Alexandre Dulaunoy
1cd7f6bd04
Initial JSON schema - MISP event (version 2.3)
2015-11-20 10:28:11 +01:00
iglocska
1805614efb
Fix to a bug in the template attribute creation
2015-11-20 04:31:58 +01:00
iglocska
709a6cae3d
New category lookup added to templates
2015-11-20 04:22:10 +01:00
iglocska
61282db28e
Fix to the ZMQ call on publish incorrectly passing data to the event fetcher
2015-11-20 03:53:46 +01:00
iglocska
394ae49596
Some bugs resolved
2015-11-20 03:42:35 +01:00
iglocska
ac56b8e806
Empty server list causes the user creation to fail
...
- fixed
2015-11-20 03:11:41 +01:00
iglocska
94072f7c60
Fixed a newly introduced bug in the IOC import component
2015-11-20 01:50:10 +01:00
iglocska
3cc3b4f34d
fixed too restrictive generateCorrelation attribute fields
2015-11-20 01:21:44 +01:00
iglocska
ec566d6225
Small fix to the upgrade script
2015-11-20 01:09:02 +01:00
iglocska
0fb9a70449
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
2015-11-20 00:15:17 +01:00
iglocska
352c7d31c7
Merge branch 'hotfix-2.3.163' into develop
2015-11-19 17:13:41 +01:00
iglocska
7f8ee7ddba
Merge branch 'hotfix-2.3.163'
2015-11-19 16:52:41 +01:00
iglocska
2daaee5333
Version bump
2015-11-19 16:52:25 +01:00
iglocska
56adab6122
Bugfix pack, fixes #724 , fixes #721
...
- Fixed an issue with the new UUID generation method call in OpenIOC
- Fixed an invalid validation check on the salt key
- Added a note on the server page to make it more obvious that values can be changed by double clicking them
2015-11-19 16:50:14 +01:00
iglocska
c71c8f968d
Fix to a bug in the financial tool's validation router
...
- it didn't use the validation type -> validation method array to call the validation function
- resulted in CC validation not being called as expected
2015-11-17 22:25:37 +01:00
iglocska
db359170f6
some left over merging issues among other things
2015-11-17 22:01:22 +01:00
iglocska
043057f133
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/View/Attributes/index.ctp
app/View/Elements/eventattribute.ctp
app/View/Elements/global_menu.ctp
app/View/Elements/side_menu.ctp
app/View/Events/automation.ctp
app/View/Events/index.ctp
app/View/Pages/administration.ctp
app/View/ShadowAttributes/index.ctp
app/View/Tags/index.ctp
2015-11-17 15:13:55 +01:00
iglocska
f8fbcc1c60
Merge branch 'master' into develop
2015-11-17 12:07:54 +01:00
iglocska
b02480c5eb
Merge branch 'hotfix-2.3.162'
...
Conflicts:
app/View/Elements/side_menu.ctp
2015-11-17 12:07:05 +01:00
iglocska
bda6923018
Security fix fixing an XSS issue with the templates
...
- as discovered and reported by Rafael Pablos García of INCIBE
- fixed a reflected XSS for template creator users when viewing a template
2015-11-17 11:58:56 +01:00
iglocska
41b3ef3d9f
Merge branch 'hotfix-2.3.161' into develop
2015-11-17 10:22:57 +01:00
iglocska
ce49216514
Merge branch 'hotfix-2.3.161'
2015-11-17 10:22:40 +01:00
iglocska
e96c05b987
Fix to a recent patch breaking the publish button
2015-11-17 10:21:44 +01:00
iglocska
b59ab5cd8b
Added logo to organisation page
2015-11-17 08:52:24 +01:00
iglocska
7ee1a9bab2
Merge branch 'hotfix-2.3.160' into develop
2015-11-17 01:18:18 +01:00
iglocska
8a5f725547
Merge branch 'hotfix-2.3.160'
2015-11-17 01:17:55 +01:00
iglocska
332d5fa666
Reverted the sanitisation of the baseurl variable on the view level
...
