MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
1,513 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

1374 Commits (61753690a148e9d31e6a23a88c5f86a048124b26)

Author SHA1 Message Date
Alexandre Dulaunoy e8f37f6480 New attributes added to the shadow attributes 
sha256, http-method, named-pipe and mutex added to the
shadow attributes. Fixing #170

This is not solving the core issue of having duplicate
attributes declaration in MISP but this is fixing the
consistency issue between attributes and shadow attributes.
 2013-09-04 16:24:56 +02:00
iglocska 807cc4c090 Deleting attributes deletes associated shadow attributes 
There was a bug causing "zombie" shadowattributes to stay in events if the attribute has been deleted
 2013-09-04 08:52:30 +02:00
iglocska 9f3dadfadf Menu change 
- added link to view the proposals
 2013-09-03 15:50:30 +02:00
iglocska 070c3664c2 Two files left off 2013-09-03 15:32:12 +02:00
iglocska a5c100309b Fixes to the Shadow attribute e-mailing 
- E-mail locks are now correctly reset by discarding / accepting a proposal

- Also, new index page to see the list of proposals that a user can accept
 2013-09-03 15:29:44 +02:00
Christophe Vandeplas 1a639fd826 Merge branch 'hotfix/2.1.18' into develop 2013-09-02 16:04:56 +02:00
Christophe Vandeplas 23223155c7 fix bug in pull updated events, improved performance 2013-09-02 15:26:31 +02:00
iglocska 1e136e23af Merge branch 'hotfix-2.1.17' into develop 2013-09-02 11:47:00 +02:00
iglocska 28901cc682 Left-over line removed 2013-09-02 11:46:22 +02:00
iglocska 2db7d4360b Merge branch 'hotfix-2.1.17' into develop 2013-09-02 11:44:19 +02:00
iglocska a6a6c6bd35 Small cleanup 2013-09-02 11:36:27 +02:00
iglocska e10d6a0afd Attachments correctly exported with events/view/1.xml now 
- bug that broke transfer of attachments on pull fixed

- data only exported on view() not mass xml exports
 2013-09-02 11:31:34 +02:00
iglocska b1ecb41968 Merge branch 'hotfix-2.1.15' into develop 2013-08-29 15:36:51 +02:00
iglocska a98d94469a Export fixes 
- conversion of the array in the XML export to be compatible with the XML parser (some invalid characters could break it)

- New separate CSV export that includes all visible unpublished and non IDS signature attributes on request
 2013-08-29 14:49:42 +02:00
iglocska b0f91729aa A fix to the csv export 2013-08-29 13:56:19 +02:00
iglocska 4f6a153435 Merge branch 'hotfix-2.1.15' into develop 2013-08-29 12:43:49 +02:00
iglocska 40886018da Fix to a typo causing exports to fail 2013-08-29 12:43:08 +02:00
iglocska 01546b3658 Merge branch 'hotfix-2.1.14' into develop 2013-08-28 14:58:16 +02:00
iglocska 309630499f Merge branch 'hotfix-2.1.14' 2013-08-28 14:57:48 +02:00
iglocska ebcbcdc6bf Removed a left-over junk line from the shadow attribute controller 2013-08-28 14:56:40 +02:00
iglocska af8b2af5af Merge branch 'master' of https://github.com/MISP/MISP 2013-08-23 15:38:18 +02:00
iglocska dbbfa947e2 Merge branch 'hotfix-2.1.14' into develop 2013-08-23 15:35:12 +02:00
iglocska dc8ed81448 Fix to sync users being able to edit events that don't belong to them interactively 2013-08-23 15:34:03 +02:00
Christophe Vandeplas 660132816b fix version number master 2013-08-23 12:46:25 +02:00
iglocska 5f9bf7e8d2 Merge branch 'hotfix-2.1.13' into develop 2013-08-23 10:48:14 +02:00
iglocska 29afb82f4d Removed vulnerability and comment from correlation 2013-08-23 10:47:46 +02:00
iglocska 5a7558d700 Merge branch 'hotfix-2.1.12' into develop 2013-08-23 10:20:48 +02:00
iglocska b150e3cb2c Final change to the placement of the logos on the login page 2013-08-23 10:20:24 +02:00
iglocska 52c585336f Merge branch 'hotfix-2.1.12' into develop 2013-08-22 18:03:58 +02:00
iglocska c21d664757 Small alignment fix again 2013-08-22 18:03:34 +02:00
iglocska 21f9528837 Merge branch 'hotfix-2.1.12' into develop 2013-08-22 18:01:15 +02:00
iglocska 0181901159 Small alignment change 2013-08-22 18:00:51 +02:00
iglocska 1495da1367 Merge branch 'hotfix-2.1.12' into develop 2013-08-22 17:25:44 +02:00
iglocska fb3c796f2e Added second logo to the left of the login screen 2013-08-22 17:24:22 +02:00
iglocska 690e6abbf5 Merge branch 'hotfix-2.1.8' into develop 2013-08-21 13:09:16 +02:00
iglocska 20efca4d79 A previous change reverted by accident in the previous commit 2013-08-21 13:08:28 +02:00
iglocska bbb4d3066f Merge branch 'hotfix-2.1.8' into develop 2013-08-21 11:40:50 +02:00
iglocska b7d95ed743 Upgrade script for 2.1.8 
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user

- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)

- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition

- The default value for locked is 0, and all events created on the instance should be set to this value

- events that were synced from another instance should have their locked value set to 1

- this script checks for local organisations and sets the locked field to 1 for all events not created by them

- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.

- The script is only accessible by site admins and will return a notification about the number of events altered.
 2013-08-21 11:33:30 +02:00
iglocska 994b701fe0 Merge branch 'hotfix-2.1.11' into hotfix-2.1.8 2013-08-21 08:48:39 +02:00
iglocska c43df3a2a2 Merge branch 'hotfix-2.1.11' into develop 2013-08-20 17:52:41 +02:00
iglocska dde8c8d43c Fix to the e-mailing 2013-08-20 17:52:12 +02:00
iglocska fb5fb26adc Merge branch 'hotfix-2.1.11' into develop 2013-08-20 17:21:05 +02:00
iglocska 4e32336878 Small fix to the previous commit 2013-08-20 17:20:37 +02:00
iglocska 16c16a2eb5 Merge branch 'hotfix-2.1.11' into develop 2013-08-20 17:06:19 +02:00
iglocska 33965eac0d Changes to the shadow attribute controller 
- users that weren't publishers couldn't accept / discard proposals

- emails were blocked by an incorrect debug mode for the e-mailer
 2013-08-20 17:04:42 +02:00
iglocska 8ec5a83768 Some smaller fixes 
- PGP key of the user shown in the profile instead of always showing N/A

- Contact e-mails now include the instance's owning org in the subject

- Users can now enable/disable contact e-mail subscriptions
 2013-08-20 14:19:08 +02:00
iglocska e57c3bfdc0 Merge branch 'hotfix-2.1.10' into develop 2013-08-20 11:27:09 +02:00
iglocska 4056e163c1 Users weren't able to change the contactalert field 2013-08-20 11:26:24 +02:00
iglocska f0a5ac90d8 Merge branch 'hotfix-2.1.9' into develop 2013-08-20 10:19:43 +02:00
iglocska c989e4ce1d Fix to not being able to accept shadowAttributes 
- recursive -1 used for loading attribute, then referencing the event
 2013-08-20 10:17:37 +02:00
iglocska ea3b62f88a AJAX upgrade to the discussion board 
- Quickpost without reloading the page with AJAX

