MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,701 Commits
34 Branches
364 Tags
187 MiB
Commit Graph

794 Commits (5edcd9083f2104e4eeab4be75109b797d756c14b)

Author SHA1 Message Date
Raphaël Vinot 5527c24d92 chg: Bump PyMISP 2020-10-16 13:17:04 +02:00
Jakub Onderka 0e80b9f498 fix: [freetext] Do not load event page twice when saving freetext 2020-10-11 12:36:00 +02:00
mokaddem 40b3259b7a
fix: [decayingModelSimulation] Correctly extract part of atomic tags 2020-10-06 14:18:05 +02:00
Jakub Onderka 3be0ab9169 chg: [internal] Use ACLComponent for menu item permission 2020-10-03 16:12:44 +02:00
mokaddem 6bcde44950
chg: bumped queryversion 2020-09-28 10:32:14 +02:00
mokaddem eb84b3344f
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-09-22 12:08:12 +02:00
mokaddem 1287b18106
chg: [queryversion] Bumped 2020-09-15 14:07:41 +02:00
Raphaël Vinot 1684478091 chg: [PyMISP] Bump version 2020-09-08 12:47:30 +02:00
Sami Mokaddem 775514ccf8
chg: Bumped queryversion 2020-09-03 16:41:26 +02:00
Golbark 3fb47d1cce chg: [internal] Using blocklist instead of blacklist 2020-09-01 16:27:36 +02:00
iglocska 704378c919
fix: [JS] broken URLs due to the baseurl refactor 
- no need to prepend URLs taken from the forms themselves directly.
 2020-08-24 17:20:57 +02:00
iglocska 242d25d5e4
chg: [API] GET requests on restsearch with no parameters are no longer allowed. 
- warn the user of the use of GET queries with posted JSON bodies
 2020-08-24 09:04:30 +02:00
Raphaël Vinot db55589512 chg: [PyMISP] Bump tag 2020-08-20 13:04:44 +02:00
Jakub Onderka b6116098c0 fix: [security] Throw exception if invalid data provided 2020-08-05 12:39:11 +02:00
Jakub Onderka 67a9d612d5 fix: [security] ACL check when adding or removing tags 2020-08-04 12:23:41 +02:00
Jakub Onderka db626cf741 fix: [security] Respect ACL when event edit 2020-08-04 12:21:42 +02:00
mokaddem 94aa68c8b4
chg: Bumped queryversion 2020-07-31 13:30:17 +02:00
mokaddem b3dbecb318
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-07-14 16:25:04 +02:00
iglocska bf4610c947
fix: [security] setting a favourite homepage was not CSRF protected 
- a user could be lured into setting a MISP home-page outside of the MISP baseurl
- switched the endpoint to be CSRF protection enabled

- as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
 2020-07-13 12:19:11 +02:00
mokaddem f3a9481c61
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-07-01 16:22:55 +02:00
Raphaël Vinot 688585b323 chg: [PyMISP] Bump 2020-06-22 14:34:49 +02:00
Raphaël Vinot 5a512063a3 chg: [PyMISP] Bump 2020-06-16 14:30:23 +02:00
mokaddem 5c04b9a8c1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-05-28 14:06:30 +02:00
Jakub Onderka 8c13330712 fix: [internal] Check if user is logged before checking if he is site admin 2020-05-19 17:11:39 +02:00
Jakub Onderka df1ed1badf fix: [internal] Set notifications count and loggedInUserName just for logged users 2020-05-19 17:10:53 +02:00
Raphaël Vinot b8f0574f71 chg: Bump PyMISP 2020-05-18 12:38:25 +02:00
iglocska c8e9fa1c76
chg: [roles] allow the creation site admin enabled roles without auth access 2020-05-06 14:53:11 +02:00
iglocska f278407e91
chg: [VERSION] bump 2020-04-30 11:50:22 +02:00
iglocska e9c00cb1b4
fix: [otp] pre-auth action list only expanded if otp is enabled 2020-04-29 15:55:22 +02:00
iglocska 6ec8391e46
Merge branch '5726' into 2.4 2020-04-29 15:50:01 +02:00
Andras Iklody f30959f274
Merge pull request #5561 from JakubOnderka/is_rest_cache 
chg: [internal] Cache result of AppController::_isRest method
 2020-04-28 15:46:24 +02:00
iglocska 03c866fe4e
fix: [registrations] Users can now register using the API without a valid key, affects #5783 2020-04-24 11:39:59 +02:00
iglocska 45e42ca84f
new: [privacy] filter added for the authkeys in the admin section to make giving trainings easier 2020-04-21 08:09:26 +02:00
Golbark 93ba84fd02 Hook into native authentication flow instead of beforefilter 
which prevents any after-auth bypass and rely on framework
session management.
 2020-04-20 12:24:47 +02:00
Golbark 3436bc6ae5 Merge branch '2.4' into email-otp-implementation 
Conflicts:
	app/Model/Server.php
 2020-04-20 12:16:25 +02:00
iglocska 078bf123a1
chg: [ACL] added the feed data reload 2020-04-17 14:23:34 +02:00
iglocska 10ab82f830
new: [UI Helper] DataPathCollector helper added 
- helps the index factory fields retrieve data from the currently processed object based on a set of paths
 2020-04-17 14:13:15 +02:00
iglocska 3fa5c3f370
fix: [database] added missing file 2020-04-14 15:17:15 +02:00
mokaddem dd1be03597
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-04-09 14:26:48 +02:00
iglocska 4ebc0a7988
new: [inbox] system added 
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
  - request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
  - they can accept/discard them individually or en masse
  - users will be notified of their credentials automatically
  - quick user creation if the user asks for an org that doesn't exist yet
 2020-04-07 13:21:01 +02:00
Golbark d254d04365 Rely on session_id instead of user_id and address minor comments 2020-03-26 02:55:14 -07:00
Golbark 309bbc6814 new: usr: Implementation of email-based OTP 2020-03-25 07:45:09 -07:00
iglocska d7e3674987
new: [audit] Added user monitoring 
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies

- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
 2020-03-25 11:49:33 +01:00
mokaddem 04dcdebb1f
new: [galaxyCluster] Initial import of Galaxy2.0 codebase - WiP 2020-03-12 10:26:09 +01:00
Raphaël Vinot 8beec4e383 chg: Bump PyMISP 2020-03-10 14:31:31 +01:00
iglocska f1faa7845f
fix: [dashboard] grid scope fix 2020-03-10 11:34:30 +01:00
mokaddem 431ccc6a04
chg: [response header] Added `X-XSS-Protection` header 
- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
 2020-03-06 16:06:35 +01:00
iglocska a40c227ca4
chg: [querystring] bumped 2020-03-02 23:14:55 +01:00
iglocska 0d4df7c98b
new: [Dashboard] system 
- Dashboard
  - modular similar to restSearch
  - build your own widgets
  - use a set of visualisation options (more coming!)
