- login screen looks a bit fancier and is more customisable
- admins can add a Logo next to the login fields, there's a MISP logo
ontop with a line of text above and below it, editable via bootstrap.php
- Footer re-added, has the PGP key download and the center footer text
from MISP 1.1
- A logo on the right side of the footer, optionally added by
bootstrap.php
- Header, Footer, menu are now fixed and not affected by scrolling the
screen
- Places an optional logo to the left
- MISP logo above the login fields, with an optional pre and post text
- define them in the bootstrap as indicated in bootsrap.default.php
- until now checkAction was used to check permissions of a user
- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
- added the button for the CSV download
- fixed a bug with the csv search result downloader blocking non IOC
results even if the search terms did not specify IOCs only.
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
- removed the e-mail for non site admins from the event index (they can
still see it in the event view if the event was created by the same org)
- added a text MISP logo
- smaller icons for the event index
- Use ! to exclude terms in the value/id/org fields
- org search works the same way as value / id now, you can enter several
terms separated by a newline. Also, adding ! infront of a term will
exclude the organisation from the results
- sub string search for organisations
- Affects org and info field
- terms have to be saparated by pipe (|)
- terms can be terms that will be OR-d or excluded terms that will be
AND-ed
- to exclude a term use !
- A valid filter search for info would be: 'term1|term2|!term3'
-> this would result in all events with the info field containing term1
or term2 but not term3
- siteadmins can now search the creator org instead of the owner org
(like normal users would)
- Changed the org search to be a partial match instead of an exact match
- email of the user creating an event shown if current user's org ==
event's orgc
- on export, the check for to_ids will happen outside of the if branch
that sets extra restrictions of non site admins. Otherwise site-admins
would accidentally include attributes that aren't iocs.
- old versions of IE didn't handle an incorrect form creation as gracefully as the other browsers
- forms should not be created within a table unless it's within a <td> (it was
on <tr> level before). The normal solution would be to encapsulate the
entire table in a form, but since we have formlinks for the deletes /
publishes this would get flagged as form tampering by the security
components.
- As a fix, filter forms are created separately for the 4 search fields within their <td> now with hidden fields that keep the persistence of the previously
entered filter terms