- for page changes / adding posts show an animated spinner

- spinner div / styles available from every page (the div is located in the default layout and is hidden unless manually shown)
 2013-08-19 17:26:06 +02:00
iglocska cf58ae2dc0 Discussions 
- fully working version
- some improvements still possible (hiding discussion on demand, add/edit with ajax)
 2013-08-19 10:03:18 +02:00
Alexandre Dulaunoy 06fbcc27f1 Vulnerability url is now configurable (Fix #153). 
A global configuration CyDefSig.cveurl added to specify the URL
where to reference a CVE/NVD number. CyDefSig.cveurl is optional
and if not existing fallbacks to the original google.com URL.
 2013-08-16 11:09:55 +02:00
iglocska 1ad3a8ffd6 Discussion boards 
- First fully working version
- Create threads or create a thread attached to an event
- Add posts to threads / edit them / delete them
 2013-08-14 17:46:57 +02:00
iglocska 62bec39759 First version of the event discussion UI 2013-08-14 08:45:05 +02:00
Alexandre Dulaunoy a524d95b34 Attribute http-method added - issue #161 fixed 
The attribute HTTP method added. By default, the values
must match the known HTTP method from RFC2616, RFC2518,
RFC3253, RFC3648, RFC3744, RFC5789, RFC5323. The method
is case sensitive.
 2013-08-13 13:19:27 +02:00
Alexandre Dulaunoy be316c80a2 Terms and conditions separated from the template. 
If a file terms exists in app/View/Users, the terms are included.
If not, the default message is included to inform the admin. This
avoids to overwrite local terms when updating MISP code.
 2013-08-13 09:09:21 +02:00
iglocska 932f5b89df Introduced a typo in the previous commit. 2013-08-12 17:31:45 +02:00
iglocska 285ff481a5 Further updates to the sync 2013-08-12 17:23:32 +02:00
iglocska 49f90b59f2 Fix to the distribution changes breaking threatconnect imports 2013-08-08 13:59:10 +02:00
iglocska 87a03b756e Changes to the initial distribution settings 
- The initial attribute distribution level now allows the option for 'event', inheriting the event's distribution level
 2013-08-08 12:16:03 +02:00
iglocska 5379d12a67 Merge branch 'hotfix-2.1.5' into develop 2013-08-08 11:45:17 +02:00
iglocska eac87af41a Attributes won't show two links to the same event anymore on the event view 2013-08-08 11:44:18 +02:00
iglocska 0a790a3bdd Merge branch 'hotfix-2.1.4' into develop 2013-08-08 11:22:12 +02:00
iglocska 720e742139 Fix to incorrect distribution setting in the openIOC importer 2013-08-08 11:20:55 +02:00
Alexandre Dulaunoy b3ff79c03d Typographic errors fixed in automation page 2013-08-07 14:27:23 +02:00
Alexandre Dulaunoy d2e6b25af2 Trailing ":" removed from title page template 2013-08-07 13:47:03 +02:00
iglocska 0ee45af902 Default distribution level flags in bootstrap.php 
- Each instance can now have its own default event and attribute distribution level set
 2013-08-06 11:53:12 +02:00
iglocska 7a09076bc8 Set the default value of the flag disabling rest alert messages to false 2013-08-06 10:09:19 +02:00
iglocska 5011b50c65 Notification on rest add of published events. Fixes #138 2013-08-06 09:43:00 +02:00
Christophe Vandeplas cb6482fd54 Merge branch 'develop' into 'master' for v2.1 2013-08-02 15:39:54 +02:00
iglocska fa1af3cd3b Pivot thread changed slightly 
- There is a reset button in the first arrow

- adding an event that exists already in the list should not create a new pivot point
 2013-08-02 15:23:48 +02:00
iglocska bfa8aa3d28 Jumping between pivot thread points changed 
- no longer adds the event to the thread
 2013-08-02 14:58:35 +02:00
iglocska 4cd55b90f8 Fixed the CSS issues with the pivot thread 2013-08-02 14:45:54 +02:00
iglocska 66a7791b33 Pivot threads and other changes 
- Users can now see the path they took while jumping from related event to related event

