security fix: submitDomainCreation

2025-11-08 06:16:08 +01:00 · 2020-02-08 12:51:45 +05:00
parent 7b3029e905
commit 4611c327d6
1 changed files with 3 additions and 0 deletions
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -261,6 +261,9 @@ class WebsiteManager:
            else:
                return ACLManager.loadErrorJson('createWebSiteStatus', 0)

+            if data['path'].find('..') > -1:
+                return ACLManager.loadErrorJson('createWebSiteStatus', 0)
+
            if currentACL['admin'] != 1:
                data['openBasedir'] = 1