  - full access to internal functions for queries
  - auto discover core and 3rd party widgets
  - rearrange / configure widgets for each user individually
  - rearrange / resize widgets
  - settings can be configured by a site-admin on behalf of others
  - modules have a self-explain mode to guide users
  - caching mechanism for the modules / org

- set homepage / user
- various other fixes
 2020-03-01 18:05:21 +01:00
iglocska 4bfcc3211b
new: [API] object level restSearch added 
still WiP
 2020-02-29 08:57:32 +01:00
iglocska 08e0e9d16d
chg: [version] bump 2020-02-26 16:13:12 +01:00
iglocska c310b30177
fix: [custom auth] correctly use HTTP_ as the default header namespace 2020-02-23 19:13:48 +01:00
iglocska 363d0cd69a
new: [logging] Log user IPs on login 
- feature is optional and needs to be enabled in the server settings
- on successful login logs the associated user ID for a given IP (30 day retention)
- also logs the IP for the associated user ID (indefinite retention)
- added two command line tools to query
  - Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id]
  - Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip]
 2020-02-20 16:07:10 +01:00
iglocska 88894fc2e5
chg: [version] bump 2020-02-10 16:22:03 +01:00
Jakub Onderka cdf578be4a
fix: [internal] Remove unused line 2020-02-07 17:57:59 +01:00
Raphaël Vinot 6f2005ff60 chg: Bump PyMISP 2020-02-06 10:54:17 +01:00
Jakub Onderka 110eabb08d chg: [internal] Cache result of AppController::_isRest method 2020-01-27 22:02:08 +01:00
Jakub Onderka a3c07277c4 fix: Proper logout when `CustomAuth_custom_logout` is set 2020-01-23 16:46:02 +01:00
mokaddem 60143aba44
chg: [timeline:display_threshold] Increased display threshold 2020-01-20 15:48:26 +01:00
iglocska 3792e4032c
fix: [update] fixed an issue blocking the updates from executing 
- invalid check for the admin role - too early to check for _isSiteAdmin() at that point
 2020-01-20 12:57:12 +01:00
iglocska 8ca5bfd25a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-01-20 11:57:28 +01:00
iglocska 2ac7ea62da
fix: [internal] upgrade issues fixed 2020-01-20 11:56:50 +01:00
mokaddem 6dc79425dd
chg: [queryVersion] Bumped version 2020-01-20 10:39:50 +01:00
iglocska a577c69118
chg: [versions] requirements for languages changed 2020-01-17 15:14:53 +01:00
Richard van den Berg f79f90a1e4 Return STIX in JSON format when Accept header asks for it 2020-01-06 17:13:49 +01:00
mokaddem 9d77a5b3f9
chg: bumped queryversion 2019-12-04 12:15:56 +01:00
iglocska 8d14250cbf
chg: [VERSION] bump 2019-12-02 09:56:42 +01:00
Raphaël Vinot 183dee34f0 chg: Bump PyMISP 2019-12-02 09:44:15 +01:00
iglocska 1c5afa49ed
new: [refactor] Massive internal refactor and cleanup of deprecated APIs 
- new centralised restSearch function in AppController as entry point via all controllers
- new component handling restSearch related support functions, such as parameter mapping
- hollowed out all deprecated export functions on the event/attribute controller
  - replaced with a new functionality that remaps them to restSearch
  - all functionality should be maintained with all additional advantages introduced with restsearch
- additional cleanup (some unused functions removed)
 2019-11-29 10:11:30 +01:00
iglocska 26459f1b63
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-11-26 19:04:34 +01:00
iglocska e7173e2ee4
new: [legacy] handler added for Legacy APIs 
- allows for a remap of the parameters and subsequent calls to modern functions
 2019-11-26 19:01:22 +01:00
iglocska 9e74259bdb
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-11-26 17:11:56 +01:00
iglocska cbbe2b3a30
chg: [CSRF] disable CSRF if you absolutely feel like setting yourself up for failure 2019-11-26 17:11:33 +01:00
iglocska a1dcfb1931
new: [deprecation] Added a new library to handle deprecations 
- send X-Deprecation-Warning via the API
- set new Warning flash messages via the UI
- counting the use of these functionalities / API endpoint and / user
  - added a diagnsitic tool to view the outcome of the collection
  - sharing of these collections with the MISP-Project will be optionally available in the future

- two modes of operation:
  - hard deprecation (functions certainly to be removed, reported to the users via API/UI)
  - soft deprecation (gauging interest for the continued use of these functions)
 2019-11-20 15:30:06 +01:00
iglocska 0c15043cfa
new: [sync] view remote user tool added to the server index 
- should help with debugging what user is being used
 2019-11-13 19:09:37 +01:00
iglocska fc5c9d0db6
Revert "Revert "Merge pull request #5304 from JakubOnderka/version-loading"" 
This reverts commit 623bb20cb0.
 2019-11-12 13:12:42 +01:00
Raphaël Vinot 623bb20cb0 Revert "Merge pull request #5304 from JakubOnderka/version-loading" 
This reverts commit 71fb7fcbd7, reversing
changes made to 11ee95aeb3.

Note: broke freetext import.
 2019-11-12 10:16:36 +01:00
Andras Iklody 71fb7fcbd7
Merge pull request #5304 from JakubOnderka/version-loading 
fix: [internal] Load MISP version just once in AppController
 2019-11-11 15:15:20 +01:00
iglocska 463b98c275
new: [API] SQL dump now includes two modes 
- sql_dump:1 - append the SQL dump to the response
- sql_dump:2 - only return the SQL dump in the response
 2019-11-11 08:19:00 +01:00
iglocska 21088005d4
chg: [internal] Hooked the sql_dump flag into the normal flow 2019-11-11 08:13:14 +01:00
mokaddem a2ab30fcab
chg: [queryversion] Bumped queryversion 2019-11-08 11:47:13 +01:00
mokaddem 3babd222ac
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-11-08 11:42:27 +01:00
iglocska 28028869da
new: [UI] Added the index filter component 2019-11-06 21:16:50 +01:00
mokaddem d63f81076b
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-10-30 13:58:43 +01:00
Jakub Onderka 9314e9c968 fix: [internal] Load MISP version just once in AppController 2019-10-13 11:29:43 +02:00
Raphaël Vinot e05c3b9092 chg: Bump recommended PYMISP version 2019-10-10 23:59:11 +02:00
iglocska e5ed126cc5
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-10-10 11:59:28 +02:00
iglocska be509b3833
fix: [API] rate limit should only run on the API 2019-10-10 11:55:33 +02:00
mokaddem 80b1061639
Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess 2019-10-10 09:54:51 +02:00
mokaddem 8476f667c2
chg: Bumped queryversion 2019-10-10 09:44:19 +02:00
mokaddem d86264b2ba
fix: [live:notice UI] Fixed baseurl variable 2019-10-08 14:25:30 +02:00
mokaddem 901a57c2bd
fix: [live:notice UI] Fixed baseurl variable 2019-10-08 14:20:01 +02:00
iglocska a8c57a8316
new: [API] Added rate limiting option to the API 
- / role setting
- can be enabled/disabled and if enabled a limit can be set
- limit counter / 15 minutes starting from the first query
- x-headers inform the user about their limit/remaining queries/reset in seconds
 2019-10-08 11:43:56 +02:00
iglocska cee439dc80
fix: [performance] notifications lookup on each UI page load was slow 
- introduced a major bottleneck on large instances
- massively reduced the load times for pages that warranted none
 2019-09-30 08:36:13 +02:00
iglocska dc25176384
fix: [internal] paranoid log body didn't contain full body for API calls 2019-09-26 10:28:53 +02:00
Andreas Rammhold 624476a1f9 chg: [AppController] move debugMode setup code to a function so it can be reused 
There were already two places in AppComponent that implemented the same
functionality. It makes sense to move this to a common function so it
can also be used from Controllers that do not inherit the full
beforeFilter functionality.

Since `__preAuthException` is private and only called from the
beforeFilter method after the variable has been setup we can remove
the explicit init from there.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 96311ef480 chg: [AppController] move the database connection setup to a dedicated function on the AppComponent 
This removes a bit of clutter from the already large beforeFilter
method and allows other views to resuse the logic without having to
duplicate it.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 013b3ac619 chg: [AppController] move the `baseurl` configuration into a helper method 
This makes the beforeFilter function a bit smaller while keeping all the
functionality. It will also help with reusing the setup logic in views
that can not execute all of AppComponent::beforeFilter, like the
LinOTPAuth plugin.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 3cbc36af4e chg: [AppController] move loading and initialisation of Auth plugins to reuseable method 
For some authentication workflows it might be desireable to execute the
exact same code without having to call the entire beforeFilter method
from the base class. That way you do not have to work around all the
edge cases without having to reinvent the same code in multiple
locations.
 2019-09-18 15:57:28 +02:00
Andreas Rammhold 9edffd01ba chg: [AppController] move login redirects to dedicated functions 
This makes it easier to modify the login redirect behaviour in a unified
way. For now this just uses the default Auth loginAction while setting
the `admin` attribute to `false`. Thus application behaviour should be
unchanged.