- Removed the breadcrumbs

- Some UI changes (user menues were not showing the active page, etc)
 2013-08-02 11:53:17 +02:00
iglocska 964d39143b Crumbs not shown on error messages 2013-08-01 10:21:11 +02:00
iglocska cc417fdb05 Change to the routing the login to remove the admin tag 2013-07-31 16:56:44 +02:00
iglocska 9137322322 Removed the breadcrumbs from the login page 2013-07-31 15:37:56 +02:00
iglocska 5c1eaef196 File left off from previous commit 2013-07-31 15:10:17 +02:00
iglocska 8d2595d592 Breadcrumbs for the views 
- makes navigating the site easier
- some new css changes to support this
 2013-07-31 15:08:10 +02:00
iglocska 64f32389e9 Fixes to the openIOC import tool 
- should handle nested OR branches better now
- domain now mapped to Network/DNS
 2013-07-30 11:01:16 +02:00
iglocska 21b2e0e540 Fixes #144, the edit page losing the previous setting 2013-07-30 10:03:15 +02:00
iglocska 70c49f3e1b Change to the confusing invalid event message 2013-07-30 09:03:42 +02:00
iglocska 3f0eaa73a4 Changes to the filename validation 
- . allowed in filenames to allow for names such as test-1.0.ext
 2013-07-29 17:19:08 +02:00
iglocska 3206702e25 IOC file import filename regex fix 
- Didn't account for several words separated by '.'-s (file.name.ext)
 2013-07-29 15:23:40 +02:00
iglocska b3f6032857 Fixes an issue with the upload of malware samples not generating an md5 
hash if the file is too large
 2013-07-26 10:13:44 +02:00
Christophe Vandeplas 84b552fb74 fixes #141 2013-07-26 08:17:33 +02:00
iglocska 8bf54e7c01 Removed password creation for new users through the contact users menu 2013-07-25 17:23:52 +02:00
iglocska e577d587fd Discard shadowattribute changed to Postlink 
- Prevents deletion through XSRF
 2013-07-25 17:16:56 +02:00
iglocska 96170dae29 Fixed an issue with siteadmin contact e-mails resetting passwords of non existing users 
- a site admin could issue a password reset to a non-existing user
 2013-07-25 14:45:34 +02:00
Christophe Vandeplas bd61f73bd2 fixed a newly created bug in memberslist 2013-07-18 12:18:10 +02:00
iglocska 7486f478e0 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-18 11:33:11 +02:00
iglocska 7fb1e6f70e Some bugs fixed 
- Resetting the auth key for a user that doesn't exist created an empty
user 

- change_pw showed an admin menu on the side

- rerouting after an incorrect auth request fixed (users/index doesn't
exist)

- temporarily disabled the redirect after login
 2013-07-18 11:32:26 +02:00
Christophe Vandeplas 4bca5b9e30 memberslist based on orgc, is more logic to reflect the contributions 2013-07-18 11:14:11 +02:00
Christophe Vandeplas 00d8d24434 minor NIDS export performance improvement 2013-07-18 11:04:00 +02:00
iglocska 58f72ab4d1 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-18 10:58:54 +02:00
iglocska dde52f124a Initial refactoring of the event view / xml exports 
- event view and xml exports all use __fetchEvent now

- unified the permission checks

- same output for event/id.xml and the xml exports
 2013-07-18 10:58:10 +02:00
iglocska e74aabf924 Fixes XSS vulnerability in filters 2013-07-17 16:41:31 +02:00
Christophe Vandeplas 8e8f41ab13 Fixes in server push 2013-07-17 14:27:51 +02:00
Christophe Vandeplas 205ba665a5 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-17 14:07:24 +02:00
Christophe Vandeplas 2424cbbf26 Server push lower memory footprint solving OoM problem. 
Enabled per-id push like pull
 2013-07-17 14:06:24 +02:00
iglocska fc7620bd53 Minor change with shadowattributes 
- short was still used on the shadow attribute value field, if the
shadow attribute was a proposal to the event itself and not to an
attribute
 2013-07-17 13:25:28 +02:00
Christophe Vandeplas d8d3254450 more logging with PGP errors 2013-07-17 12:54:55 +02:00
iglocska 1e2dd15842 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-17 12:05:13 +02:00
iglocska 62d4addb9d Some css changes broke the shadow attributes 
- should be fixed
 2013-07-17 12:04:57 +02:00
Christophe Vandeplas 00e463bdff reverted commit of url validation that didn't validate parts of urls 2013-07-16 15:44:03 +02:00
Christophe Vandeplas e13c2e883c fixing problems in pull with distribution data validation 2013-07-16 15:28:04 +02:00
Christophe Vandeplas 8fc0f9756b removed TODO 2013-07-16 14:43:54 +02:00
iglocska 30d6bebcf8 Change of domain type in IOC Export fixes #134 2013-07-16 08:45:36 +02:00
iglocska 85a7e8c97c OpenIOC issue 
- Attribute type domain exported into the wrong ioc term.
 2013-07-15 17:23:53 +02:00
iglocska 1f5aa5420f Security issue fixed with UsersController 
- users could view other user profiles

