iglocska
a380458d2e
Fixed a security issue with the site admin file uploader
...
- as discovered and reported by Egidio Romano of Minded Security
- The site admin file upload tool allowed for unrestricted file upload that could lead to RCE
- Fixed the file uploader to be much more restrictive
- removed the interactive terms file upload
2015-11-13 23:48:29 +01:00
Alexandre Dulaunoy
0fe4cf63ca
PyMISP submodule updated
2015-11-13 11:24:59 +01:00
Alexandre Dulaunoy
4723431ab0
PyMISP submodule updated
2015-11-13 11:12:57 +01:00
Alexandre Dulaunoy
c86fa28a90
PyMISP updated
2015-11-13 10:55:40 +01:00
iglocska
5941772b3a
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
2015-11-12 09:49:04 +01:00
iglocska
82c9680b10
Merge branch 'hotfix-2.3.157' into develop
2015-11-12 09:47:49 +01:00
iglocska
b097435879
Merge branch 'hotfix-2.3.157'
2015-11-12 09:47:34 +01:00
iglocska
69031ab35e
Fixed an issue where PGP keys that are set to never expire show up as expired
2015-11-12 09:46:33 +01:00
iglocska
1c6f45de52
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/Controller/EventsController.php
2015-11-12 09:26:29 +01:00
iglocska
620aab4e0e
Merge branch 'master' into 2.4-beta
...
Conflicts:
VERSION.json
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Event.php
2015-11-12 08:44:23 +01:00
iglocska
d568803aa8
Merge branch 'hotfix-2.3.156' into develop
2015-11-11 17:05:44 +01:00
iglocska
3a540542ed
Merge branch 'hotfix-2.3.156'
2015-11-11 17:04:49 +01:00
iglocska
675ceb2e0e
Better verification of PGP keys
...
- checks whether the key can be used to encrypt and whether it's expired
2015-11-11 17:03:59 +01:00
iglocska
2addc61346
Merge branch 'hotfix-2.3.155' into develop
2015-11-10 15:25:20 +01:00
iglocska
6baa3bea00
Merge branch 'hotfix-2.3.155'
2015-11-10 15:23:29 +01:00
iglocska
6548297b80
Merge branch 'hotfix-2.3.154' into hotfix-2.3.155
...
Conflicts:
VERSION.json
2015-11-10 15:22:10 +01:00
iglocska
9f85c40145
Fix to a security issue
...
- as reported by RichieB2B
- Trying to view an event that doesn't exist and one that the user has no access to resulted in different error messages
2015-11-10 15:18:33 +01:00
iglocska
c46922be12
Fix to a security issue in the PGP fetching tool
...
- reported by RichieB2B
- The scraped URL for the PGP fetching tool was not sanitised before being echoed
2015-11-10 15:17:15 +01:00
iglocska
ea2420c889
Merge branch 'hotfix-2.3.154' into develop
2015-11-10 13:47:46 +01:00
iglocska
db2d7dc8de
Merge branch 'hotfix-2.3.154'
2015-11-10 13:47:01 +01:00
iglocska
0d758de89b
Fixed an issue where a linebreak in an event info would break the CSV export, fixes #710
...
- also added comment field for attributes
- until now multi line fields were both escaped and the line breaks removed
- this was overkill, linebreaks are now kept intact
2015-11-10 13:45:40 +01:00
iglocska
596ec80ac9
Merge branch 'master' of https://github.com/MISP/MISP
2015-11-09 23:21:11 +01:00
iglocska
ce99344895
Merge branch 'hotfix-2.3.153'
2015-11-09 23:20:59 +01:00
iglocska
62253adaf4
Merge branch 'hotfix-2.3.153' into develop
2015-11-09 23:19:31 +01:00
iglocska
8f485ef98a
Fixed a bug with the attribute search API
2015-11-09 23:18:51 +01:00
Alexandre Dulaunoy
7b631c56cd
Updated PyMISP to the latest version
2015-11-09 21:28:09 +01:00
iglocska
42eeadb834
Fixed the proposal attachment upload
...
