2019-01-28 15:19:59 +05:00
|
|
|
from django.shortcuts import HttpResponse
|
|
|
|
|
import json
|
|
|
|
|
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
|
|
|
|
|
from plogical.processUtilities import ProcessUtilities
|
|
|
|
|
from websiteFunctions.models import Websites
|
|
|
|
|
from random import randint
|
|
|
|
|
from django.core.files.storage import FileSystemStorage
|
2019-12-10 15:09:10 +05:00
|
|
|
import html.parser
|
2020-02-07 21:26:55 +05:00
|
|
|
from plogical.acl import ACLManager
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
class FileManager:
|
|
|
|
|
def __init__(self, request, data):
|
|
|
|
|
self.request = request
|
|
|
|
|
self.data = data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def ajaxPre(self, status, errorMessage):
|
|
|
|
|
final_dic = {'status': status, 'error_message': errorMessage, 'uploadStatus': status}
|
|
|
|
|
final_json = json.dumps(final_dic)
|
|
|
|
|
return HttpResponse(final_json)
|
|
|
|
|
|
|
|
|
|
def returnPathEnclosed(self, path):
|
|
|
|
|
return "'" + path + "'"
|
|
|
|
|
|
2020-02-26 11:31:19 +05:00
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
def changeOwner(self, path):
|
|
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-03-12 14:47:58 +05:00
|
|
|
|
|
|
|
|
if path.find('..') > -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = "chown -R " + website.externalApp + ':' + website.externalApp + ' ' + self.returnPathEnclosed(path)
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
def listForTable(self):
|
|
|
|
|
try:
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
|
2020-01-17 20:10:17 +05:00
|
|
|
pathCheck = '/home/%s' % (domainName)
|
|
|
|
|
|
2020-02-03 21:43:29 +05:00
|
|
|
if self.data['completeStartingPath'].find(pathCheck) == -1 or self.data['completeStartingPath'].find('..') > -1:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to browse this path, going back home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
2019-04-15 15:54:23 +05:00
|
|
|
self.data['completeStartingPath'])
|
2019-07-16 23:23:16 +05:00
|
|
|
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
counter = 0
|
|
|
|
|
for items in output:
|
2019-02-09 14:01:43 +05:00
|
|
|
try:
|
|
|
|
|
currentFile = items.split(' ')
|
2019-12-10 15:09:10 +05:00
|
|
|
currentFile = [a for a in currentFile if a != '']
|
2019-02-09 14:01:43 +05:00
|
|
|
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
|
|
|
|
|
continue
|
2019-04-15 15:54:23 +05:00
|
|
|
|
|
|
|
|
if len(currentFile) > 9:
|
|
|
|
|
fileName = currentFile[8:]
|
|
|
|
|
currentFile[-1] = " ".join(fileName)
|
|
|
|
|
|
2019-02-09 14:01:43 +05:00
|
|
|
dirCheck = 0
|
|
|
|
|
if currentFile[0][0] == 'd':
|
|
|
|
|
dirCheck = 1
|
|
|
|
|
|
2019-04-15 15:54:23 +05:00
|
|
|
size = str(int(int(currentFile[4]) / float(1024)))
|
2019-02-09 14:01:43 +05:00
|
|
|
lastModified = currentFile[5] + ' ' + currentFile[6] + ' ' + currentFile[7]
|
2019-04-15 15:54:23 +05:00
|
|
|
finalData[str(counter)] = [currentFile[-1], currentFile[-1], lastModified, size, currentFile[0],
|
|
|
|
|
dirCheck]
|
2019-02-09 14:01:43 +05:00
|
|
|
counter = counter + 1
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-04-15 15:54:23 +05:00
|
|
|
logging.writeToFile(str(msg))
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def list(self):
|
|
|
|
|
try:
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
|
|
|
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
2019-04-15 15:54:23 +05:00
|
|
|
self.data['completeStartingPath'])
|
2019-07-16 23:23:16 +05:00
|
|
|
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
counter = 0
|
|
|
|
|
for items in output:
|
2019-02-09 14:01:43 +05:00
|
|
|
try:
|
|
|
|
|
currentFile = items.split(' ')
|
2019-12-10 15:09:10 +05:00
|
|
|
currentFile = [a for a in currentFile if a != '']
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-02-09 14:01:43 +05:00
|
|
|
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
|
|
|
|
|
continue
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-04-15 15:54:23 +05:00
|
|
|
if len(currentFile) > 9:
|
|
|
|
|
fileName = currentFile[8:]
|
|
|
|
|