 2019-09-18 15:57:28 +02:00
iglocska 71a0fd350b
fix: [UI] Annoying race condition fixed causing redirects to the login, fixes #5172 2019-09-17 12:40:22 +02:00
iglocska 518c83362c
chg: [version] bump 2019-09-16 13:55:16 +02:00
iglocska 850159627a
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-09-13 11:51:05 +02:00
iglocska ffc9147018
new: [sync] Added sync priority system to prioritise the order of instances to push to 2019-09-13 11:49:12 +02:00
mokaddem cfafc2e51f
Merge branch '2.4' of github.com:MISP/MISP into decaying 2019-09-12 13:35:35 +02:00
iglocska 290a92808d
fix: [customauth] default setting for use_header_namespace should adhere to what is displayed (true) 
- as requested by the MELiCERTES consortium for CSP
 2019-09-11 09:28:45 +02:00
mokaddem 35e2c62947
chg: [app] bumped queryversion 2019-09-10 15:43:20 +02:00
mokaddem f3860ade80
Merge remote-tracking branch 'origin/2.4' into decaying 2019-09-10 15:40:25 +02:00
iglocska 77f767ff02
fix: [internal] blackhole function default fixed 2019-09-10 15:22:55 +02:00
iglocska 33f7444fe9
new: [auth key fail logging throttle] Throttle the auth key failed log entries to 1 / hour / key 2019-09-09 14:09:18 +02:00
mokaddem 1d378fd7bd
Merge remote-tracking branch 'origin/2.4' into decaying 2019-09-06 16:21:17 +02:00
iglocska 2053d7e74f
fix: [authentication] prepend the baseurl to the login/logout redirects - fixes #3871 2019-08-30 15:24:29 +02:00
iglocska 145730fe60
chg: [VERSION] bump 2019-08-30 13:09:41 +02:00
mokaddem 673b314ce6
chg: bumped query version 2019-08-29 13:03:25 +02:00
mokaddem a5d06d1333
Merge branch '2.4' of github.com:MISP/MISP into decaying 2019-08-29 10:52:18 +02:00
mokaddem 82e70fee12
fix: [appController] Fixed updateProgress redirection link. Fix #5068 2019-08-27 15:02:02 +02:00
mokaddem 26afe1765d
chg: [roles] Added `perm_decaying` role 2019-08-20 16:37:06 +02:00
iglocska e296288f59
chg: [version] bump 2019-08-16 19:04:17 +02:00
iglocska 519e110f9f
new: [internal / API] new component added to handle repeatable code across all controllers (toolbox controller) 
- added UUID -> ID lookup function and integrated it across several functions
- fixes #4990
- fixes #4999
- fixes #4993
- fixes #4991
- fixes #4989
- fixes #4987
 2019-08-14 15:01:31 +02:00
iglocska 1cb9489839
fix: [sessions] Several minor fixes to the session handling 
- cookieTimeout setting fixed
- moved the session massaging into a separate function
- added some translation calls for some of the setting errors involved
 2019-08-09 15:57:15 +02:00
iglocska 539a7431a4
new: [session handling] Session handling fixes 
- changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions
- timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
 2019-08-09 14:41:17 +02:00
iglocska fc3a38d463
fix: [pymisp / querystring] versions bumped 2019-08-02 17:06:17 +02:00
iglocska 4781d68a44
chg: [UI] Added the new user name helper 2019-08-02 10:45:55 +02:00
iglocska 1434759135
new: [API] Disable background processing on-demand via URL parameters 2019-07-31 15:56:33 +02:00
Andras Iklody 046704b735
Merge pull request #4878 from RichieB2B/ncsc-nl/fix-destroy 
Fix session_destroy errors
 2019-07-16 18:11:53 +02:00
mokaddem 458bd23937
chg: bumped queryversion 2019-07-16 16:08:28 +02:00
Richard van den Berg 50846595c8 Destroy the CakeSession, not the php one. Fixes #4808 2019-07-16 11:56:56 +02:00
Alexandre Dulaunoy 5122299cd4
chg: [version] align PyMISP version with core 2019-07-13 09:16:37 +02:00
iglocska c8018d7daa
new: [API] Proposal sync rework done 2019-07-12 16:03:08 +02:00
mokaddem 41615b7ce4
fix: [eventGraph] Correctly pick the first-matching requiredOneOff to 
generate the object's label
 2019-07-03 11:38:07 +02:00
mokaddem 4ab4318eb2
chg: [event:view] Make `Related *` scrollable 2019-06-24 14:00:51 +02:00
iglocska d69188f66a
new: [correlation graph] Toggle physics on/off 
.,/#&&@@@@@@@@&%(*.
                                                         #@@@@%*..,..,.,,.,,.,.,.,,,,..,*#@@@@(
                                                  .&@@%,,.,,.,,,*#%&&&%#(/**,,**/(%&&&%(/,.......(@@@,
                                              %@@(,,,,,,(&&%*..........  ...*,*..,.........../&,....,%@@,
                                          &@&,,,,,*&&(....  .*....*..//.../../(...*.*(...%..........#&(....*@@/
                                      ,@@,,,.,#......#..#*..(#..(*./,..,...*(...*.,.*..........#/#.....%&,..,/@@.
                                   /@%,,,,(&(.....#/,...#../.(#...,/.,,../,..*(...*...%,.........,*...#./....#&,.,,@@.
                                .@&,.,,%&....,,....(*,.../.(,..(...,..,..*#..,,..,..,...*,....../#...,..(//.....,&/..,&@.
                              %@,,,,#&...,,/./**....(,,..(,.//..,*..............................,.....././(.,..*...,&/,,,@&
                            @%,,.(&,../(*..(#../#....(*. /....................................../,..*.*..//,,..,/.....,&...%@
                         .@(..,&&,......%,,/..../(..(................................................/(..(.,.*.....**....%#,,*@,
                        @(,,*&%*.........*((....*#.......................................................(*.,,.......*,#...*&..,@*
                      @#,,/&%,.(*..........#,/.............................................................../...*..*(.......*&.,*@,
                    #@,.,&&*.#&/(.,...............................................................................,...(...,.,,.*%..*@
                   @*,,%@/......#*(................................................................................./. (./.#.....#%..%@
                 &@,,/..........#,../................................................................................,.#.........&*,,@*
                @/,,&@,............/(..................................................................................#............*&../@
               @*,/&&.................................................................................................................&,..@
             (@,,(&(...................................................................................................................%%..@(
            (&,,#&*.....................................................................................................................,%../%
           #@,,%&........................................................*/,...../(*......................................................&..*@
          /&,,%&....................................................,                  **..................................................&..,@
         *@,,%&..................................................,     . . ..       .  .  *,................................................&..*@
         @*,#%,................................................*   ..                       (................................................&.,*%
        @/,*#*...............................................*%/,,,***,...,,.  ..............,&..............................................,&..&(
       %&,,%@...............................................%**,..,,,,,,,......,. ........   ,,%#............................................./(,.@
       @*,(%................................................*,..*(*.*,,...*,/..*,.. ... .,.*... ...............................................&*..@
      &(,,#,...............................(/**,,,.,,(.*/,%&&%#*/#(....,* .,...... */. ..,/**/(##% *,,.,,.( .   .(..............................&..##
      @*,%#................................*.... .(/..... %,,.,,*.,**.,,,,,,*((*,..... .(. . . .. ,.,,,..,. .....,..............................#(..@
     ,,/,................................*.  ...........#,*.,/*.,,,,,,,,,,,...,*.......  .(. .  *              %...............................&..*#
     @/,##.................#*..,*,,,,..(/,,,*.,***/,,,,/*/*.,,,,,,,,,,,//***,,,**...... ..   ./.%.,*.(*,,,..,.,/,..,***/*#...*%(...............%(..@
    .@*.#*..........,,,,,*,%....,/,**/...,//(/...*/((,.,/&%((/***/*//**///////********,,,,......./%(..........      . .,,,,.....#*.. ...,.........%..%/
    #(*//..........%,.,,,,.%........... . ...............*/****,*,,,,**,,,,,,,,,,,,,..,,.........(,,,,,*,,,*,,,.........     ....( ...../.........&.,.@
    @/,(/........%%,.,,*,(%/*/*...,.,,*,..............,,.,/%%%###%%##%####(#%####%%(/((###(//(%((..................,   .  ....,%%((((//(&.......#/..@
    @/,((..........%......#*...........,..............,.../,//****/***/**,,*/,,/(*,*,,........**.(.,.................*...........&     .*.........,%..@
    @/,#/..........(,,.,,,(*.........../..............,.../,/*/((((//*//*,*#***,./,/,,,........*./...................*...........%....../..........%..%.