- users could view other user profiles through edit user
 2013-07-15 16:46:44 +02:00
iglocska dff2379ec3 Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-15 11:35:46 +02:00
iglocska 32a6c61938 Removed quotation marks from csv export 
- Not needed, linebreaks are removed anyway
 2013-07-15 11:35:15 +02:00
Christophe Vandeplas ad8ecd15d6 leftovers from communitie/cluster/... 2013-07-15 11:30:57 +02:00
Christophe Vandeplas ca30cf006f Import ThreatConnect attributes into event, see issue #119 2013-07-15 09:10:18 +02:00
Christophe Vandeplas 371ae3b14b fixes in data validation 2013-07-13 08:37:41 +02:00
Christophe Vandeplas 130f470c90 Revert "fix bug in removing remote attributes if push is not enabled" 
This reverts commit c4d5344153.
 2013-07-13 08:22:37 +02:00
Christophe Vandeplas c4d5344153 fix bug in removing remote attributes if push is not enabled 2013-07-13 08:21:42 +02:00
Christophe Vandeplas a0dabb83dc cleanup: hidden functions to _function and removed unnecessary function 2013-07-13 07:39:46 +02:00
Christophe Vandeplas 2a8efc5770 minor admin tools improvements 2013-07-12 15:35:00 +02:00
Christophe Vandeplas e328dc948e huge performance increase in generateCount 2013-07-12 14:55:56 +02:00
Christophe Vandeplas b314a04e58 fixes bug introduced in commit 2334599f3d 2013-07-12 12:59:10 +02:00
Christophe Vandeplas aa0da25383 minor UI glitch in IOC/IDS naming 2013-07-12 12:47:55 +02:00
Christophe Vandeplas 66ce874b99 do not change 'info' field upon pull (was: Imported from $url) 2013-07-12 10:34:59 +02:00
Christophe Vandeplas 2334599f3d redirects to filtered events page upon delete 2013-07-12 09:36:04 +02:00
Christophe Vandeplas 4388d18ba1 UI improvement on private event/attribute 2013-07-12 07:54:58 +02:00
iglocska 3e9a967188 Removal of some references to the old private flag 2013-07-11 17:25:47 +02:00
iglocska b5a829e011 Re-enabled route from /admin/users/login to /users/login 
- when an admin user got logged out the system threw an error instead of
returning him/her to the login screen
 2013-07-11 17:09:58 +02:00
iglocska 9425f1baf0 Slight colour change for the private background colouring 2013-07-11 16:41:34 +02:00
iglocska 53675fe3a3 Some UI changes and reattached the regexp for the admin validation tool 
- org only events have a redish background in the event index

- org only events and attributes have their distribution level marked in
red
 2013-07-11 16:38:39 +02:00
Christophe Vandeplas b8dcc4d00a must be sleepy...holliday effect? 2013-07-11 14:30:56 +02:00
Christophe Vandeplas ff2f08f60d fixes bug in previous commit. 2013-07-11 14:28:12 +02:00
Christophe Vandeplas 7949181fbc improved password generation algorithm in reset password 2013-07-11 14:26:28 +02:00
iglocska 6818d55a0d Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-07-11 13:44:25 +02:00
iglocska 7c04a116ac First refactoring of the regexp 2013-07-11 13:43:36 +02:00
Christophe Vandeplas 7cda2a5dc2 minor change in reportValidationIssueAttributes() 2013-07-11 12:47:46 +02:00
iglocska 0b807a2666 Some cleanup 
- removal of references to the old blacklist
 2013-07-11 10:47:44 +02:00
iglocska 23017fd9a8 Change to the GFI import and the attachment downloads 
- GFI import issue fixed with attribute ID 1 not existing causing the
import to fail for several attributes

