3129 Commits (52f429e3c7023725139e43a9c9b37fcefc329072)

All Branches

Search

Author	SHA1	Message	Date
Alexandre Dulaunoy	1cd7f6bd04	Initial JSON schema - MISP event (version 2.3)	2015-11-20 10:28:11 +01:00
iglocska	1805614efb	Fix to a bug in the template attribute creation	2015-11-20 04:31:58 +01:00
iglocska	709a6cae3d	New category lookup added to templates	2015-11-20 04:22:10 +01:00
iglocska	61282db28e	Fix to the ZMQ call on publish incorrectly passing data to the event fetcher	2015-11-20 03:53:46 +01:00
iglocska	394ae49596	Some bugs resolved	2015-11-20 03:42:35 +01:00
iglocska	ac56b8e806	Empty server list causes the user creation to fail ... - fixed	2015-11-20 03:11:41 +01:00
iglocska	94072f7c60	Fixed a newly introduced bug in the IOC import component	2015-11-20 01:50:10 +01:00
iglocska	3cc3b4f34d	fixed too restrictive generateCorrelation attribute fields	2015-11-20 01:21:44 +01:00
iglocska	ec566d6225	Small fix to the upgrade script	2015-11-20 01:09:02 +01:00
iglocska	0fb9a70449	Merge branch 'master' into 2.4-beta ... Conflicts: VERSION.json	2015-11-20 00:15:17 +01:00
iglocska	352c7d31c7	Merge branch 'hotfix-2.3.163' into develop	2015-11-19 17:13:41 +01:00
iglocska	7f8ee7ddba	Merge branch 'hotfix-2.3.163'	2015-11-19 16:52:41 +01:00
iglocska	2daaee5333	Version bump	2015-11-19 16:52:25 +01:00
iglocska	56adab6122	Bugfix pack, fixes #724, fixes #721 ... - Fixed an issue with the new UUID generation method call in OpenIOC - Fixed an invalid validation check on the salt key - Added a note on the server page to make it more obvious that values can be changed by double clicking them	2015-11-19 16:50:14 +01:00
iglocska	c71c8f968d	Fix to a bug in the financial tool's validation router ... - it didn't use the validation type -> validation method array to call the validation function - resulted in CC validation not being called as expected	2015-11-17 22:25:37 +01:00
iglocska	db359170f6	some left over merging issues among other things	2015-11-17 22:01:22 +01:00
iglocska	043057f133	Merge branch 'master' into 2.4-beta ... Conflicts: VERSION.json app/View/Attributes/index.ctp app/View/Elements/eventattribute.ctp app/View/Elements/global_menu.ctp app/View/Elements/side_menu.ctp app/View/Events/automation.ctp app/View/Events/index.ctp app/View/Pages/administration.ctp app/View/ShadowAttributes/index.ctp app/View/Tags/index.ctp	2015-11-17 15:13:55 +01:00
iglocska	f8fbcc1c60	Merge branch 'master' into develop	2015-11-17 12:07:54 +01:00
iglocska	b02480c5eb	Merge branch 'hotfix-2.3.162' ... Conflicts: app/View/Elements/side_menu.ctp	2015-11-17 12:07:05 +01:00
iglocska	bda6923018	Security fix fixing an XSS issue with the templates ... - as discovered and reported by Rafael Pablos García of INCIBE - fixed a reflected XSS for template creator users when viewing a template	2015-11-17 11:58:56 +01:00
iglocska	41b3ef3d9f	Merge branch 'hotfix-2.3.161' into develop	2015-11-17 10:22:57 +01:00
iglocska	ce49216514	Merge branch 'hotfix-2.3.161'	2015-11-17 10:22:40 +01:00
iglocska	e96c05b987	Fix to a recent patch breaking the publish button	2015-11-17 10:21:44 +01:00
iglocska	b59ab5cd8b	Added logo to organisation page	2015-11-17 08:52:24 +01:00
iglocska	7ee1a9bab2	Merge branch 'hotfix-2.3.160' into develop	2015-11-17 01:18:18 +01:00
iglocska	8a5f725547	Merge branch 'hotfix-2.3.160'	2015-11-17 01:17:55 +01:00
iglocska	332d5fa666	Reverted the sanitisation of the baseurl variable on the view level ... - sanitising it in appcontroller instead	2015-11-17 01:17:10 +01:00
iglocska	485c007b39	Merge branch 'master' into 2.4-beta ... Conflicts: VERSION.json app/Lib/Tools/XMLConverterTool.php app/Model/Event.php app/Model/EventTag.php app/Model/TemplateElementAttribute.php app/Model/TemplateElementFile.php app/Model/TemplateElementText.php app/Model/ThreatLevel.php app/View/Attributes/index.ctp app/View/Elements/eventattribute.ctp app/View/Elements/eventattributerow.ctp app/View/Elements/global_menu.ctp app/View/Elements/side_menu.ctp app/View/Events/automation.ctp app/View/Events/index.ctp app/View/Pages/administration.ctp app/View/ShadowAttributes/index.ctp app/View/Tags/index.ctp	2015-11-17 01:14:51 +01:00
