From 2114f55ddd65d6157950a1866e20272b8a7bc45a Mon Sep 17 00:00:00 2001 From: iglocska Date: Mon, 13 Jan 2014 11:39:35 +0100 Subject: [PATCH 1/2] Changes to the attributes - attributes in the event view now show the date when they were added / modified - the alert e-mail now shows which attributes are new since the last commit --- app/Controller/EventsController.php | 2 +- app/Model/Event.php | 12 ++++++++---- app/View/Events/view.ctp | 19 ++++++++++++++++++- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 7689b34d1..6dbbc1af5 100755 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -921,7 +921,7 @@ class EventsController extends AppController { if ($this->request->is('post') || $this->request->is('put')) { // Performs all the actions required to publish an event $result = $this->Event->publish($id); - if (Configure::read('MISP.background_jobs')) { + if (!Configure::read('MISP.background_jobs')) { if (!is_array($result)) { // redirect to the view event page $this->Session->setFlash(__('Event published, but NO mail sent to any participants.', true)); diff --git a/app/Model/Event.php b/app/Model/Event.php index 744d9d6a6..0ced3e2e4 100644 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -861,7 +861,7 @@ class Event extends AppModel { // $conditions['AND'][] = array('Event.published =' => 1); // do not expose all the data ... - $fields = array('Event.id', 'Event.org', 'Event.date', 'Event.threat_level_id', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.orgc', 'Event.user_id', 'Event.locked'); + $fields = array('Event.id', 'Event.org', 'Event.date', 'Event.threat_level_id', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.orgc', 'Event.user_id', 'Event.locked', 'Event.publish_timestamp'); $fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment'); $fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id', 'ShadowAttribute.comment', 'ShadowAttribute.org'); @@ -1033,10 +1033,13 @@ class Event extends AppModel { } $body .= 'Attributes :' . "\n"; $bodyTempOther = ""; - if (isset($event['Attribute'])) { foreach ($event['Attribute'] as &$attribute) { - $line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n"; + if (isset($event['Event']['publish_timestamp']) && isset($attribute['timestamp']) && $attribute['timestamp'] > $event['Event']['publish_timestamp']) { + $line = '(NEW!)- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n"; + } else { + $line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n"; + } if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom. $bodyTempOther .= $line; else $body .= $line; @@ -1470,8 +1473,9 @@ class Event extends AppModel { $this->recursive = 0; $event = $this->read(null, $id); // update the DB to set the published flag - $fieldList = array('published', 'id', 'info'); + $fieldList = array('published', 'id', 'info', 'publish_timestamp'); $event['Event']['published'] = 1; + $event['Event']['publish_timestamp'] = time(); $this->save($event, array('fieldList' => $fieldList)); $uploaded = false; if ('true' == Configure::read('CyDefSIG.sync') && $event['Event']['distribution'] > 1) { diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp index d310480a4..110ca082f 100755 --- a/app/View/Events/view.ctp +++ b/app/View/Events/view.ctp @@ -6,7 +6,6 @@ $mayPublish = ($isAclPublish && $event['Event']['orgc'] == $me['org']); echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'viewEvent', 'mayModify' => $mayModify, 'mayPublish' => $mayPublish)); ?> -
+ @@ -151,6 +151,12 @@ if (!empty($event['Attribute'])):?> if (count($attribute['ShadowAttribute'])) $extra .= 'highlight1'; ?> + + + - +
Date Category Type Value
+ + $extra = 'highlight2'; foreach ($attribute['ShadowAttribute'] as $shadowAttribute): ?>
+ + @@ -333,6 +345,11 @@ if (!empty($event['Attribute'])):?> //if ($remain === end($remaining)) $extra .= ' highlightBottom'; ?>