currentFile[-1] = " ".join(fileName)
|
|
|
|
|
|
2019-02-09 14:01:43 +05:00
|
|
|
dirCheck = False
|
|
|
|
|
if currentFile[0][0] == 'd':
|
|
|
|
|
dirCheck = True
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-04-15 15:54:23 +05:00
|
|
|
finalData[str(counter)] = [currentFile[-1],
|
|
|
|
|
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
|
2019-02-09 14:01:43 +05:00
|
|
|
counter = counter + 1
|
|
|
|
|
except:
|
|
|
|
|
continue
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def createNewFile(self):
|
|
|
|
|
try:
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
2019-07-16 23:23:16 +05:00
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
if self.data['fileName'].find('..') > -1 or self.data['fileName'].find(homePath) == -1:
|
2019-03-12 14:47:58 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = "touch " + self.returnPathEnclosed(self.data['fileName'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-04-15 15:54:23 +05:00
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def createNewFolder(self):
|
|
|
|
|
try:
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
|
|
|
|
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-04-15 15:54:23 +05:00
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def deleteFolderOrFile(self):
|
|
|
|
|
try:
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2020-02-04 20:28:03 +05:00
|
|
|
self.homePath = '/home/%s' % (domainName)
|
2019-07-16 23:23:16 +05:00
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
for item in self.data['fileAndFolders']:
|
2020-02-04 19:22:42 +05:00
|
|
|
|
2020-02-04 20:28:03 +05:00
|
|
|
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(self.homePath) == -1:
|
2020-02-04 19:22:42 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def copy(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
|
|
|
|
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-09-08 20:32:20 +05:00
|
|
|
if len(self.data['fileAndFolders']) == 1:
|
2020-02-04 20:28:03 +05:00
|
|
|
|
|
|
|
|
if (self.data['basePath']+ '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (self.data['basePath']+ '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-09-08 20:32:20 +05:00
|
|
|
command = 'yes| cp -Rf %s %s' % (self.returnPathEnclosed(self.data['basePath']+ '/' + self.data['fileAndFolders'][0]), self.data['newPath'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
for item in self.data['fileAndFolders']:
|
2020-02-04 20:28:03 +05:00
|
|
|
if (self.data['basePath']+ '/' + item).find('..') > -1 or (self.data['basePath']+ '/' + item).find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-09-08 20:32:20 +05:00
|
|
|
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
|
2019-07-16 23:23:16 +05:00
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def move(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
for item in self.data['fileAndFolders']:
|
2020-02-04 20:28:03 +05:00
|
|
|
|
|
|
|
|
if (self.data['basePath']+ '/' + item).find('..') > -1 or (self.data['basePath']+ '/' + item).find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
|
|
|
|
if (self.data['newPath']+ '/' + item).find('..') > -1 or (self.data['newPath']+ '/' + item).find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'mv ' + self.returnPathEnclosed(self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'] + '/' + item)
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def rename(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
2020-02-04 20:28:03 +05:00
|
|
|
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
|
|
|
|
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
|
2019-03-12 14:47:58 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'mv ' + self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['newFileName'])
|
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def readFileContents(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-01-17 19:43:32 +05:00
|
|
|
pathCheck = '/home/%s' % (domainName)
|
|
|
|
|
|
2020-02-03 21:43:29 +05:00
|
|
|
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
|
2020-01-17 19:43:32 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed.')
