOn';
|
||||
|
||||
$this->set('debugMode', $this->debugMode);
|
||||
$proposalCount = $this->_getProposalCount();
|
||||
$this->set('proposalCount', $proposalCount[0]);
|
||||
$this->set('proposalEventCount', $proposalCount[1]);
|
||||
$this->set('mispVersion', $this->mispVersion);
|
||||
}
|
||||
|
||||
public function blackhole($type) {
|
||||
|
|
|
|||
|
|
@ -625,7 +625,6 @@ class UsersController extends AppController {
|
|||
));
|
||||
$this->Role->save($siteAdmin);
|
||||
}
|
||||
|
||||
if ($this->User->Organisation->find('count', array('conditions' => array('Organisation.local' => true))) == 0) {
|
||||
$org = array('Organisation' => array(
|
||||
'id' => 1,
|
||||
|
|
|
|||
Loading…
Reference in New Issue