diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index 901a08147..90ad60d1e 100755
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -45,6 +45,7 @@ class secMiddleware:
                     return HttpResponse(final_json)
         except:
             pass
+
         if request.method == 'POST':
             try:
                 #logging.writeToFile(request.body)
diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py
index 3f1dea3a5..1304b566d 100755
--- a/filemanager/filemanager.py
+++ b/filemanager/filemanager.py
@@ -6,7 +6,7 @@ from websiteFunctions.models import Websites
 from random import randint
 from django.core.files.storage import FileSystemStorage
 import html.parser
-import os
+from plogical.acl import ACLManager
 
 class FileManager:
     def __init__(self, request, data):
@@ -332,11 +332,8 @@ class FileManager:
             writeToFile.write(self.data['fileContent'].encode('utf-8'))
             writeToFile.close()
 
-            command = 'ls -la %s' % (self.data['fileName'])
-            output = ProcessUtilities.outputExecutioner(command)
-
-            if output.find('lrwxrwxrwx') > -1 and output.find('->') > -1:
-                return self.ajaxPre(0, 'File exists and is symlink.')
+            if ACLManager.commandInjectionCheck(self.data['fileName']) == 1:
+                return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
 
             if self.data['fileName'].find(self.data['home']) == -1 or self.data['fileName'].find('..') > -1:
                 return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
@@ -368,6 +365,9 @@ class FileManager:
             finalData['fileName'] = fs.url(filename)
             pathCheck = '/home/%s' % (self.data['domainName'])
 
+            if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
+                return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
+
             if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or ((self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
                 return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
 
diff --git a/plogical/acl.py b/plogical/acl.py
index 3fd12a4c3..62edb5277 100755
--- a/plogical/acl.py
+++ b/plogical/acl.py
@@ -17,6 +17,17 @@ from dockerManager.models import Containers
 
 class ACLManager:
 
+    @staticmethod
+    def commandInjectionCheck(value):
+        if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
+                or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
+                or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
+            "{") > -1 or value.find("}") > -1 \
+                or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
+            return 1
+        else:
+            return 0
+
     @staticmethod
     def loadedACL(val):