    @/,#*..........#......*/...........*..................*.**/,.,*(//**/,..,..,...*,,,..,*,...*.(...................*...........%   .../..........&..(,
   .@(*#,..........%......//...........,.,......,,*,**....*./**(,##,(//*/,/%&&&%%&//,,,..,//,.,*.(...../,,,,.........*.,.,.,.....& .. ../..........&../,
    @(*#,..........#...(,,&/.....,%##(,*.......,,/*,(.,..,*./*/(*/**(/*,/,///***,.*/,,,..,../.,*./.....*/..(........./,*,*#......&,../..*..........&..(,
    @(*#/..........#..*...%/...,.*,..#,,.......,,,..#,,.,,*./*/(*//*(//,(**//,,,,.*/,.,.,*../../,/...../(..(.........(.,..(.,....#. ..*.,,.........%..%
    @/*/*..........#..,...%*...,.*,..#.,.......,*,..(.,,..*,**(#*((/(//,/********,*/*,,,.*..*.,/,(.,...*(..(.........(.,..(......#... *.*,.........%..@
    &//*,..........%..*...&,...../...(,,......,,*...(.,,,,,.///(*/////(*(,/*/***,,*/*.,.,*..*.,*./.,...*(../.........#,,..(......#.   /./..........#..@
    *%/,#..........%..,...%,...........,.......,*...#.,,,./.**((*//*(//*(,/*/**,*,//*,,..,..*.,/,(...,.*#../,........#. .,......./.   /.*.........**..@
     @/,(,.........%..    %....,..,....,,......,*...(,,,,/.,/,./*/(,(((/%#*,(///*//((,...*..*.,*,,#.,,,//  ,.........#...........#.   . ,.........&..%/
     @(/,/....,.........,*..,.........,,.....,.,.,,*,,,*//***,,,,,,**,***,****//(((##%%#######(#(#(..,.***,,,........#............./...    ..,*...%..@
     ,@/,#,...,..,.,**,,,..,,,.,,.....,.,.,...,,/***/,,//(/////////**///(////**,,,,,,**,,,,......./.*,,**,,,,........#.............*,,,*,,,..**..#*.,%
      @/**/...............................,,,,,,,,,,,*&&%%%###%%%%%%%%%&&&&&&%%##((/////***,*,,,,*/#%(&%###%%%%%&&&&&&%########((//**,...........%..@
       @/,/...........,%...............................**,,,,,,,*******//((###%%%&&&&@@@@@@@@@@@@@@%...............................,,,,,,,*/*.**.*&
       /,#.....,*.,%&&%...........,.,..,*.....*,&/......*.*,/....&(#%......,.....*. ,.....,,,............../*........ .............../,..#*,..%..@
        @/*,/..,*@*...../(...........%*(,*%....,/#../#....*%( /.....(*.....,*,....(,......../.,......(,......#(.....#...#...........,.....//...&..%,
         @/,**.*(....(,%./%.........*%,#.,&.....,(..&.....*%.##.....((.....,/.....*/........(........(,......#(....../../........../.......((.**.*&
         (@/,(*..%#....,.,&........................................................................................................#*....../.,%..@
          #%/,(,..**/,..*%..*....................................................................................................,..#,.**(#..#..@
           @%/*#*.,....%*.#*%,,...................................................................................................%.........%.,@
            /,(/...,%.%./.*@*,................../&//...................................................,#*................../#*....&*./..%.,@
             &&/,(%..,./.(&....,/,..............,#(/,/. ,..............................................(*,,.,,...............,*..&..*../.,#.,@
              /&/,*%..,%,....*.(&*%............##.,...*&., ,....................................../.#...,,.../................%,..../&,.*,.,@
               ,@/**%*......,&(...&.#................*&..,(,./(,*.............................*..%./*.....#*,............*......,%.*,..&.,/%
                 @(/*#&..*/@.......%#(%............,/&...,(*#..(#./#.................,*.,.%,, .( ....,*.................,#...,.....(..#,.@*
                  #&/**&%......,,(&/..*.,................,%..../%(,..........///,#(.,*.....(.#,.,....#(...............%.*..%.....(..%,,,@
                    @(/*(&*...*&.((...../%/..................,/(.............*......./##,...(,..#*.....................,#.,..%.*..,/,,@*
                     #@//*#@..##%..../.%...%....................,............(/.../..(*..,../...................#/.....#..%...,..%..*@
                       @&(**%@,.,/.,.(*...//...................................%&(................................& &,..*..%,..%,,.@
                         @&(*/#&(..((..,.#/....../.*.*.......................................................%.,...%*..%/....%...@.
                           @&(//(&@...%#/.......#/%..*.( /,..........................................*,,...../*%*,...#..../(.,.@.
                             &@(///%&/...........,/#.....*/##(.....................................,*,........(.%%#,/...%,.,*@
                               /@#((/(%&*.....*/..((%...*/#...,*((#&.  ,,*///*..............(*.../*.,.*,......&......%#.,,@%
                                  &@((//#%&*...#(**#.../,/...*#*/../,,.*.*...(*,,..((....../,.....,,./........(...%/,,,#@
                                     @@(((((%%&,....../,/...,.**/..*,*..,,,(/..,,.,.,......(,.....(,..(, ...../%*.,,(@*
                                        #@%////#%%&*....#.,(.,#*,..*,...*,./*.....#(........(,....(.......(%/,,,,&@.
                                           .&@#////(#%%&(.....*&&*/*(...*,,..*./,...(...............,/%/,,,,,%@#
                                                #@@/*////(#%%&&/.........,*(#*..(,/*.........,*#%//,,*,,*@@(
                                                     /@@@(/(////((((###%&&&&%%%%%%%%&%%##(/*******/&@@(
                                                            ,%@@@@%#((//////******/////(/#%@@@@%,
                                                                          .,***/***,.
