Merge pull request #15 from Tigzy/v4.2

V4.2

EULA.txt

@@ -6,9 +6,9 @@ By installing, copying, or otherwise using the SOFTWARE PRODUCT, you agree to be
 If you do not agree to the terms of this EULA, do not install or use the SOFTWARE PRODUCT.
 
 SOFTWARE PRODUCT LICENSE
-a) MRF Free Version is being distributed as Freeware for personal, commercial use, non-profit organization, educational purpose. It may be included with CD-ROM/DVD-ROM distributions. You are NOT allowed to make a charge for distributing this Software (either for profit or merely to recover your media and distribution costs) whether as a stand-alone product, or as part of a compilation or anthology, nor to use it for supporting your business or customers. It may be distributed freely on any website or through any other distribution mechanism, as long as no part of it is changed in any way.
+a) MRF Free Version is being distributed as Open source software for personal, non-profit organization, educational purpose. It may be included with CD-ROM/DVD-ROM distributions. You are NOT allowed to make a charge for distributing this Software (either for profit or merely to recover your media and distribution costs) whether as a stand-alone product, or as part of a compilation or anthology, nor to use it for supporting your business or customers. It may be distributed freely on any website or through any other distribution mechanism, as long as no part of it is changed in any way.
 
-b)MRF Premium Version (if any), follows the same rules.
+b)MRF Commercial Version (if any), follows the same rules, except that is NEEDED for commercial use and companies.
 
 1. GRANT OF LICENSE. This EULA grants you the following rights: Installation and Use. You may install and use an unlimited number of copies of the SOFTWARE PRODUCT.
 

README.md

@@ -2,7 +2,24 @@ malware-repo
 ============
 
 Malware Repository Framework
-Official page: http://www.adlice.com/download/mrf
+Official page: http://www.adlice.com/download/mrf/
+
+## Version 4.2
+Sample page  
+Using new modular installer  
+Changed favorite filter for a checkbox  
+Added user rights management  
+Now comments have a WISIWIG editor  
+Added tooltip for bulk selection and favorite  
+Added Github project link in the sidebar  
+Added URLs description name  
+Fixed Signout redirection issue  
+Fixed bug when menu wasn't showing because of too few samples  
+Fixed overwritting of existing sample  
+Fixed menu not showing on IE/Chrome  
+Fixed page scrolling on Editing/Save  
+Fixed URLs search  
+Fixed Comment/URLs refresh when re-opening modal editors
 
 ## Version 4.1
 Added Clear filters button  

api.php

@@ -57,69 +57,111 @@ private function getUploader() {
 		return new UploadHandler($this->options, false);
 	}
 
+	private function getParameter($key) {
+		$key_as_header = 'HTTP_' . strtoupper(trim(str_replace("-","_",$key)));
+		$value = isset($_REQUEST[$key]) ? $_REQUEST[$key] : null;   // Search in request
+		if (!$value && isset($_POST[$key])) $value = $_POST[$key];  // Search in post
+		if (!$value && isset($_SERVER[$key_as_header])) $value = $_SERVER[$key_as_header]; // Search in headers
+		return $value;
+	}
+
 	//===========================================================================
 	// Routes
 
 	public function downloadfile() {
-		if($this->get_request_method() != "GET"){ $this->response('',406); }		
+		if($this->get_request_method() != "GET"){ $this->response('',406); return false; }		
 		$uploader = $this->getUploader();
-		$uploader->downloadfile();
+		if (!$uploader->downloadfile()) {
+			$this->response("Not enough rights",403);
+			return false;
+		}
+		$this->response("{}",200);
+	}
+
+	public function getfile() {
+		if($this->get_request_method() != "GET"){ $this->response('',406); return false; }
+
+		$md5 = $this->getParameter("hash");
+		if (!$md5) {$this->response('missing hash parameter',400); return false; }
+
+		$uploader = $this->getUploader();
+		$uploader->getfile($md5);
 	}
 
 	public function getfiles() {
-		if($this->get_request_method() != "GET"){ $this->response('',406); }
+		if($this->get_request_method() != "GET"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
 		$uploader->getfiles();
 	}
 
 	public function getcuckoo() {
-		if($this->get_request_method() != "GET"){ $this->response('',406); }
+		if($this->get_request_method() != "GET"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
 		$uploader->get_cuckoo_status();
 	}
 
 	public function getstorageinfo() {
-		if($this->get_request_method() != "GET"){ $this->response('',406); }
+		if($this->get_request_method() != "GET"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
 		$uploader->get_storage_info();
 	}
 
 	public function virustotalscan() {
-		if($this->get_request_method() != "POST"){ $this->response('',406); }
+		if($this->get_request_method() != "POST"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
-        if (!$uploader->virustotal_scan()) { $this->response('',500); }
+        if (!$uploader->virustotal_scan()) {
+        	$this->response("Not enough rights",403);
+        	return false;
+        }
+        $this->response("{}",200);
 	}
 
 	public function virustotalcomment() {
-		if($this->get_request_method() != "POST"){ $this->response('',406); }
+		if($this->get_request_method() != "POST"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
-        if (!$uploader->virustotal_comment()) { $this->response('',500); }
+        if (!$uploader->virustotal_comment()) {
+        	$this->response("Not enough rights",403);
+        	return false;
+        }
+        $this->response("{}",200);
 	}
 
 	public function cuckooscan() {
-		if($this->get_request_method() != "POST"){ $this->response('',406); }
+		if($this->get_request_method() != "POST"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
-		if (!$uploader->cuckoo_scan()) { $this->response('',404); }
+		if (!$uploader->cuckoo_scan()) {
+			$this->response("Not enough rights",403);
+			return false;
+		}
+		$this->response("{}",200);
 	}
 
 	public function deletefile() {		
-		if($this->get_request_method() != "DELETE"){ $this->response('',406); }
+		if($this->get_request_method() != "DELETE"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
-		if (!$uploader->delete_file())
+		if (!$uploader->delete_file()) {
 			$this->response("Not enough rights",403);
+			return false;
+		}
 	}
 
 	public function updatefile() {
-		if($this->get_request_method() != "POST"){ $this->response('',406); }
+		if($this->get_request_method() != "POST"){ $this->response('',406); return false; }
 		$uploader = $this->getUploader();
-		if (!$uploader->update_file())
+		if (!$uploader->update_file()) {
 			$this->response("Not enough rights",403);
+			return false;
+		}
+		$this->response("{}",200);
 	}
 
 	public function uploadfiles() {
-		if($this->get_request_method() != "POST"){ $this->response('',406); }		
+		if($this->get_request_method() != "POST"){ $this->response('',406); return false; }		
 		$uploader = $this->getUploader();
-        if (!$uploader->upload_files()) { $this->response('',500); }
+        if (!$uploader->upload_files()) {
+        	$this->response("Not enough rights",403);
+        	return false;
+        }
 	}
 }