- GFI import change: registry keys with binary value are now artifacts
dropped instead of persistance mechanism

- GFI import change: files with size of 0 will be omitted

- file attachment download change: moved away from the deprecated media
view in favour of cakeresponse->file()
 2013-07-10 17:31:18 +02:00
iglocska 1f411c74cf Some UI fixes related to the debug/nondebug alignment 2013-07-09 10:05:19 +02:00
iglocska 32510b4f29 regexp type changes also for non ADMIN users 
- left the view for them off in the previous commit
 2013-07-08 17:16:56 +02:00
iglocska 0104f7956b Continued rework of the regexp 
- Regular expressions are now only checked for attributes

- Regular expressions are now defined and checked on a type by type
basis, with the setting "ALL" affecting all attributes

- creation / deletion of several attributes in one edit to accommodate
for several checked type options

- perform on all admin option now only saves attributes that actually
get changed by the regexp, making the function usable again for larger
databases

- Some feedback on what got changed during a perform on all

- UI changes in the index / regexp add / edit views to reflect the type
sensitivity changes
 2013-07-08 17:15:04 +02:00
iglocska 7e6f73a776 Removal of the blacklist 
- Since regexp can be used to blacklist things, there's no need to have
two separate features that accomplish the same thing

- Add a regexp named /1.1.1.1/ with nothing as replacement and it will
behave the same as adding a blacklist for 1.1.1.1 in the old system.
 2013-07-05 14:34:32 +02:00
iglocska 10f895e641 bug in a previous commit 
- left in some debug used to escape php encryption during testing
 2013-07-05 11:12:55 +02:00
iglocska a828104a72 Attribute index UI bug fixed 2013-07-04 16:20:57 +02:00
iglocska eeac31bee8 Regexp changes, UI changes 
- first cleanup of regexp

- some changes left off from the UI changes that were not in the views
themselves
 2013-07-04 15:45:11 +02:00
iglocska 1b79963ce8 UI changes applied to the actions menu 
- The side menu is now fixed / relatively positioned based on the debug
mode, like the header and the footer.
 2013-07-04 13:35:04 +02:00
iglocska 0b50604274 Some changes to the UI 
- The previous UI changes fixed the top and the bottom bar to the
viewport

- It was great for the UI with the debug disabled, but it obstructed the
debug info with it on

- now, turning debug off fixes the top bar and the bottom bar, turning
it on returns it to the top and bottom of the page, as it was in earlier
versions
 2013-07-04 11:25:48 +02:00
iglocska 7167a80de2 Footer download GPG Z-index changes 
- GPG key download was behind the layer for the center footer,
preventing the user from clicking the download link. Fixed.
 2013-07-03 11:37:23 +02:00
iglocska d9efaab416 Some more HTML fixes 2013-07-03 11:21:04 +02:00
iglocska 40edeb7557 HTML error fix 
- div id starting with a digit (the id wasn't needed anyway so removed
it)
 2013-07-03 10:46:24 +02:00
iglocska 8495cf5d77 HTML error fixed 
incorrect span in ul
 2013-07-03 10:39:00 +02:00
iglocska 0587edc49f Some small UI changes 2013-07-03 10:01:36 +02:00
iglocska a45b4f03dc Cosmetic relocation of the auth errors on the login screen 2013-07-03 08:48:02 +02:00
iglocska c2de8223e2 Small change to the flash messages 
- fixing it to the same position
 2013-07-02 16:59:02 +02:00
iglocska 7dc8ac5565 Footer.ctp left off of the previous commit 2013-07-02 15:45:45 +02:00
iglocska c58eb89013 Changes to the UI 
- login screen looks a bit fancier and is more customisable
- admins can add a Logo next to the login fields, there's a MISP logo
ontop with a line of text above and below it, editable via bootstrap.php
- Footer re-added, has the PGP key download and the center footer text
from MISP 1.1
- A logo on the right side of the footer, optionally added by
bootstrap.php

