495c4ee93c
fix: [security] XSS in the generic action template
...
- a previously assumed internal url can have user input appended via the MISP local tool connector
- requires a compromised connected MISP instance where a malicious administrator modifies the UUIDs of cerebrate relevant objects to JS payloads
- as reported by Dawid Czarcnecki of Zigrin Security
2022-02-20 12:07:06 +01:00
e13b4e7bc5
fix: [settings:settingField] Enforce sanitization of input fields
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 11:43:09 +01:00
14ec995c2b
fix: [userSettings] Perform URI validation for bookmarks
...
- As reported by Dawid Czarnecki from Zigrin Security
2022-02-07 10:48:55 +01:00
e60d97c214
fix: [security] genericForm reflected XSS in form descriptions for user controlled descriptions
...
- accessible via the MISP local tool setting change
- sanitise the description
- as reported by Dawid Czarnecki from Zigrin Security
2022-02-03 23:56:23 +01:00
8b6fc78695
fix: [generic fields] org field URL missing slash fixed
2022-01-28 00:51:09 +01:00
589f932fe9
chg: [form] dropdown default key added
2022-01-27 21:09:32 +01:00
dc8710d89e
fix: [users:view] Correctly reload authkey child panel when performing operations
2022-01-27 10:21:55 +01:00
f53b458103
fix: [userSettings] Allow admin to edit other user's settings
2022-01-26 12:11:44 +01:00
6005552e76
fix: [genericElements:tags] List tags when editing an entity
2022-01-25 15:02:04 +01:00
1d7fc00a65
chg: [layout:header-profile] Improved spacing
2022-01-19 09:33:57 +01:00
12d7607aae
new: [encryption key] view added
...
- was missing, despite links to it
2022-01-17 09:45:45 +01:00
2eb2459936
fix: [forms] added missing password form field
2021-11-26 10:52:44 +01:00
15d738aa77
fix: [forms] dropdowns overriding values from request
2021-11-26 10:51:58 +01:00
061f3fc468
chg: [profile] added org to profile menu
2021-11-24 01:26:29 +01:00
92ddd04ba0
fix: [JSON fields] fixed escaping issues
2021-11-17 15:58:52 +01:00
8686aa87a6
fix: [genericElement:index_table] Better support of nested dropdown if it has been added after page load
2021-10-20 15:41:11 +02:00
7940920f3d
fix: [genericElement:indexTable] Ignore row selector column
2021-10-20 15:39:37 +02:00
6c4efc044d
fix: [settings] Make sure to save multi-select value as an array
2021-10-20 12:48:13 +02:00
ab7db2c348
chg: [element:settings] Added support of multi-select fields
2021-10-20 12:21:13 +02:00
43dfacfe72
chg: [genericElement:indexTable] Refactored code and added support of compact display
2021-10-20 11:28:39 +02:00
7941a6530a
new: [genericElement:indexTable] Table actions - WiP
...
Table actions allow to perform actions on the table such as hide/show columns, regroup rows by fields and so on
2021-10-20 09:39:12 +02:00
97428a8892
chg: [ui:home] Nicer icons and layout
2021-10-18 14:59:18 +02:00
78180fa90f
new: [userSettings] Added complete support of user settings
...
Including support of bookmarks, sidebar behavior and theming
2021-10-18 13:28:26 +02:00
14c7d20cc1
fix: [ui:sidebar] Make the sidebar scrollable if content is too large
2021-10-18 13:11:19 +02:00
3ea877fe10
chg: [ui:settings] Refactored setting factory to be more generic
2021-10-12 10:21:12 +02:00
0d6e6aa7a4
chg: [userSettings] Initial version of template - WiP
2021-10-12 10:16:36 +02:00
29ca08ce60
new: [sidebar:bookmarks] Added early version of user-defined bookmarks
...
Bookmark configs are saved in their respective user setting for each users
2021-10-08 16:57:38 +02:00
39fdb8ec0d
new: [user-settings] Added user settings feature
2021-10-08 10:27:40 +02:00
7ab8a93fbd
chg: [navigation] regrouped navigation related data into files
2021-10-08 10:23:03 +02:00
015c5bc721
chg: [element:genericForm] Added support of bs5 floating label
2021-10-04 16:16:13 +02:00
07a4ebfc92
chg: [ui:keycloak] Nice login and logged-in UI
2021-10-04 13:15:47 +02:00
f9113819ee
chg: [elements:flash] Support of toast for flash messages
2021-10-04 13:06:12 +02:00
bc8de62815
chg: [ui:settings] Setting page support themes
2021-09-28 10:59:57 +02:00
20a7903573
chg: [instance:settings] Support of BS5 in setting page
2021-09-28 09:23:02 +02:00
b4fdc625da
chg: [setting] Support of themes in settings
2021-09-18 11:21:50 +02:00
652c59c597
fix: [settings] Fixed scrollspy
2021-09-18 10:33:27 +02:00
43ac537fbc
fix: [navigation] Added setting page and more layout fixes
2021-09-18 10:31:05 +02:00
4faecfbbd7
chg: [instance:home] Slightly improved UI
2021-09-18 10:22:59 +02:00
468505b5c6
chg: [navbar:search_all] Fixed layout
2021-09-17 19:06:56 +02:00
24a8aa42c8
chg: [navbar:search-all] Fixed dropdown instantiation
2021-09-17 18:53:32 +02:00
cf3e87614e
chg: [navigation] Fixed navigation for tag endpoints
2021-09-17 18:30:32 +02:00
e65e283c04
chg: [genericElement:table] Changed action link display into buttons instead of links
2021-09-17 18:02:48 +02:00
e62056d5ac
chg: [bootstrap] Moved more files to support bootstrap v5
2021-09-17 17:51:45 +02:00
0d8841a3bf
Merge branch 'ui-navigation' into develop-unstable
2021-09-17 17:12:33 +02:00
f4eb5da49d
Merge branch 'ui-refacto2' into develop-unstable
2021-09-17 16:47:41 +02:00
0eb14195ee
Merge branch 'tags' into develop-unstable
2021-09-17 16:46:54 +02:00
83494a6cf1
Merge branch 'ui-settings' into develop-unstable
2021-09-17 16:43:34 +02:00
10e4c97d8c
Merge branch 'local-tool-batch-actions' into develop-unstable
2021-09-17 16:39:04 +02:00
36f6866bd3
Merge branch 'ui-refacto' into develop-unstable
2021-09-17 16:38:48 +02:00
ba93479066
chg: [layout] Slightly more responsive
2021-09-17 16:32:32 +02:00
iglocska