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'cat ' + self.returnPathEnclosed(self.data['fileName'])
|
|
|
|
|
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def writeFileContents(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
tempPath = "/home/cyberpanel/" + str(randint(1000, 9999))
|
2019-07-16 23:23:16 +05:00
|
|
|
self.data['home'] = '/home/%s' % (self.data['domainName'])
|
|
|
|
|
|
|
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-01-09 15:57:28 +05:00
|
|
|
writeToFile = open(tempPath, 'wb')
|
|
|
|
|
writeToFile.write(self.data['fileContent'].encode('utf-8'))
|
2019-01-28 15:19:59 +05:00
|
|
|
writeToFile.close()
|
|
|
|
|
|
2020-02-07 21:29:05 +05:00
|
|
|
command = 'ls -la %s' % (self.data['fileName'])
|
|
|
|
|
output = ProcessUtilities.outputExecutioner(command)
|
|
|
|
|
|
|
|
|
|
if output.find('lrwxrwxrwx') > -1 and output.find('->') > -1:
|
|
|
|
|
return self.ajaxPre(0, 'File exists and is symlink.')
|
|
|
|
|
|
2020-02-07 21:26:55 +05:00
|
|
|
if ACLManager.commandInjectionCheck(self.data['fileName']) == 1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
2019-07-16 23:23:16 +05:00
|
|
|
|
2020-02-03 23:11:41 +05:00
|
|
|
if self.data['fileName'].find(self.data['home']) == -1 or self.data['fileName'].find('..') > -1:
|
2019-07-16 23:23:16 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
|
|
|
|
command = 'mv ' + tempPath + ' ' + self.returnPathEnclosed(self.data['fileName'])
|
2019-01-28 15:19:59 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
2019-07-16 23:23:16 +05:00
|
|
|
|
|
|
|
|
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, self.data['fileName'])
|
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
self.changeOwner(self.data['fileName'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def upload(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['uploadStatus'] = 1
|
|
|
|
|
finalData['answer'] = 'File transfer completed.'
|
|
|
|
|
|
|
|
|
|
myfile = self.request.FILES['file']
|
|
|
|
|
fs = FileSystemStorage()
|
2020-02-26 11:31:19 +05:00
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
filename = fs.save(myfile.name, myfile)
|
|
|
|
|
finalData['fileName'] = fs.url(filename)
|
|
|
|
|
except BaseException as msg:
|
|
|
|
|
logging.writeToFile('%s. [375:upload]' % (str(msg)))
|
|
|
|
|
|
2020-01-18 21:07:40 +05:00
|
|
|
pathCheck = '/home/%s' % (self.data['domainName'])
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-02-07 21:26:55 +05:00
|
|
|
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2020-02-05 15:34:12 +05:00
|
|
|
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or ((self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
|
2019-07-16 23:23:16 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
|
|
|
|
command = 'mv ' + self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name)
|
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
|
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
|
|
|
|
|
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, self.data['completePath'] + '/' + myfile.name)
|
2019-01-28 15:19:59 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
|
|
|
|
self.changeOwner(self.data['completePath'] + '/' + myfile.name)
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def extract(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
|
|
|
|
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(homePath) == -1:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2020-02-04 20:28:03 +05:00
|
|
|
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
if self.data['extractionType'] == 'zip':
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'unzip -o ' + self.returnPathEnclosed(self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
2019-01-28 15:19:59 +05:00
|
|
|
else:
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'tar -xf ' + self.returnPathEnclosed(self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
self.changeOwner(self.data['extractionLocation'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-01-28 15:19:59 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def compress(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if self.data['compressionType'] == 'zip':
|
|
|
|
|
compressedFileName = self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'zip -r ' + compressedFileName + ' '