- Header, Footer, menu are now fixed and not affected by scrolling the
screen
 2013-07-02 15:41:11 +02:00
iglocska 32c0b4e017 Change to the login screen 
- Places an optional logo to the left
- MISP logo above the login fields, with an optional pre and post text

- define them in the bootstrap as indicated in bootsrap.default.php
 2013-07-01 17:07:40 +02:00
iglocska 58aaf4fa5f Hard coded urls for the event index 
- Should provide a tiny performance boost
 2013-07-01 15:11:54 +02:00
iglocska abde2a47af Several fixes 
- Fixed the search pagination beyond the first page

- Hard coded routing of the menues in the global actions area
 2013-06-28 14:28:58 +02:00
iglocska 5948a7c329 Several copy paste failures fixed in the previous commit 
- /facepalm
 2013-06-27 17:57:33 +02:00
iglocska 8cdf97ff66 ACL checks changed 
- until now checkAction was used to check permissions of a user

- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
 2013-06-27 17:53:36 +02:00
iglocska 3bc787dd3b Closes #131 
- Seems like a change removed this functionality since 2.0, fixed
 2013-06-27 16:54:27 +02:00
iglocska 7cd742dce4 Fix to users not being able to edit attributes 2013-06-27 16:43:03 +02:00
iglocska e2601d3623 Merge branch 'master' of https://github.com/MISP/MISP 2013-06-27 16:40:31 +02:00
iglocska 406d04a260 Bug with attribute edits 
- users without publishing rights couldn't edit attributes. Fixed
 2013-06-27 16:39:06 +02:00
iglocska 568d243e6e IOC -> IDS name change for attribute index 
- also for attribute add and edit
 2013-06-27 14:28:54 +02:00
iglocska f730661979 Small change to the xml search download 2013-06-27 14:11:58 +02:00
iglocska 3812d02309 Search result downloads (CSV format) 
- added the button for the CSV download
- fixed a bug with the csv search result downloader blocking non IOC
results even if the search terms did not specify IOCs only.
 2013-06-27 13:53:49 +02:00
iglocska bc0919344b Some cleanup on the views 2013-06-27 13:02:34 +02:00
iglocska 93b39eb76d Some UI changes 
- Signature / IDS Signature changed to IOC
 2013-06-27 12:08:58 +02:00
iglocska c604241487 Bugfix for the creation of several attributes with the same UUID 
- SHA256 and SHA1 hash attributes that get auto-generated on malware
sample upload had the same hash as the filename|md5. Fixed.
 2013-06-26 17:25:38 +02:00
iglocska 39e99554c9 Views updated to include CSV in the menues 
- CSV and also IOC downloads on events are now hidden if the event is
not published
 2013-06-26 17:20:56 +02:00
iglocska 5e9d19196d Update to the exports 
- export page updated to include the CSV export

- some changes to the CSV export and incorrect handling of data for
admins
 2013-06-26 16:58:20 +02:00
iglocska 1283451efc More changes to the whitelists, exports 2013-06-26 16:30:37 +02:00
iglocska 55cb389d64 to_ids turned off on attribute creation by default 2013-06-26 15:33:39 +02:00
iglocska e87c28863e Firther work on the exports 
- Some refactoring of the whitelist checks
- tighter rules for published / to_ids on certain exports
- attribute search now has the IOC checkbox
 2013-06-26 15:31:28 +02:00
iglocska 776ef3ae07 Changes to export validation, CSV export, Whitelist redesign 
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
 2013-06-26 14:48:25 +02:00
iglocska c6c9809311 Width + height, should be fixed (event index images) 2013-06-25 17:16:49 +02:00
iglocska c5525eab49 Small part left off from the previous commit.. 2013-06-25 17:13:22 +02:00
iglocska efd5948287 Overriding the css that's blocking the size change 
- on the event index
 2013-06-25 17:08:27 +02:00
iglocska c1917846a4 Typo fixed 2013-06-25 17:00:43 +02:00
iglocska 9ba009e61a Merge branch 'develop' of https://github.com/MISP/MISP into develop 2013-06-25 16:52:46 +02:00
iglocska 753c034d4e Some UI changes 
- removed the e-mail for non site admins from the event index (they can
still see it in the event view if the event was created by the same org)