iglocska	866641fb40	Fixed an issue with the blacklists not saving the event org	2015-11-17 00:47:51 +01:00
iglocska	54d469f854	Merge branch 'hotfix-2.3.160' into develop	2015-11-17 00:38:45 +01:00
iglocska	63915ab714	Merge branch 'hotfix-2.3.160'	2015-11-17 00:38:05 +01:00
iglocska	6cb7cc7748	Fixed some deprecated validations left over from the purge a few weeks ago	2015-11-17 00:35:32 +01:00
iglocska	b3a2428345	Merge branch 'basedir' into hotfix-2.3.160 ... Conflicts: app/Controller/AppController.php app/View/Pages/administration.ctp	2015-11-17 00:33:34 +01:00
iglocska	053c27ae9a	Removed a crappy solution to an issue with attributes being overwritten that was fixed a long time ago correctly on data entry	2015-11-16 19:51:38 +01:00
iglocska	cd3096a38f	Fixed a security issue with the regular expressions ... - as discovered and reported by Egidio Romano of Minded Security - Users with the perm_regex permissions could create a malicious regex that leads to RCE using the PHP /e modifier for preg_replace(). - Regular expressions are now sanitised on edit / creation of the malicious modifier - also added an admin tool that lets admins clean their current set of regexes of the harmful modifier	2015-11-16 19:47:31 +01:00
iglocska	ac2cd88be7	Merge branch 'hotfix-2.3.159' into develop	2015-11-16 00:28:54 +01:00
iglocska	770e30b842	Merge branch 'hotfix-2.3.159'	2015-11-16 00:27:49 +01:00
iglocska	3045cc2630	Fixed an invalid detection of JSON requests when not passing the accept header ... - some json actions worked by passing the .json extension in the url - these pages were correctly returning JSONs but were often internally running through the HTML code-path thanks to an invalid detection - the new correct detection should provide a major speed boost for certain json requests	2015-11-16 00:25:21 +01:00
iglocska	da5fac5873	Added logging of auth key changes, fixes #715 ... - Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys - Also removed the logging of the hashed password for newly created users	2015-11-16 00:22:58 +01:00
iglocska	487912a15a	Fix to an invalid json request detection leading to the JSON export failing ... - It seems like relying on the Accept header can lead to the data type detection failing when accessing .json extension views - this issue seems to have gone unnoticed since until now the data passed to the json view was the same as that passed to the html view - this means that all the additional UI only features may have triggered in the background previously on .json views	2015-11-15 17:43:19 +01:00
iglocska	f36e00e944	Permission checks	2015-11-14 17:27:06 +01:00
iglocska	8cc0996c3c	Merge branch 'master' into 2.4-beta ... Conflicts: VERSION.json app/View/Elements/side_menu.ctp app/View/Pages/administration.ctp	2015-11-14 17:16:38 +01:00
iglocska	5b9624e96e	Added the publisher role to the default role set	2015-11-14 11:09:02 +01:00
iglocska	7fbbdafec2	Tighter control over deleting organisations	2015-11-14 11:08:41 +01:00
iglocska	406b6de3e0	Merge branch 'hotfix-2.3.158' into develop	2015-11-14 00:23:23 +01:00
iglocska	35cd740b6e	Merge branch 'master' of https://github.com/MISP/MISP	2015-11-14 00:05:00 +01:00
iglocska	e906328a0e	Merge branch 'hotfix-2.3.158'	2015-11-14 00:04:15 +01:00
iglocska	697ff43465	Version bump	2015-11-14 00:03:41 +01:00
iglocska	6bc6f281aa	Added an additional role to the default installation ... - by default there was no publisher role	2015-11-14 00:03:10 +01:00
iglocska	afdcc1af0c	Fixed a security issue with the CSRF protection being avoidable using some site admin functionality ... - as discovered and reported by Egidio Romano of Minded Security - Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts - Tightened HTTP method verification across the board for actions that modify data - Turned some administrative tasks to POST only actions	2015-11-13 23:57:03 +01:00