 2019-06-20 17:46:39 +02:00
Andras Iklody 1470d21813
Merge pull request #4674 from juju4/devel-globalstrict 
strict typing - snuffleupagus tests
 2019-06-18 09:29:12 +01:00
mokaddem b42f803110 chg: bumped queryversion 2019-06-12 15:31:06 +02:00
iglocska 3bcd7c57a3
chg: [querystring] bump 2019-06-12 14:24:14 +02:00
mokaddem 210477eaaa chg: bumped queryversion 2019-06-12 14:13:25 +02:00
iglocska 3733f3dd00
fix: [CSRF] END THIS NIGHTMARE 2019-06-07 15:25:32 +02:00
iglocska ab86fd658b
fix: [CSRF] Potential fix for the CSRF issues via tag/galaxy additions 2019-06-07 14:44:39 +02:00
iglocska 75dcaa14e0
fix: [session] Fix to automatic session destruction in previous attempt to fix the overflow of API sessions 2019-06-07 08:49:30 +02:00
iglocska d6fc4272ad
fix: [API] Destroy the session at the end of the execution 2019-06-06 20:31:56 +02:00
juju4 492b076f12 strict typing - snuffleupagus tests 2019-05-26 09:06:16 -04:00
mokaddem 46be1e918e chg: [event:view] Correctly display title to large by truncating 
(+ellipsis)
 2019-05-23 15:07:43 +02:00
mokaddem 6d5fac0a6c chg: Bumped queryversion 2019-05-21 10:11:04 +02:00
mokaddem 75d92190cb chg: bumped queryversion 2019-05-21 09:52:09 +02:00
iglocska 1aef957d5f
new: [paranoid logging] Added POST/PUT body logging on demand 2019-05-17 12:04:19 +02:00
iglocska f71bb17ea4
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-05-17 11:46:12 +02:00
iglocska e89b4525ad
new: [logging] Added paranoid logging mode 
- will log ANY query's (UI/API):
  - http method
  - requested URL

- optionally disable DB logging for paranoid log entries
 2019-05-17 11:45:20 +02:00
mokaddem 711f9d398e chg: Bumped queryVersion 2019-05-16 17:28:40 +02:00
mokaddem ffbbb9292d chg: [eventgraph] Force constant color for the eventgraph's nodes. Fix #4536 2019-05-06 15:19:22 +02:00
Steve Clement fc8f7982df
Zoidberg's son: Update system (#4534) 
Zoidberg's son: Update system
 2019-05-01 18:24:41 +09:00
mokaddem 02719517c7 chg: [object:similiar] Added back button, improved highlight and text 2019-04-30 10:05:39 +02:00
mokaddem 47e13c8369 chg: [updates] Implented changes requested by the PR's review #4534. 2019-04-29 11:09:04 +02:00
mokaddem ee735f00d4 new: [update] Injected update-related files/changes from zoidberg 2019-04-26 09:45:03 +02:00
Raphaël Vinot aa58cf4ff2 chg: Bump PyMISP 2019-04-24 17:07:05 +02:00
iglocska 260b156135 fix: [UI] Modifying push/pull rules fails via the server edit 2019-04-17 11:17:13 +02:00
iglocska 76d14c00cb Merge branch 'thumbnail' into 2.4 2019-03-29 20:29:37 +01:00
iglocska 1380a4797a new: [UI] FA5 update finalised 
- includes helpers to untangle the branded icon mess
 2019-03-26 10:17:59 +01:00
iglocska 5f87ee0d2a fix: [UI] Inconsistend pluralisation fixed, fixes #4360 2019-03-25 12:34:17 +01:00
iglocska f3d2b1d15a new: [tagging] Stop pre-populating forms for tagging / attaching of galaxies 
- avoids any potential CSRF issues, the form is fetched just in time for the submission
 2019-03-20 11:21:40 +01:00
iglocska 7141f70b20 Merge branch 'kafka' into 2.4 2019-03-19 17:23:05 +01:00
iglocska 7fbc4dc34c new: [REST client] Added history/bookmarks 2019-03-19 10:55:27 +01:00
Nikos Filippakis 9d59b10368 Publish events to Kafka 
Signed-off-by: Nikos Filippakis <nikolaos.filippakis@cern.ch>
 2019-03-18 15:53:22 +01:00
mokaddem 57f8a46129 chg: [viewPicture] Adaptative behavior if php-gd not loaded 2019-03-15 12:18:45 +01:00
Raphaël Vinot a300cf5a2e chg: Bump PyMISP to 2.4.103 2019-03-02 00:33:52 -08:00
iglocska f11a0dad0d chg: [recommended versions] Added note on deprecating PHP 7.1 and Python 2.7 2019-03-01 06:56:02 +01:00
iglocska ad8eb0ed47 new: [UI] Added quickfilter for the server settings 
- no more **** around trying to find the right settings!
 2019-02-23 17:50:32 +01:00
iglocska 384a51e144 chg: [querystring] bumped 2019-02-23 16:20:15 +01:00
Hannah Ward 451a9db3a1
new: Add CORS settings for external integration 2019-02-14 16:32:50 +00:00
iglocska f8923f6ed8 fix: [UI] Potential fix for the weird popover behaviour 2019-02-13 08:46:18 +01:00
iglocska 5be753022e new: [UI] metaview refactor 
- event view uses the new parametrised system
- massive reduction of weird custom UI stuff to prepare MISP for a move to bootstrap 4
- should fix the dodgy UI issues that @rommelfs was experiencing on his Playmobil laptop
 2019-02-07 16:57:29 +01:00
iglocska 242770db0c fix: [UI] UI experts at work 2019-02-04 11:16:36 +01:00
iglocska b63d01df34 Revert "fix: [UI] small fix" 
This reverts commit 1c8d725f8d.
 2019-02-04 11:12:45 +01:00
iglocska 1c8d725f8d fix: [UI] small fix 2019-02-04 11:10:10 +01:00
Raphaël Vinot 6a45f8e059 chg: [PyMISP] Bump version. 2019-02-03 12:48:26 +01:00
iglocska 97a4b5e54c fix: [php min version] Bumped to 7 
- not enforced yet
 2019-02-02 22:51:58 +01:00
iglocska db772213f0 fix: [redirect on login] Fixed an issue where ajax queries would store their URL in the redirect URL field 2019-01-30 09:14:29 +01:00
Raphaël Vinot d7d3d3d601 chg: Bump PyMISP 2019-01-28 17:27:10 +01:00
iglocska 9afd0d8600 fix: [redirect] Correctly redirect to the requested URL after a login, fixes #4005, fixes #1301 2019-01-28 17:02:04 +01:00
iglocska 5c97a8725e fix: [API] Fixed the handling of AND-ed and OR-ed URL parameters 2019-01-26 10:39:20 +01:00
iglocska 631184a2ca Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-01-20 22:17:39 +01:00
iglocska 498a7ae77c new: [feeds] Opened up feed inspection to host org users and added servers to overlap matrix 2019-01-20 10:19:05 +01:00
iglocska 076cd002c9 chg: [query] Query string bump 2019-01-19 07:04:56 +01:00
mokaddem 5e6dc0524f fix: [App] Bump queryVersion 2019-01-17 15:48:52 +01:00
iglocska 76497420fa new: [publishing] Unpublish function added 
- users were jumping through hoops to unpublish an event
 2019-01-17 08:27:16 +01:00
iglocska 16bf6bbefc fix: [API] correctly handle custom delimiters in the filter builder 2019-01-15 23:29:13 +01:00
iglocska 8d44c78f4f fix: [tag collections] Fixed hook to reload galaxies 2019-01-06 21:22:01 +01:00
Raphaël Vinot 083beae502
chg: Bump PyMISP recommended version 2018-12-06 15:27:02 +01:00
Raphaël Vinot 24fdc34df8
chg: Bump PyMISP recommended version. 2018-12-03 17:15:23 +01:00
iglocska 2d0259ce13 fix: [CS] coding standards script re-run 2018-11-23 14:11:33 +01:00
iglocska 4cd3811142 new: Various fixes to the reporting of validation errors for saving attributes 
- view the failed/succeeded saves in batch imports, fixes #3866
- fixed a bug that inserted junk into the flash messages, fixes #3863
- fixed a bug that removed all but the last entry in a failed batch import #3865
 2018-11-13 11:48:12 +01:00
iglocska cfe934fb93 new: [search] Rework of the UI attribute search complete 2018-11-12 11:59:56 +01:00
iglocska 28cd032264 chg: [seach] WIP, more work on the attribute search's JS components 2018-11-11 23:13:25 +01:00
iglocska 7ab8b0e90a fix: [attribute search] Fixed invalid JS calls introduced as part of the rework (WiP) 2018-11-04 22:54:29 +01:00
iglocska 1187fb2a27 new: [API] Added CSV as return format for event index 2018-10-21 22:47:22 +02:00
Raphaël Vinot e63d8edd21 chg: Bump PyMISP & recommended version 2018-10-12 16:02:56 +02:00
iglocska 24d84c8388 fix: [search] Multiple lines didn't correctly get parsed as separate values in the attribute search 2018-10-11 18:23:04 +02:00
iglocska 1b028ee15a new: [related tags] View the related tags of attributes on the event view (via a toggle) 
,,.,,+zznzzzzzzzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMxMxMMWMMMWMMz*ii****iiiiiiiii**iiii,....
,,.,,#zzzzzzzzzzzzzzzzzzzzzzzznxMMMMMWMMMMMMMMMMMMMMMMMMxMxMMMWWWWWWWWx+*iii*iiiiiiiii*iiiii,,,..
,,,,,#zzzzzzzzzzzzzzzzzzzzzzznMWWMMMMMMMMMMMMMMMMMMMMMMMWWMxnnzxxMWWWWMn*iiiiiiiiiiiiiiiiiii..,..
