MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,787 Commits
34 Branches
365 Tags
188 MiB
Commit Graph

45 Commits (2.4)

Author SHA1 Message Date
iglocska 684d3e5139
fix: [security] XSS in the template file uploads 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-12-22 15:37:43 +01:00
Jakub Onderka 809a1b07b0 fix: [UI] Put back jQuery UI 2022-04-30 18:02:49 +02:00
Luciano Righetti d55a689ce3 chg: migrate /templates/view/:id to view factory 2021-07-22 11:07:32 +02:00
Luciano Righetti 2e8e013cd0 chg: reuse add view for /templates/edit 2021-07-21 15:07:58 +02:00
Luciano Righetti 57bb08d59e chg: migrate /templates/add view to factory 2021-07-21 11:54:20 +02:00
Luciano Righetti 08e80160ed fix: add view action to index templates 2021-07-21 11:13:12 +02:00
Luciano Righetti e7ae9df6a3 chg: migrate /templates/index view, use CRUD compoenent in TemplatesController::delete() 2021-07-21 11:04:28 +02:00
Jakub Onderka e3cbd08255 fix: [UI] Remove nonsense paginator options 2021-01-10 16:51:09 +01:00
Vito Piserchia b8c7485712 resolve merge 2020-08-16 13:31:31 +02:00
mokaddem aa436d863f
fix: [templates:add] Adding tag do not submit the form anymore. Fix #5826 2020-04-27 14:42:06 +02:00
Olivier BERT aef027c4b9 Accessibility: added roles and aria labels for many icons and icon links (server list, tags, users, roles, attributes, ...) 
There is still much work to be done. But we are on the road.

Ideally, and in order to avoid code dupplicates, we should have some utility functions to generate a proper and accessible yes/no icon, an accessible icon link, etc. This would prevent the code from being filled with "aria-label" tags, since the "title" and "aria-label" properties are nearly always the same.
 2019-04-02 15:31:34 +02:00
iglocska a067fc769e new: [UI] Move to FA 5 2019-03-23 11:18:22 +01:00
iglocska d8ee91be68 chg: [refactor] Side menu generic templates moved 2019-02-13 14:45:01 +01:00
iglocska 58997b9ac1 chg: [psr-2] Changed view files to space indentation instead of tabs 
- *sniff sniff*
 2018-07-20 09:29:50 +02:00
iglocska 4a5c11d426 new: Use the new OrgImg helper for fetching org logos in a more consistent fashion 2018-01-19 15:55:27 +01:00
Steve Clement 8db83ce774 View/Templates -> __(' 2018-01-12 11:33:11 +01:00
iglocska 952fff6252 fix: Fixes to several cases of reflected XSS, fixes #2381 
- as reported by @import-au

- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
 2017-08-08 21:37:03 +02:00
iglocska 42ce6a1a4e fix: Tightened the sanitisation of the filenames in the template uploader 
- Data from retained uploaded files when re-editing a template popuplation prior to submission was loaded into the JS directly without sanitisation
- Whilst there was no way found to exploit this, introduced tighter sanitisation for the file data

- Thanks to cert.govt.nz for the security report.
 2017-07-12 15:52:33 +02:00
Ángel González 926895733b Cosmetic changes 
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
 2017-05-08 00:45:57 +02:00
iglocska e637bb5118 chg: Further work on the accessibility changes 2017-03-14 17:12:35 +01:00
Andreas Ziegler ec60485bdf chg: templates sharing input style checkbox forced 2016-07-11 21:26:04 +02:00
Andreas Ziegler 1d06f25b38 chg: add newline character before EOF to non-minified (text-)files 2016-06-06 10:09:55 +02:00
Andreas Ziegler 0fe692c56a remove whitespace at end of line 2016-06-04 01:10:45 +02:00
Andreas Ziegler 898ea1d97c remove whitespace (space/tab) from empty lines 2016-06-04 01:08:16 +02:00
Iglocska 8a309b3a12 Fix to some typos in the templates, fixes #1041 2016-03-23 20:17:44 +01:00
Iglocska da95a19323 Don't display options to users for which they don't have the rights to use, fixes #880 2016-02-05 19:29:17 +01:00
Iglocska 6353de1e58 Template population menu fixes 2016-02-03 10:16:03 +01:00
Iglocska d69065450c Fixed a display issue for the template choices when the name of a template is empty 2016-02-03 10:08:06 +01:00
Iglocska 07a03abdc7 Fixed adding / removing tags to a template, fixes #898 2016-02-03 09:59:03 +01:00
iglocska bda6923018 Security fix fixing an XSS issue with the templates 
- as discovered and reported by Rafael Pablos García of INCIBE

- fixed a reflected XSS for template creator users when viewing a template
 2015-11-17 11:58:56 +01:00
iglocska 332d5fa666 Reverted the sanitisation of the baseurl variable on the view level 
- sanitising it in appcontroller instead
 2015-11-17 01:17:10 +01:00
iglocska b3a2428345 Merge branch 'basedir' into hotfix-2.3.160 
Conflicts:
	app/Controller/AppController.php
	app/View/Pages/administration.ctp
 2015-11-17 00:33:34 +01:00
pugilist ec7d85332c modified many instances of html anchors and javascript document.location to use 2015-11-08 15:38:24 -05:00
Iglocska 812ac878c3 Fix to XSS in the template creation process 2015-07-01 08:42:21 +02:00
Iglocska 415d85102d Security fix: Fix to a possible PHP Object injection 
- unserialized user input replaced with json_decode
 2015-07-01 08:38:40 +02:00
iglocska 92679f6b69 New way to download a single event 
- The event export buttons have been unified into a single download as... button
- clicking it loads a popup with all of the export formats
- added snort, suricata, text dump to the export options
- added the option for an extra setting for some exports (such as including non IDS flagged attributes, encoding attachments)
- easily extendable system

- moved the hidden popup divs into the general layout, can be easily reused anywhere

- removed the auth refresh option that was re-enabled recently as it seems to sometimes cause issues

- text exports now allow "all" to be specified as type, which will dump all attribute values that the user can see
- text exports now allow restricting the results based on event id
 2014-12-19 13:32:16 +01:00
iglocska 8235e8710d Updates to the documentation 2014-10-07 17:53:22 +02:00
iglocska e6bf73761e UI redesign of the template and worker health 
- UI of templates a bit clearer
- Worker health tool added to the server settings tool
 2014-09-24 15:35:25 +02:00
iglocska 9902217ac5 Missing <?php tag in a view file 2014-08-05 10:32:49 +02:00
iglocska ab5b9a9dae Several features finished 
- first version of templating system complete
- first version of freetext importer complete
- first version of mass attribute replace tool complete

- some UI changes
 2014-07-19 15:09:37 +02:00
iglocska 893ef5a129 Freetext import tool 
Added freetext import tool
 2014-07-10 17:02:19 +02:00
iglocska 45d826a252 First version of the templating feature complete 
- still needs some refinement, but it's feature-complete
 2014-07-02 16:20:19 +02:00
iglocska 9bede8e1b4 Further work on the templates 2014-06-25 09:56:33 +02:00
iglocska a4a987e027 More work on the templates 
- Templates can now be created and populated
- Users can populate an event using a template (still needs work)
- File type elements are not yet implemented
 2014-06-19 08:44:35 +02:00
iglocska f4e5c22865 Work on the templating system 
- create a basic template
- add text elements to the template
- rearrange elements
 2014-06-10 15:18:49 +02:00