MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fixes security issue (overwrite existing event)

pull/61/head
Christophe Vandeplas 2012-05-31 08:47:49 +02:00
parent 8505396b25
commit d319860268
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Controller/EventsController.php
View File

@ -114,7 +114,7 @@ class EventsController extends AppController {
);
$relatedEvents = $this->Event->find('all', $find_params);
}
// passing decriptions for model fields
$this->set('event_descriptions', $this->Event->field_descriptions);
$this->set('attr_descriptions', $this->Attribute->field_descriptions);
@ -155,7 +155,7 @@ class EventsController extends AppController {
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',compact('risks'));
$this->set('event_descriptions', $this->Event->field_descriptions);
}
@ -167,7 +167,8 @@ class EventsController extends AppController {
public function _add(&$data, &$auth, $fromXml) {
// force check userid and orgname to be from yourself
$data['Event']['user_id'] = $auth->user('id');
$data['Event']['org'] = $auth->user('org');
$data['Event']['org'] = $auth->user('org');
unset ($data['Event']['id']);
$this->Event->create();
if (isset($data['Event']['uuid'])) {
@ -253,7 +254,7 @@ class EventsController extends AppController {
$risks = $this->Event->validate['risk']['rule'][1];
$risks = $this->_arrayToValuesIndexArray($risks);
$this->set('risks',compact('risks'));
$this->set('event_descriptions', $this->Event->field_descriptions);
}