,,,,,#znzzzzzzzzzzzzzzzzzzzznMMMMMMWWWWMMMMMMMMMMMMMMMMWWWMMMxnxxxxMMMMW#*iiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzzzznMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMWxMMMMMMxxxxnxxz*iiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWMWWWWMWMMMxxxni*iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMWWMWMMWWWMMMni*iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzzzxWMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMWMMMMMMWMWWMMMMMz*iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznzzznMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMMMMMMMMWn*iiiiiiiiiiii*i,.,.,
,,.,,#zzzzzzzzzzzzzzznzzzxMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWWMMMMMWWM+*iiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzznzzznzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMWWWWWWWWWWWWWMMWWn*iiiiiiiiii*i,.,.,
,,.,,#zzzzzzzzzzznzzzznzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMMWWWWMMWWWWWMMMM**iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzznMMMMMMMMMMMMMWMMMMMWMMMMMMMMMMMMMMWWWWWMMMMMMMMWWWWWMWM#iiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWMMMMMMMWWWWMzi*iiiiiiii*i,.,.,
,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMMMWMnzxMMMMMMMMMMMMMWWWWWWWWWWWWMMMMMMMWWWWni*iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzWMMMMMMMMMMMMMMMnnzznxMWMMMMMMMMMMWWWWWWWWWWWWWWWWWMMWWMn**iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMWMMMMzz#+#znxMWMMMMMMMMMMMMMWWWWWWWWWWWWWMWWMn**iiiiiiii*i,.,,,
,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMxz#*i**+zznMMMMMMMMMMMMMMMWWWWWWWMWWWWWWWx**iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMWWMMn#*iii*i*+znxMWMMMMMMMMMMMMWWWWWMMMMMMMMMM+*iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzznMWMMMMMMMMMMMMn#*iiii*i*i+#znMMWWMMMMMWMWMMWWWMMMMMMMMWWx+iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMx#i*iii**iiii*#znxMWMMMMMMMMMMMWWMMMMWWWWWWniiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznzMMMMMMMMMMMMxn+ii**i**iiii*i*zznMMMMMMMMMMMMMMMMMxMWWWMMx*iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznnMMMMMMMMMMMMxz*ii*iiiiiiiii:;*+znMWMMMMMMMMMMMMMMMMMWWWMx**iiiiiiii*i,.,,.
,,.,,#zzzzzzzzzzzzzzzznMMMMMMMMMMMMMn+ii*iiiii**;;:.:i*zznxMMMMMMMMMMMMMMWWWWWWni*ii**iiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzxMMMMMMMMMMMMMn*ii*iii*i;:,.,..,.,;+znxxMMMMMMMMMMMMMMWWWziiii**iiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMxzi*ii*ii*;,,,,,,,,,,,,:i*i#znnnxMWWMMMMMMMWn*iii*iiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMz*i*i*i*;:,.,,,,,,,,,,,,.,,,;i*#zznxMMMMMMWWM+iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iii*i*i:.,.,,,.,.,,,,,,,,,,,,,,;i#znxMMMMMWM+iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iiiiii:.,,.,,.......,,,,..,,,,,,,,iznxMMMMWM*iiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznMMMMMMMMMMMMx#ii*ii:.,,,,,,..........,.....,,,,,,:*#MMMMWxi*iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzMMMMMMMMMMMMn+i*i;:,.,,,......,.............,....,,;xMMMWniiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznzzMMMMMMMMMWMn+iiii;,,,,,,.,..........,....,.,...,,,,.zMMMMxiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznznMMMMMMMMMMnz*iiii:,,,,,,,,,,,,................,,,...zMMMMzi*iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznznMMMMMMMMMxzz**ii;..,,,.,,,,,,.................,,,...nMMMM#**iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznzzMMMMMMMWxzzz+iii:.,,,,.,,,,,....,............,,,,..,nMMWx*iiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznznMMMMMMMWnzzzn+i*,...,,..,,,.,..,.,...,........,,,.,;MWMM+iiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzzzzzii*++++z+;,,,.,,,,,,,,,...,.....,...;MWMxii**iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzznzzzzznnnzzzn#i,,,.,...................,MWM#iii*iiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzxMMMMMMMMzz+#znzznznMWWMMWMx#i:,,,,,,,,,,,,,,.,,..,,:MMx*iiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzxMMMMMMMxzz**#znMMnnxxxxxMWWWMnz;,,,,,.,.,,,,,,,,,,,,MMziiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzMMMMxMMMnzz*ii#nWWWWMWWnMMMWWWWWn*,,;i;i;**+#zzz+i,,,Mx*iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzMMMMMMMxzzzi*;,+xWWMnxMnx+xMWWMWWn,.,znMMMxxMMMMxni:*Mziiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzznxnxMMMMxznziii.,:+nxiinn*.iMMMWMM+,,.*WWWWWWM#:,:#z##M*iiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzznzznxzMWMMMxznziii,..,+#n:,:,,,izzMM#;,,,+WWWWWzxn+i,:zzzMi**iiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzznzznnzxMMMMxzz#ii;,,,,:**++i::,:::zx;,,,,#MM#zxxMznWx#+izxiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzxnzMWMMMnzzz*i:.,,,,,,,i;i;,,.,*n,,,,,+#+::#n*,#xni,,zniiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzxnzMMMMWnzzz**;..,,,.,..,;,,,,,;n,.,,:*;,:::,,,:*,.,,n#i*iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzznxzMWMMMnzzz**i,..,,.,,,,,,,,,,+#,...,i,.,;**++*:.,,:x***iiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzznzznnxWWMxnzzzz+*i,,,,,.,,,,,,,,,:z;,,..,:..,,,,::.,..,;xi*iiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzznxxxzzzzzz+ii,...,.,,,,,,.,,+zi.,,.,,.,,.,,..,,,,,++iiiiiiiiiiiiiiii*i,.,,.
,,.,,#zzzzzzzzzzzzzzzzzznMzzzznz#ii:.,.,..,,,,,,,izn:,..,.,,..,...,,.,,,#*iiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzznxzzzzzz#ii;.,.,..,,,,.,:zzz,,..,,,,.,...,,,,,,:+*iiiiiiiiiiiiiiii*i,.,,.
,,.,,#zzzzzzzzzzzzzzzznzxxzzzznzz*i;..,,,.,,,,..;zz*..,.,,,,........,.,**iiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzznzxMnzzznzz*ii,.,,,,,,,,,,ii:,,,,,,,,,,,,,,.,,.,;+*iiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzxMzzzzzzz**i,,.,..,,,,,;*:*,,,.,,...,,,,,,.,,,**iiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzzzzzMMnnzzzzz*ii:.,,,,,,..,#nnn#+,,,,,..,,....,.,i+i*iiiiiiiiiiiiiiiii*i,.,,.
,,.,,#zzzzzzzzzzzznzznnzMMnxzzzzz**i;.,,,,.,,.,zxWWWxi,,,:*,,,..,.,,,#**iiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzzznM+WMxxzzzzz***;..,,,,,,..;xWWWWn+**#;,,,,.,,,.i#*iiiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzznW#zWMxnnzzzz*iii,.,,,,,,,,,+nWMWWWMx+,,,,,.,,,,++i*iiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzznMM,zWMMnnzzz#*ii*;.,,,,,,::iznxMMWWWWn#;,,.,,,,*#**iiiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzzzzMWz,zMMMxxznn#*ii*i::;i++#zznxWxxxWWWxxxzi,.,,,,#+iiiiiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzznMWW#,#MMMMMnznz*ii**izzzzzzxMMWWnxM@WMMMMzzi,.,,+*+iiiiiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzznMWWW#,*xMMMMnznz*iiii+MnnnnnxMWWWxxMxMxMxxxnz*,,,*+*iiii**iiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzzzMWWWW#;;zMMMMMnnz#*i*#MWxxxxxMWMxMMxMxMWWWWxMzn;.i:#*iiii**iiiiiiiiiiiiiii*i,.,..
,,,,,#zzzzzznnzxWWWWW#:;+MMMMMxzzz#*zzxWMWMWxMWWMMWWMMWWWWMxxMn:,*:#iiiiiiiiiiiiiiiiiiiiii*i,.,..
,,.,,#zzzzzzzzxWWWWWWz::inMMMMMxznzzzzznxMMMxxxMMxxxzxMWWWMMWWx:ii+*iiiiiiiiiiiiiiiiiiiiii*i,.,..
....,#zzzzzzznWWWWWWWz;,;+MMMMMMxzzzzzzzzznz#**i;::,,:;#nxxWMM+;*;+*iiiiiiiiiiiiiiiiiiiiii*i,.,..