- was bugged before since the switch to the new format
- comments were not enabled
- fixed an issue where a proposed attribute could not be downloaded as it was pointing to a file in the attribute attachment directory
2015-11-09 16:44:40 +01:00
pugilist
79eab81a43
updated an anchor that was missed previously
2015-11-09 09:29:07 -05:00
pugilist
e7e76bfc44
patched termsaccepted and change_pw checks to redirect properly when a base directory is specified.
2015-11-09 09:22:24 -05:00
iglocska
9092eb4015
Double click edit of attribute values wasn't working
...
- fixed
2015-11-09 15:17:47 +01:00
iglocska
34e4183854
Moved the logic for flagging an attribute for a validation issue to the model
2015-11-09 14:50:57 +01:00
iglocska
45f0e04738
Warning icon if a financial indicator fails the validation
2015-11-09 13:54:38 +01:00
iglocska
3716b38a60
Bin number added to validation
2015-11-09 13:42:22 +01:00
iglocska
685ba2a0b9
Comments now correctly save on attachments
2015-11-09 12:44:09 +01:00
iglocska
15c72a784d
Clarification of the malware checkbox on add attachment
2015-11-09 12:41:33 +01:00
iglocska
cd886b4a79
Relaxed financial attribute validation
...
- also added 2 new types: bank-account-nr and aba-rtn
- validation is completely relaxed
- idea is to add a visual notification in the view for these attributes types if they are not valid (invalid financial indicators are still interesting)
2015-11-09 12:36:49 +01:00
iglocska
9faf3df8ae
Some fixes to the api authentication
...
- Handle user not found gracefully
- Log the failed authentication correctly
2015-11-09 08:52:06 +01:00
pugilist
baa33a618c
modified img tags to use baseurl
2015-11-08 19:24:57 -05:00
iglocska
324418dcf9
Merge branch 'master' into 2.4-beta
...
Merge and upgrade of several new features
Conflicts:
VERSION.json
app/Controller/ShadowAttributesController.php
app/Controller/TagsController.php
app/Model/AppModel.php
app/Model/Event.php
app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
2015-11-08 23:26:19 +01:00
iglocska
68cf9c4960
Merge branch 'hotfix-2.3.152' into develop
2015-11-08 22:58:03 +01:00
iglocska
a3661fdcbd
Merge branch 'hotfix-2.3.152'
2015-11-08 22:57:17 +01:00
iglocska
c83b1e2dd0
Fix to the CSV export, fixes #710
2015-11-08 22:56:00 +01:00
iglocska
16e7974fc0
Improved logging, fixes #695
...
- Added logging of failed login attempts
- Added (optional) logging of successful authentications
- admin setting that has to be enabled
- will log all API calls (both HTTP method and target url)
- optional logging of user IP address for all logs
- each log entry created while this setting is enabled will log the IP address of the client
- disabling it also hides the IPs from the interface
- added new IP field for the log search (only if enabled)
2015-11-08 22:35:46 +01:00
pugilist
ec7d85332c
modified many instances of html anchors and javascript document.location to use
2015-11-08 15:38:24 -05:00
pugilist
e451945b11
modified beforefilter to allow to be accessed by all views
2015-11-08 13:21:16 -05:00
iglocska
c3ebc18afa
Merge branch 'develop'
2015-11-03 17:07:19 +01:00
iglocska
8f1363df37
Merge branch 'hotfix-2.3.151' into develop
2015-11-03 17:07:12 +01:00
iglocska
42ad040d3c
Removed obsolete gitignore files, fixes #704
2015-11-03 17:06:21 +01:00
iglocska
5f06e87b6c
Merge branch 'hotfix-2.3.150' into develop
2015-10-31 00:29:59 +01:00
iglocska
4b24cf0c65
Documentation changes
2015-10-31 00:29:15 +01:00