mirror of https://github.com/MISP/MISP
Fix to an issue with the proposal uploader
- also a small fix to the baseurl auto detectionpull/734/head
parent
9cc80d7c0c
commit
c94d67275f
|
@ -1 +1 @@
|
|||
{"major":2, "minor":3, "hotfix":164}
|
||||
{"major":2, "minor":3, "hotfix":165}
|
||||
|
|
|
@ -87,9 +87,17 @@ Configure::load('config');
|
|||
|
||||
if (!Configure::read('MISP.baseurl')) {
|
||||
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
|
||||
Configure::write('MISP.baseurl', sprintf('https://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
|
||||
if ($_SERVER['SERVER_PORT'] == 443) {
|
||||
Configure::write('MISP.baseurl', sprintf('https://%s', $_SERVER['SERVER_ADDR']));
|
||||
} else {
|
||||
Configure::write('MISP.baseurl', sprintf('https://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
|
||||
}
|
||||
} else {
|
||||
Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
|
||||
if ($_SERVER['SERVER_PORT'] == 80) {
|
||||
Configure::write('MISP.baseurl', sprintf('http://%s', $_SERVER['SERVER_ADDR']));
|
||||
} else {
|
||||
Configure::write('MISP.baseurl', sprintf('http://%s:%d', $_SERVER['SERVER_ADDR'], $_SERVER['SERVER_PORT']));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -554,6 +554,8 @@ class ShadowAttributesController extends AppController {
|
|||
if ($this->request->is('post')) {
|
||||
// Check if there were problems with the file upload
|
||||
// only keep the last part of the filename, this should prevent directory attacks
|
||||
$filename = basename($this->request->data['ShadowAttribute']['value']['name']);
|
||||
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||
if ((isset($this->request->data['ShadowAttribute']['value']['error']) && $this->request->data['ShadowAttribute']['value']['error'] == 0) ||
|
||||
(!empty( $this->request->data['ShadowAttribute']['value']['tmp_name']) && $this->request->data['ShadowAttribute']['value']['tmp_name'] != 'none')
|
||||
) {
|
||||
|
@ -571,7 +573,7 @@ class ShadowAttributesController extends AppController {
|
|||
$tmpfile = new File($this->request->data['ShadowAttribute']['value']['tmp_name']);
|
||||
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||
if ($this->request->data['ShadowAttribute']['malware']) {
|
||||
$result = $this->Event->Attribute->handleMaliciousBase64($this->request->data['ShadowAttribute']['event_id'], $filename, base64_encode($tmpfile->read()), array_keys($hashes));
|
||||
$result = $this->ShadowAttribute->Event->Attribute->handleMaliciousBase64($this->request->data['ShadowAttribute']['event_id'], $filename, base64_encode($tmpfile->read()), array_keys($hashes));
|
||||
if (!$result['success']) {
|
||||
$this->Session->setFlash(__('There was a problem to upload the file.', true), 'default', array(), 'error');
|
||||
$this->redirect(array('controller' => 'events', 'action' => 'view', $this->request->data['ShadowAttribute']['event_id']));
|
||||
|
|
Loading…
Reference in New Issue