...,,#zzzzzznMWWWWWWWni,,*nWMMMMMxnzzzzzzzz#i*i,,,,:,,,,:+#z##i#+#*iiiiiiiiiiiiiiiiiiiiiii*i,.,..
...,,#zzznnnxWWWWWWWWx*,.i+MMMMMMMMxxnzz#+****i,i**#z+;,:*iiii*zz+*iiiiiiiiiiiiiiiiiiiiiii*i,.,..
,,,,,#nzzzxMMWWWWWWWWW*;.:*#WMMMMMMMMxz+**iiiii;*++####:;i****zz#*iiiiiiiiiiiiiiiiiiiiiiii*i,.,,.
,,,,,#zznMWxWWWWWWWWWWz;,.;*nWMMMMMMMMnz#ii:.....,,,,,,,,ii*+zzz*ii**iiiiiiiiiiiiiiiiiiiii*i,.,..
,,,,,#nxWWMxWWWWWWWWWWW;:,,*+xMMMMMMMMMxnz*:.,,,,,..,,,,,,i#nnx+i*i*iiiiiiiiiiiiiiiiiiiiii*i,.,..
,,,,,zWWWWMxWWWWWWWWWWW*;,.,*+MMMMMMWMMWMx#*:,,,,....,,,,:#nMM#+*ii*iiiiiiiiiiiiiiiiiiiiii*i,.,..
,,,,,xWWWWxWWWWWWWWWWWWx::,,:;+MMMMMMWMWMMnz+:....,,.,,,,+MWMM*#z+*iiiiiiii**iiiiiiiiiiiii*i,.,..
,,,,,xWWWMxWWWWWWWWWWWWW+:,,,;:+MMMMMMMMMMMxnz*;,,:,,,i+#xM++W#+nz#iii*iiiiiiiiiiiiiiiiiii*i,.,..
,,,,,xWWWMMWWWWWWWWWWWWWx,,..,;,*xWMMMMMMMWMWxnn####+##nxx#,+Wx*nznz:i**iiiiiiiiiiiiiiiiii*i,.,..
,,.,,xWWWxMWWWWWWWWWWWWWWi.,,,,:,*#MMMMMMMMMMWMMxxxxxxxMnn,.zWM#;zzMn;*i*iiiiiiiiiiiiiiiii*i,.,..
,..,,xWWWxWWWWWWWWWWWWWWWx,,,,,,:,;+MMWMMMMWWWWWWWMMMMMxn:..nWWni+nzMn#niii**iiiiiiiiiiiii*i,.,..
,..,,xWWMxWWWWWWWWWWWWWWWWi,,,,.,:,,;xWMMMMMMMMMMMMMMxnni...xMWxz;znnMxxM#;i*i**iiiiiiiiii*i,.,..
,..,,xWWMMWWWWWWWWWWWWWWWWz.,,...::,,;zWMMMMMMMMMMMMnzzi,,,,MMMMx*innxMxxWx+iiii**iiiiiiii*i,.,..
,..,,xWWMMWWWWWWWWWWWWWWWWM:,,...,:,,,,+xWMMMMMMMMxnnzi,.,,,MMMMMzinxMxMxxMMM#;i**iiiiiiii*i,.,..
,..,,xWWxWWWWWWWWWWWWWWWWWW*.,.,.,,:,,.,i+xWWMMMMxnnni,,,,,.WMMMMMz#nMMxMMMMMWxi;i*iiii*ii*i,,,..
,..,,xWWxWWWWWWWWWWWWWWWWWWz.,,,,.,,:,,,,::#@WMMxnnn;..,,.,:WMWMMMMznxWxxWMMMMMM#;iiiiiiii*i,,,..
,..,.nWMMWWWWWWWWWWWWWWWWWWM,.,,,...,,..,.,.iMWMxnz:.,.,,.,;WMWMMMMnzxMMxMMMMMMWMxi;i*iii*ii..,..
,..,,nWWMMWWWWWWWWWWWWWWWWWWi,,,....,.,,.,,,,:nxxz:,.,,,...iWMWMMMWMznMMMxMMMMMMMMMzi;i**iii..,.,
,..,,xWWWMMWWWWWWWWWWWWWWWWW#:.....,....,.,,..:#+,..,,,....:WWMMMMMMxnnMMMxWMMMMMMMWM#;;*i*i,.,..
,..,,xWWWWWMMWWWWWWWWWWWWWWWxi:..,.......,,,,..;;,...,,...,,@WMMMMMMMxzxMMxxMMWMMMMMMWx+;iii,,,..
,..,,xWWWWWWMMMWWWWWWWWWWWWWM*i,,,,......,,,,,;MWx+,..,,,..,@WMMMMMMMMnzxxnMMMMMMMMMMMWWx+ii,,,,.
,..,,xWWWWWWWMxWWWWWWWWWWWWWW+*;,,,,.....,,.,,xWWW@n:.,,,,.,WWMMMMMMMMMnnnMMMMMMMMMMMMWMWMxz,,,..
,..,,xWWWWWWWWMxWWWWWWWWWWWWWzi*;,,,,.....,,,nWMMMWWM:.,,,..MWMMMWMMMMMMnMMMMMMMMMMMMMMMMMMx,.,.,
,..,,xWWWWWWWWMxWWWWWWWWWWWWWMiii;,,.,,...,.zWWWWWWWWn,.....zWMMMMMMMMMMMxMMMMMMMMMMMMMMMMMx,,,..
,..,,xWWWWWWWWMWWWWWWWWWWWWWWWiii*;,,,,,,.,z@WWWWWWWWW*,..,,zWMMMMMMMMMMMMnMMMMMMMMMMMMMMMMx,,,..
,..,,xWWWWWWWMWWWWWWWWWWWWWWW@+,;ii:,,.,,,zWWWWWWWWWWWM:.,,,#WMMMMMMMMMMMMxnMMWMMMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWz,.;i*:...,ixWWWWWWWWWMMW+,,,.+WMMMMMMMMMMMMMxxMWWMMMMMMMMMMMx,,,..
,..,.xWWWWWWWWWWWWWWWWWWWWWWWWM,,,iii,,,;i+WWWWWWWWW#+xx;,,.+WWMMMMMMMMMMMWMxxMMMMMMMMMMMMMx,,,,,
,..,.xWWWMWWWWWWWWWWWWWWWWWWWWW;.,:iii,:ii*xWWWWWWWW+i*Mz,.,*WWMMMMMMMMMMMMWMxnMMMMMMMMMMMMx,,,..
,..,.xWWWMWWWWWWWWWWWWWWWWWWWWWz.,.;i*iiiiinWWWWWWWW*i*+z*.,iWWMMMMMMMMMMMMMMMxxMMMMMMMMMMMx,,,..
,..,.xWWWMMWWWWWWWWWWWWWWWWWWWWx,,,.i***;:i#WWWWWWWMi*ii*zi,;WWMMMMMMMMMMMMMMMMxMMMMMMMMMMMx,,,,.
,..,,xWWWWMMWWWWWWWWWWWWWWWWWWWW;,,.:*ii,,i+WWWWWWWM::iiiizi:WWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW+,,,.,i,,,;*WWWWWWWx:.:iii*z*MWMMMMMMMMMMMMMMMMMWMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWn,,,,...,,:*MWWWWWWn:..;ii**xWWMMMMMMMMMMMMMMMMWWMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWW:.,.,,,.,,iMWWWWWWz,.,,i*i*nWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW@*..,,,..,,ixWWWWWWz..,.,i*inWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,,.
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWn,.,,,,,,,;n@WWWWWn..,,,:*izWWMMMMMMMMMMMMMMWWWWMMMMMMMMMMx,,,..
,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWM:.,,,....:xWWWWWWM,,,,,.:izMWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,..
,..,,nMWWWWWWWWWWWWWWWWWWWWWMWWWWM#*********MWWWWWWW+*******nMWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..
,..,,nMWWMMMMMMMMMMMMMMMMWWMMMMMWMMMWWMMMWWMMMMMMMMMMMMWWMWWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..
