iglocska
684d3e5139
fix: [security] XSS in the template file uploads
...
- as reported by Dawid Czarnecki from Zigrin Security
2022-12-22 15:37:43 +01:00
Jakub Onderka
809a1b07b0
fix: [UI] Put back jQuery UI
2022-04-30 18:02:49 +02:00
Luciano Righetti
d55a689ce3
chg: migrate /templates/view/:id to view factory
2021-07-22 11:07:32 +02:00
Luciano Righetti
2e8e013cd0
chg: reuse add view for /templates/edit
2021-07-21 15:07:58 +02:00
Luciano Righetti
57bb08d59e
chg: migrate /templates/add view to factory
2021-07-21 11:54:20 +02:00
Luciano Righetti
08e80160ed
fix: add view action to index templates
2021-07-21 11:13:12 +02:00
Luciano Righetti
e7ae9df6a3
chg: migrate /templates/index view, use CRUD compoenent in TemplatesController::delete()
2021-07-21 11:04:28 +02:00
Jakub Onderka
e3cbd08255
fix: [UI] Remove nonsense paginator options
2021-01-10 16:51:09 +01:00
Vito Piserchia
b8c7485712
resolve merge
2020-08-16 13:31:31 +02:00
mokaddem
aa436d863f
fix: [templates:add] Adding tag do not submit the form anymore. Fix #5826
2020-04-27 14:42:06 +02:00
Olivier BERT
aef027c4b9
Accessibility: added roles and aria labels for many icons and icon links (server list, tags, users, roles, attributes, ...)
...
There is still much work to be done. But we are on the road.
Ideally, and in order to avoid code dupplicates, we should have some utility functions to generate a proper and accessible yes/no icon, an accessible icon link, etc. This would prevent the code from being filled with "aria-label" tags, since the "title" and "aria-label" properties are nearly always the same.
2019-04-02 15:31:34 +02:00
iglocska
a067fc769e
new: [UI] Move to FA 5
2019-03-23 11:18:22 +01:00
iglocska
d8ee91be68
chg: [refactor] Side menu generic templates moved
2019-02-13 14:45:01 +01:00
iglocska
58997b9ac1
chg: [psr-2] Changed view files to space indentation instead of tabs
...
- *sniff sniff*
2018-07-20 09:29:50 +02:00
iglocska
4a5c11d426
new: Use the new OrgImg helper for fetching org logos in a more consistent fashion
2018-01-19 15:55:27 +01:00
Steve Clement
8db83ce774
View/Templates -> __('
2018-01-12 11:33:11 +01:00
iglocska
952fff6252
fix: Fixes to several cases of reflected XSS, fixes #2381
...
- as reported by @import-au
- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
2017-08-08 21:37:03 +02:00
iglocska
42ce6a1a4e
fix: Tightened the sanitisation of the filenames in the template uploader
...
- Data from retained uploaded files when re-editing a template popuplation prior to submission was loaded into the JS directly without sanitisation
- Whilst there was no way found to exploit this, introduced tighter sanitisation for the file data
- Thanks to cert.govt.nz for the security report.
2017-07-12 15:52:33 +02:00
Ángel González
926895733b
Cosmetic changes
...
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
2017-05-08 00:45:57 +02:00
iglocska
e637bb5118
chg: Further work on the accessibility changes
2017-03-14 17:12:35 +01:00
Andreas Ziegler
ec60485bdf
chg: templates sharing input style checkbox forced
2016-07-11 21:26:04 +02:00
Andreas Ziegler
1d06f25b38
chg: add newline character before EOF to non-minified (text-)files
2016-06-06 10:09:55 +02:00
Andreas Ziegler
0fe692c56a
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
Andreas Ziegler
898ea1d97c
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Iglocska
8a309b3a12
Fix to some typos in the templates, fixes #1041
2016-03-23 20:17:44 +01:00
Iglocska
da95a19323
Don't display options to users for which they don't have the rights to use, fixes #880
2016-02-05 19:29:17 +01:00
Iglocska
6353de1e58
Template population menu fixes
2016-02-03 10:16:03 +01:00
Iglocska
d69065450c
Fixed a display issue for the template choices when the name of a template is empty
2016-02-03 10:08:06 +01:00
Iglocska
07a03abdc7
Fixed adding / removing tags to a template, fixes #898
2016-02-03 09:59:03 +01:00
iglocska
bda6923018
Security fix fixing an XSS issue with the templates
...
- as discovered and reported by Rafael Pablos García of INCIBE
- fixed a reflected XSS for template creator users when viewing a template
2015-11-17 11:58:56 +01:00
iglocska
332d5fa666
Reverted the sanitisation of the baseurl variable on the view level
...
- sanitising it in appcontroller instead
2015-11-17 01:17:10 +01:00
iglocska
b3a2428345
Merge branch 'basedir' into hotfix-2.3.160
...
Conflicts:
app/Controller/AppController.php
app/View/Pages/administration.ctp
2015-11-17 00:33:34 +01:00
pugilist
ec7d85332c
modified many instances of html anchors and javascript document.location to use
2015-11-08 15:38:24 -05:00
Iglocska
812ac878c3
Fix to XSS in the template creation process
2015-07-01 08:42:21 +02:00
Iglocska
415d85102d
Security fix: Fix to a possible PHP Object injection
...
- unserialized user input replaced with json_decode
2015-07-01 08:38:40 +02:00
iglocska
92679f6b69
New way to download a single event
...
- The event export buttons have been unified into a single download as... button
- clicking it loads a popup with all of the export formats
- added snort, suricata, text dump to the export options
- added the option for an extra setting for some exports (such as including non IDS flagged attributes, encoding attachments)
- easily extendable system
- moved the hidden popup divs into the general layout, can be easily reused anywhere
- removed the auth refresh option that was re-enabled recently as it seems to sometimes cause issues
- text exports now allow "all" to be specified as type, which will dump all attribute values that the user can see
- text exports now allow restricting the results based on event id
2014-12-19 13:32:16 +01:00
iglocska
8235e8710d
Updates to the documentation
2014-10-07 17:53:22 +02:00
iglocska
e6bf73761e
UI redesign of the template and worker health
...
- UI of templates a bit clearer
- Worker health tool added to the server settings tool
2014-09-24 15:35:25 +02:00
iglocska
9902217ac5
Missing <?php tag in a view file
2014-08-05 10:32:49 +02:00
iglocska
ab5b9a9dae
Several features finished
...
- first version of templating system complete
- first version of freetext importer complete
- first version of mass attribute replace tool complete
- some UI changes
2014-07-19 15:09:37 +02:00
iglocska
893ef5a129
Freetext import tool
...
Added freetext import tool
2014-07-10 17:02:19 +02:00
iglocska
45d826a252
First version of the templating feature complete
...
- still needs some refinement, but it's feature-complete
2014-07-02 16:20:19 +02:00
iglocska
9bede8e1b4
Further work on the templates
2014-06-25 09:56:33 +02:00
iglocska
a4a987e027
More work on the templates
...
- Templates can now be created and populated
- Users can populate an event using a template (still needs work)
- File type elements are not yet implemented
2014-06-19 08:44:35 +02:00
iglocska
f4e5c22865
Work on the templating system
...
- create a basic template
- add text elements to the template
- rearrange elements
2014-06-10 15:18:49 +02:00