- sanitising it in appcontroller instead
2015-11-17 01:17:10 +01:00
iglocska
485c007b39
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/Lib/Tools/XMLConverterTool.php
app/Model/Event.php
app/Model/EventTag.php
app/Model/TemplateElementAttribute.php
app/Model/TemplateElementFile.php
app/Model/TemplateElementText.php
app/Model/ThreatLevel.php
app/View/Attributes/index.ctp
app/View/Elements/eventattribute.ctp
app/View/Elements/eventattributerow.ctp
app/View/Elements/global_menu.ctp
app/View/Elements/side_menu.ctp
app/View/Events/automation.ctp
app/View/Events/index.ctp
app/View/Pages/administration.ctp
app/View/ShadowAttributes/index.ctp
app/View/Tags/index.ctp
2015-11-17 01:14:51 +01:00
iglocska
866641fb40
Fixed an issue with the blacklists not saving the event org
2015-11-17 00:47:51 +01:00
iglocska
54d469f854
Merge branch 'hotfix-2.3.160' into develop
2015-11-17 00:38:45 +01:00
iglocska
63915ab714
Merge branch 'hotfix-2.3.160'
2015-11-17 00:38:05 +01:00
iglocska
6cb7cc7748
Fixed some deprecated validations left over from the purge a few weeks ago
2015-11-17 00:35:32 +01:00
iglocska
b3a2428345
Merge branch 'basedir' into hotfix-2.3.160
...
Conflicts:
app/Controller/AppController.php
app/View/Pages/administration.ctp
2015-11-17 00:33:34 +01:00
iglocska
053c27ae9a
Removed a crappy solution to an issue with attributes being overwritten that was fixed a long time ago correctly on data entry
2015-11-16 19:51:38 +01:00
iglocska
cd3096a38f
Fixed a security issue with the regular expressions
...
- as discovered and reported by Egidio Romano of Minded Security
- Users with the perm_regex permissions could create a malicious regex that leads to RCE using the PHP /e modifier for preg_replace().
- Regular expressions are now sanitised on edit / creation of the malicious modifier
- also added an admin tool that lets admins clean their current set of regexes of the harmful modifier
2015-11-16 19:47:31 +01:00
iglocska
ac2cd88be7
Merge branch 'hotfix-2.3.159' into develop
2015-11-16 00:28:54 +01:00
iglocska
770e30b842
Merge branch 'hotfix-2.3.159'
2015-11-16 00:27:49 +01:00
iglocska
3045cc2630
Fixed an invalid detection of JSON requests when not passing the accept header
...
- some json actions worked by passing the .json extension in the url
- these pages were correctly returning JSONs but were often internally running through the HTML code-path thanks to an invalid detection
- the new correct detection should provide a major speed boost for certain json requests
2015-11-16 00:25:21 +01:00
iglocska
da5fac5873
Added logging of auth key changes, fixes #715
...
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys
- Also removed the logging of the hashed password for newly created users
2015-11-16 00:22:58 +01:00
iglocska
487912a15a
Fix to an invalid json request detection leading to the JSON export failing
...
- It seems like relying on the Accept header can lead to the data type detection failing when accessing .json extension views
- this issue seems to have gone unnoticed since until now the data passed to the json view was the same as that passed to the html view
- this means that all the additional UI only features may have triggered in the background previously on .json views
2015-11-15 17:43:19 +01:00
iglocska
f36e00e944
Permission checks
2015-11-14 17:27:06 +01:00
iglocska
8cc0996c3c
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
2015-11-14 17:16:38 +01:00
iglocska
5b9624e96e
Added the publisher role to the default role set
2015-11-14 11:09:02 +01:00
iglocska
7fbbdafec2
Tighter control over deleting organisations
2015-11-14 11:08:41 +01:00
iglocska
406b6de3e0
Merge branch 'hotfix-2.3.158' into develop
2015-11-14 00:23:23 +01:00
iglocska
35cd740b6e
Merge branch 'master' of https://github.com/MISP/MISP
2015-11-14 00:05:00 +01:00
iglocska
e906328a0e
Merge branch 'hotfix-2.3.158'
2015-11-14 00:04:15 +01:00
iglocska
697ff43465
Version bump
2015-11-14 00:03:41 +01:00
iglocska
6bc6f281aa
Added an additional role to the default installation
...
- by default there was no publisher role
2015-11-14 00:03:10 +01:00
iglocska
afdcc1af0c
Fixed a security issue with the CSRF protection being avoidable using some site admin functionality
...
- as discovered and reported by Egidio Romano of Minded Security
- Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts
- Tightened HTTP method verification across the board for actions that modify data
- Turned some administrative tasks to POST only actions
2015-11-13 23:57:03 +01:00