 2018-10-11 17:37:58 +02:00
iglocska c74953a2fc fix: [Auth] Correctly handle users accounts getting deleted whilst the users are logged in 
- deauthed users would end up in a forced loop having to read the news creating a new blank user with each page refresh
 2018-10-09 10:33:15 +02:00
Sami Mokaddem f3d043a37f chg: bumped js version 2018-10-02 12:01:05 +02:00
Hannah Ward f5fbb3fb12
fix: Headers are case-sentitive, do not strtoupper 2018-10-02 15:40:28 +01:00
iglocska 3ee3c6a34d chg: [debugkit] Added the commented out loading of debugkit for convenience 2018-09-27 23:02:15 +02:00
Raphaël Vinot ed64988ffd
chg: Bump recommended pyMispVersion 2018-09-06 11:27:02 -07:00
iglocska 6850d7dff3 fix: [internal] AppController minor fix 
- fix bug of invalid forcing of JSON export type in certain conditions
 2018-09-03 17:46:35 +02:00
iglocska 69b1b741b6 chg: [API] legacy passing of the api key via URL parameters caused an invalid response type 
- automatically selects json now
 2018-09-03 10:07:47 +02:00
iglocska f2a81866c1 new: [internal] SQL debug API tool added 
- just pass /sql:1 to any query via the API to see a dump of all queries
- Response isn't very clean, JSON pushed infront of whatever the output is
- requires debug mode = 2
 2018-08-31 13:22:31 +02:00
iglocska 2a10276d07 Merge branch '2.4' into feature/api_rework 2018-08-22 17:39:56 +02:00
Steve Clement 1bac3749c5 fix: [i18n] Variables are in no need to be translated, it will break stuff, horribly. 
upd: [i18n] Update default.pot again
 2018-08-21 14:48:23 +03:00
iglocska 3371ad4494 chg: [querystring] version bumped 2018-08-21 07:56:33 +02:00
iglocska b407aba746 fix: [CS] Updated recent changes 2018-08-20 10:50:09 +02:00
iglocska 4c604636d4 fix: [API] allow other returnFormats besides download to work for restsearch 2018-08-09 16:26:12 +02:00
iglocska 8907517330 new: [internal] Added new internal functions to be used by all export APIs in the future 
- authenticate user via URL params if not already authenticated (to support legacy APIs)
- harvest parameters in a standardised way for filtering all export APIs
 2018-08-06 10:46:52 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
Sami Mokaddem 225c34ef0b Merge remote-tracking branch 'upstream/2.4' into sharingGraph 2018-07-12 14:47:14 +00:00
iglocska cbc09e4540 fix: [i18n] Added default language 2018-07-12 16:12:15 +02:00
iglocska 0d45dbc27a new: [API] Check for malformed JSON requests 2018-07-11 10:16:19 +02:00
Sami Mokaddem b7a16803f3 chg: [appController] bumped query version 2018-07-06 14:48:14 +00:00
Alexandre Dulaunoy e8d8d80aba
chg: [PyMISP] released as 2.4.93 2018-07-01 18:26:06 +02:00
iglocska 81c0fc2279 new: [API] Added unsafe URL parameter to authenticate users 
- for legacy tools that cannot pass headers in HTTP requests for some insane reason
- Needs to be enabled by a site admin - default is that it is disabled
- MISP's diagnostic tool WILL complain if this is ever enabled
 2018-06-27 14:25:40 +02:00
Sami Mokaddem 6637d19e46 fix: bump query_version and updated queryACL 2018-06-22 13:37:49 +00:00
iglocska 72050ec5ea fix: [UI] Fixed a bug with galaxies not being addable 2018-06-22 12:08:26 +02:00
iglocska 437793a65f fix: Fixed a bug where users couldn't add galaxies after paginating/filtering on event attributes 2018-06-21 09:07:38 +02:00
iglocska a930fdeaeb new: [i18n] Added tools to switch between languages via the server settings 2018-06-20 15:11:43 +02:00
iglocska 381a4b8895 fix: Don't require API users to acept the terms / change password to get going 
- to get the API key they need to log in anyway via the interface
 2018-06-20 07:55:04 +02:00
iglocska 5d925cbf96 fix: [bug] Endless loop when terms are not accepted / password not reset fixed, fixes #3336 2018-06-12 22:41:57 +02:00
iglocska ac0663862f chg: [version bump] querystring bumped 2018-06-12 16:10:49 +02:00
iglocska e3eb71b29a new: [ACL] Added new role permission: publish_zmq 
- permission flag to use the "publish to ZMQ" button
 2018-06-07 17:52:01 +02:00
Raphaël Vinot 4ee0e8dced
chg: Bump PyMISP version. 2018-06-07 12:12:29 +02:00
iglocska e3c8f80421 new: batch delete should hard delete if event hasn't been published yet, fixes #3311 2018-06-05 17:50:26 +02:00
iglocska a2746418ae fix: Allow updateDatabase to accept numbers 2018-05-31 14:39:28 +02:00
iglocska 2ed4ecec02 new: Stricter validation of baseurl when coming via the API tool 2018-05-26 06:55:28 +02:00
iglocska 9ffd05e57d fix: [API] Add object request has been black-holed. #3271 
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
 2018-05-23 10:33:40 +02:00
iglocska 68b8266584 new: New flash message system, fixes #3252 
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
 2018-05-16 19:32:38 +02:00
iglocska d49a190f99 fix: Version bump 2018-05-14 23:22:35 +02:00
iglocska 5acfac3539 fix: Some cleanup 2018-05-12 17:26:16 +02:00
iglocska 42d86d7b18 fix: [API] Tightened the disabling of the security component to counter the effects of cakephp 2.10.x 2018-05-09 13:08:42 +02:00
iglocska 776084130f fix: Remove form tampering for REST requests 
- makes MISP compatible with 2.10.x
- No point in running the security component's test since no form is submitted via REST anyway.
 2018-05-08 18:50:27 +02:00
Sami Mokaddem 680311f68f chg: [Controllers] sets the ajax variable globally 
As well as removing useless set in controllers and accessing it instead
of passing through the request.
 2018-05-07 14:44:59 +00:00
Sami Mokaddem 6d476814b0 Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut 2018-05-03 13:52:40 +00:00
Sami Mokaddem 50ac404da7 chg: update __query version 2018-05-03 09:58:44 +00:00
Alexandre Dulaunoy d960ce3642
fix: PyMISP version 2.4.90 2018-04-25 11:59:55 +02:00
Sami Mokaddem c7496c67ca fix: changed "xhtml:body" into "xhtml:div", to avoid creating a body DOM 
which cause listener on the original body to bug. Incremented js number
and check if request is ajax or not in ObjectController
 2018-04-23 07:35:52 +00:00
iglocska 279a6459ff new: Preview the extended event ID / UUID 
- Also, cleanup of the nasty event tag code
 2018-04-19 13:56:50 +02:00
iglocska e89d7ebc16 new: Added separation between enabled feeds and feeds enabled for caching 2018-03-30 23:30:54 +02:00
StefanKelm a57ed6f3cd
Update AppController.php 2018-03-27 15:38:53 +02:00
iglocska 41fdf6da8b new: Allow further role settings 
- exclude a role from non site admin assignment
- set max memory usage and execution time / role
 2018-03-24 21:43:46 +01:00
Alexandre Dulaunoy bc5eb68919
fix: PyMISP version is 2.4.89 2018-03-23 10:57:53 +01:00
Alexandre Dulaunoy ebe39b834e
fix: PyMISP recommended version fixed 2018-03-23 10:52:28 +01:00
iglocska ddf481042f chg: Query string bumped 2018-03-23 09:40:02 +01:00
iglocska ee6f5f46e2 fix: Fixed annoying download list only having one side clickable 
- it was annoying to brigadier general @adulau
 2018-02-22 12:02:34 +01:00
iglocska a0d7cececc new: Reowkred organisation merge workflow, #fixes 2931 
- Organisation merge is now offered to the user by the edit page if a UUID was used to edit an organisation that is already in use
- Merging a local org with 1+ user(s) into an external organisation converts the target organisation into a local one
- Merging a local organisation with a logo into an organisation without one will move the current logo to over
  - caveat: this will only happen for organisations already using the new logo naming ([id].png as opposed to [name].png)
 2018-02-16 16:34:12 +01:00