- added a text MISP logo

- smaller icons for the event index
 2013-06-25 14:39:50 +02:00
Christophe Vandeplas 592180700e solves memory exhaustion upon generateCorrelation 2013-06-24 15:18:16 +02:00
Christophe Vandeplas 86b1873a80 a 2013-06-24 15:13:33 +02:00
Christophe Vandeplas ac5c59e9af minor changes 2013-06-24 15:12:30 +02:00
Christophe Vandeplas 70f062962c page for admin with some links 2013-06-24 15:09:11 +02:00
Christophe Vandeplas 0baf311f3c grouped documentation 2013-06-24 14:45:25 +02:00
Christophe Vandeplas 6d510004ee removed warning message 2013-06-24 14:35:04 +02:00
iglocska 24ebbcca5c Update to the attribute search 
- Use ! to exclude terms in the value/id/org fields

- org search works the same way as value / id now, you can enter several
terms separated by a newline. Also, adding ! infront of a term will
exclude the organisation from the results

- sub string search for organisations
 2013-06-24 13:24:08 +02:00
iglocska f430176ddf Filter logic reworked 
- Affects org and info field

- terms have to be saparated by pipe (|) 

- terms can be terms that will be OR-d or excluded terms that will be
AND-ed

- to exclude a term use !

- A valid filter search for info would be: 'term1|term2|!term3'
-> this would result in all events with the info field containing term1
or term2 but not term3
 2013-06-24 11:22:06 +02:00
iglocska 997dea0acf NOT filter for orgs on the event index 
- entering for example '!futuremark' would exclude all events created by
the organisation 'futuremark'
 2013-06-24 10:50:35 +02:00
iglocska c9b3b15fa6 Email addresses of event creators visible to users if same org 
- On the event index, users can view the e-mail address of the event
creator, if the event belongs to their own organisation
 2013-06-24 10:34:56 +02:00
iglocska 640080d2e7 Some fixes to the filters event index 
- siteadmins can now search the creator org instead of the owner org
(like normal users would)

- Changed the org search to be a partial match instead of an exact match
 2013-06-24 10:02:35 +02:00
Iglocska 6146df10d0 Two small changes 
- email of the user creating an event shown if current user's org ==
  event's orgc

- on export, the check for to_ids will happen outside of the if branch
  that sets extra restrictions of non site admins. Otherwise site-admins
  would accidentally include attributes that aren't iocs.
 2013-06-21 15:20:49 +02:00
Iglocska 9d3664081b Tightened the export rules 
- text, xml, ioc exports of attributes with to_ids == 0 are now
  blocked.
 2013-06-21 15:11:55 +02:00
Iglocska b491898c11 Fix to the filters on IE 
- old versions of IE didn't handle an incorrect form creation as gracefully as the other browsers

- forms should not be created within a table unless it's within a <td> (it was
  on <tr> level before). The normal solution would be to encapsulate the
  entire table in a form, but since we have formlinks for the deletes /
  publishes this would get flagged as form tampering by the security
  components.

- As a fix, filter forms are created separately for the 4 search fields within their <td> now with hidden fields that keep the persistence of the previously
  entered filter terms
 2013-06-21 14:38:00 +02:00
iglocska 96d0ea10cb Wrong file included in previous commit 2013-06-20 16:28:15 +02:00
iglocska 55f47d3166 ShadowAttribute notifications, and some minor fixes 
- New field for events, locking an event from sending out a contact
e-mail when a proposal is made to it
- Default setting for the new field is 0, if a shadow attribute is
added an e-mail is sent to all subscribing members of the orgc and the
new field is set to 1
- Accepting a change resets the field to 0
 2013-06-20 16:21:55 +02:00
iglocska f524f6d2c0 extra access control restriction for reportValidationIssues 2013-06-20 08:53:47 +02:00