+ + Date: Mon, 13 Jan 2014 16:38:49 +0100 Subject: [PATCH 2/2] Some minor changes and fix to a vulnerability - fix to the creator of a proposal being able to also accept it - new attributes are now shown in the e-mail denoted by a * when an event is republished - the date of an attribute's creation is shown --- app/Controller/ShadowAttributesController.php | 2 +- app/Model/Event.php | 14 +++++++------- app/View/Events/view.ctp | 7 +------ 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php index 87d33cc3c..4bc551386 100644 --- a/app/Controller/ShadowAttributesController.php +++ b/app/Controller/ShadowAttributesController.php @@ -119,7 +119,7 @@ class ShadowAttributesController extends AppController { $event = $this->Event->read(null, $shadow['event_id']); if (!$this->_isSiteAdmin()) { - if ((($event['Event']['orgc'] != $this->Auth->user('org')) && ($this->Auth->user('org') != $shadow['org'])) || (!$this->userRole['perm_modify'])) { + if (($event['Event']['orgc'] != $this->Auth->user('org')) || (!$this->userRole['perm_modify'])) { $this->Session->setFlash('You don\'t have permission to do that'); $this->redirect(array('controller' => 'events', 'action' => 'index')); } diff --git a/app/Model/Event.php b/app/Model/Event.php index 0ced3e2e4..abc37c2d4 100644 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -1009,7 +1009,7 @@ class Event extends AppModel { // The mail body, h() is NOT needed as we are sending plain-text mails. $body = ""; - $body .= '----------------------------------------------' . "\n"; + $body .= '==============================================' . "\n"; $appendlen = 20; $body .= 'URL : ' . Configure::read('CyDefSIG.baseurl') . '/events/view/' . $event['Event']['id'] . "\n"; $body .= 'Event : ' . $event['Event']['id'] . "\n"; @@ -1024,21 +1024,21 @@ class Event extends AppModel { $user['org'] = $org; $relatedEvents = $this->getRelatedEvents($user, false); if (!empty($relatedEvents)) { - $body .= '----------------------------------------------' . "\n"; + $body .= '==============================================' . "\n"; $body .= 'Related to : '. "\n"; foreach ($relatedEvents as &$relatedEvent) { $body .= Configure::read('CyDefSIG.baseurl') . '/events/view/' . $relatedEvent['Event']['id'] . ' (' . $relatedEvent['Event']['date'] . ') ' ."\n"; } - $body .= '----------------------------------------------' . "\n"; + $body .= '==============================================' . "\n"; } - $body .= 'Attributes :' . "\n"; + $body .= 'Attributes (* infront of the attribute type :' . "\n"; $bodyTempOther = ""; if (isset($event['Attribute'])) { foreach ($event['Attribute'] as &$attribute) { if (isset($event['Event']['publish_timestamp']) && isset($attribute['timestamp']) && $attribute['timestamp'] > $event['Event']['publish_timestamp']) { - $line = '(NEW!)- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n"; + $line = '*' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] ."\n"; } else { - $line = '- ' . $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n"; + $line = $attribute['type'] . str_repeat(' ', $appendlen - 2 - strlen($attribute['type'])) . ': ' . $attribute['value'] . "\n"; } if ('other' == $attribute['type']) // append the 'other' attribute types to the bottom. $bodyTempOther .= $line; @@ -1049,7 +1049,7 @@ class Event extends AppModel { $body .= "\n"; } $body .= $bodyTempOther; // append the 'other' attribute types to the bottom. - $body .= '----------------------------------------------' . "\n"; + $body .= '==============================================' . "\n"; // find out whether the event is private, to limit the alerted user's list to the org only if ($event['Event']['distribution'] == 0) { $eventIsPrivate = true; diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp index 110ca082f..135b48aa6 100755 --- a/app/View/Events/view.ctp +++ b/app/View/Events/view.ctp @@ -255,12 +255,7 @@ if (!empty($event['Attribute'])):?> $extra = 'highlight2'; foreach ($attribute['ShadowAttribute'] as $shadowAttribute): ?>
- -