|
2019-01-28 15:19:59 +05:00
|
|
|
else:
|
|
|
|
|
compressedFileName = self.returnPathEnclosed(
|
|
|
|
|
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'tar -czvf ' + compressedFileName + ' '
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
|
|
2019-01-28 15:19:59 +05:00
|
|
|
for item in self.data['listOfFiles']:
|
2020-02-04 19:22:42 +05:00
|
|
|
|
2020-02-04 20:28:03 +05:00
|
|
|
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
|
2020-02-04 19:22:42 +05:00
|
|
|
homePath) == -1:
|
|
|
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
|
|
2019-08-29 17:05:46 +05:00
|
|
|
command = '%s%s ' % (command, self.returnPathEnclosed(item))
|
2019-01-28 15:19:59 +05:00
|
|
|
|
2019-08-29 17:05:46 +05:00
|
|
|
|
|
|
|
|
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
|
|
|
|
|
|
|
|
|
|
ProcessUtilities.executioner(finalCommand, website.externalApp)
|
2019-01-28 15:19:59 +05:00
|
|
|
|
|
|
|
|
self.changeOwner(self.data['compressedFileName'])
|
|
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2019-02-12 01:57:35 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def changePermissions(self):
|
|
|
|
|
try:
|
|
|
|
|
|
|
|
|
|
finalData = {}
|
|
|
|
|
finalData['status'] = 1
|
2019-07-16 23:23:16 +05:00
|
|
|
domainName = self.data['domainName']
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
2019-02-12 01:57:35 +05:00
|
|
|
|
|
|
|
|
if self.data['recursive'] == 1:
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'chmod -R ' + self.data['newPermissions'] + ' ' + self.returnPathEnclosed(
|
2019-02-12 01:57:35 +05:00
|
|
|
self.data['basePath'] + '/' + self.data['permissionsPath'])
|
|
|
|
|
else:
|
2019-07-16 23:23:16 +05:00
|
|
|
command = 'chmod ' + self.data['newPermissions'] + ' ' + self.returnPathEnclosed(
|
2019-02-12 01:57:35 +05:00
|
|
|
self.data['basePath'] + '/' + self.data['permissionsPath'])
|
|
|
|
|
|
|
|
|
|
|
2019-07-16 23:23:16 +05:00
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
2019-02-12 01:57:35 +05:00
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
|
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
2019-12-10 15:09:10 +05:00
|
|
|
except BaseException as msg:
|
2020-03-07 19:01:54 +05:00
|
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
|
|
|
|
|
|
def fixPermissions(self, domainName):
|
|
|
|
|
|
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
|
externalApp = website.externalApp
|
|
|
|
|
|
2020-04-03 11:28:27 +05:00
|
|
|
if ProcessUtilities.decideDistro() == ProcessUtilities.centos:
|
|
|
|
|
groupName = 'nobody'
|
|
|
|
|
else:
|
|
|
|
|
groupName = 'nogroup'
|
|
|
|
|
|
2020-03-07 19:01:54 +05:00
|
|
|
command = 'chown -R %s:%s /home/%s/public_html/*' % (externalApp, externalApp, domainName)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'chown -R %s:%s /home/%s/public_html/.[^.]*' % (externalApp, externalApp, domainName)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
2020-04-03 11:28:27 +05:00
|
|
|
command = "chown root:%s /home/" % (groupName) + domainName + "/logs"
|
2020-03-07 19:01:54 +05:00
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = "find %s -type d -exec chmod 0755 {} \;" % ("/home/" + domainName + "/public_html")
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = "find %s -type f -exec chmod 0644 {} \;" % ("/home/" + domainName + "/public_html")
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
2020-04-08 23:41:05 +05:00
|
|
|
command = 'chown %s:%s /home/%s/public_html' % (externalApp, groupName, domainName)
|
2020-03-07 19:01:54 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'chmod 750 /home/%s/public_html' % (domainName)
|
2020-04-08 23:41:05 +05:00
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
|
|
|
|
for childs in website.childdomains_set.all():
|
|
|
|
|
command = 'chown -R %s:%s %s/*' % (externalApp, externalApp, childs.path)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'chown -R %s:%s %s/.[^.]*' % (externalApp, externalApp, childs.path)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'chmod 750 %s' % (childs.path)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
|
|
|
|
|
|
|
|
|
command = 'chmod %s:%s %s' % (externalApp, groupName, childs.path)
|
|
|
|
|
ProcessUtilities.popenExecutioner(command)
|
