From 3c1ba8cbbca9386fc71b4b3a8819473829360916 Mon Sep 17 00:00:00 2001 From: qtwrk Date: Wed, 4 Mar 2020 14:00:55 +0100 Subject: [PATCH 1/4] remove white space and unwanted string --- install.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index 903bac16d..223556eb8 100644 --- a/install.sh +++ b/install.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ -f "/etc/os-release" ]; then +if [ -f "/etc/os-release" ]; then . /etc/os-release else ID="unsupported" @@ -11,28 +11,32 @@ if [ "$ID" = "ubuntu" ] && [ "$UBUNTU_CODENAME" = "bionic" ]; then export DEBIAN_FRONTEND=noninteractive apt -q -y -o Dpkg::Options::=--force-confnew update apt -q -y -o Dpkg::Options::=--force-confnew install wget curl - SERVER_OS="$NAME" + SERVER_OS="Ubuntu" elif [ "$ID" = "centos" ] || [ "$ID" = "cloudlinux" ]; then case "$VERSION_ID" in 7|7.*) yum install curl wget -y 1> /dev/null yum update curl wget ca-certificates -y 1> /dev/null - SERVER_OS="$NAME" + if [[ "$ID" == "centos" ]] ; then + SERVER_OS="CentOS" + else + SERVER_OS="CloudLinux" + fi ;; 8|8.*) printf >&2 '\nCentOS 8/CloudLinux 8 support is currently experimental!\n' yum install curl wget -y 1> /dev/null yum update curl wget ca-certificates -y 1> /dev/null - SERVER_OS="${NAME}${VERSION_ID}" + SERVER_OS="CentOS8" ;; esac -else +else printf >&2 '\nYour OS -- %s -- is not currently supported!\n' "$PRETTY_NAME" printf >&2 '\nCyberPanel is currently supported on Ubuntu 18.04, CentOS 7 and CloudLinux 7.\n' exit 1 fi -rm -f cyberpanel.sh install.tar.gz +rm -f cyberpanel.sh install.tar.gz curl --silent -o cyberpanel.sh "https://cyberpanel.sh/?dl&${SERVER_OS}" 2>/dev/null chmod +x cyberpanel.sh ./cyberpanel.sh "$@" From 62bb67e4d6c1b05db92f2d779ced96498c2af700 Mon Sep 17 00:00:00 2001 From: Lorin Halpert Date: Wed, 4 Mar 2020 16:35:12 -0500 Subject: [PATCH 2/4] Delete .DS_Store It is listed in .gitignore file - OSX metadata file unrelated to project, must have been left over from time prior commit or from a client that does not follow .gitignore rules --- .DS_Store | Bin 12292 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index db680f6a49c337d0d2dee003c12c0380158c9c51..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12292 zcmeHNOK%)S5U%!f*N=Fe#BqW^T45nYim~k2!M0Eo$4MZDge+MnaY%x*kMVl&cxE#@ z>qm@{FFa1113v%>@dr2|E=X`foRGNi2RI-hE?mM_J+pRq&zgh_M9H)?-MusQb#+xw zS9R4a5sBG)d5q{d5v6c(o9RLI5mB}qty1_oU$N4PI|A2vTb>v(R3DdrrnRCK%|`d~q?;yV8DA?lG6R28ss{Ws&d>#P=SRWSnmqv>zL^-IBHD=;=?2>`_(mlxu*K~;=@PL7uRdmC_D2*vFg~hV083n(bC%1-qD##b)~v`yYA$dz4d%h z2NTt%L^kU}d*4C-%@!{;Lsp;+E?AGMu=x}yo{FUwPbZYRWvD0&RS2yo(y}$jz zXILT>5&0783xDs{pQFc$)D&Zv)*?a0Hw{65&14#)rn|a(dJptv`VSuJKioesaAff4 zz_I6!J-?VaR4kNMDn3v8oacD{tW&oZ?2_l^?fce3U~L54Svi9<+*=jjE?-$%s#(E;(!aTw>8q7|&v9~I%?@nOy?MI^-OmNq>YTgef#Vu< zeWl8eYS%5lhBk&-xZ@OxmUG3O^@6}#y;<=6f?Kg>H<^-0gCIHI;*lipe6>)r-OA9J z-$Qi{&Ey&#PBNloh>eacLo@y-vXjb)^t|i2R(fdW&FEo@PS9C;126qDt<$IUIekH2 z(|7a>{YHO@HgQC}C{Bn8aax=a7scD+s+bqo#5>|vh;M1E?hDa)Q6tLe#8!7Lzn5^t z^B%eSb-68EY;q6pLOE_w#2?1?=+kg>YDzPXZYdb(LqL1dNG@SJZb(DshI}a}=fIoP zFi|Z(8l&`L6d&BKp{<}-kRyy>++}@px1KhTX}St0a25&O%Vo**WA7SwxGgqZCI;?A!}MsF zyi8FCn6ZIthjVy5+|z3E_EnUzISxUgD_C%s7V$blkx;3J#kc7`mNG!=@r$o7zVz3s zZ|jh_kiMkTvJcgkB85@mEm59KwZa-S)z(Qvh^@6WD`dp>)P*J*-O@1XBNHmaWAkn~+t${42*M}ot z7&R^<3&6fRfZgXKufrZdxBHFn?;NE{(OTgfs$?5f@Ueui^t)6Y@JC@>3je9ovX9kh zdn7F%^w>I{&nBPQF<22g|?QPQ3n0XN1@}m4hFR_drwR;-gQb zGVoH@fB%vAjEFsi-L?s7;&a-DzIT*;oyMNvy;<1Zv&Ol1?4jioJ7@{GdrfuCfvmb}-Js>w3FT{KEe-oDt*JV)-^NuFr_06>UbXpbug;nysihY6el54GEWF5!Wy-&x_xI-M2^QB5kUQ??T4e#rpn3 z@GtGEj^Q=rG|UF{wTxM=n$k$ysA7!&mFcr$ORPy{P(NWd5!uYKu`$kUj!jOV9L`Qp z#Z#M)V-q2?OnJ6*2b-rG)dl3`_WA#xBuc781BnKnP7R2*^ZE0$kgbt1H^t;{?O9xR zaWT!exVWG%A*i%J0^qm&9FKN1q?Cj+5oRZBB@_dMU-JL6KLRNKB~JW5)+O=(dr|5$ H Date: Thu, 5 Mar 2020 20:49:05 +0200 Subject: [PATCH 3/4] Double square `[[` brackets are a bash features. `==` is undefined in POSIX sh --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 223556eb8..635300c83 100644 --- a/install.sh +++ b/install.sh @@ -17,7 +17,7 @@ elif [ "$ID" = "centos" ] || [ "$ID" = "cloudlinux" ]; then 7|7.*) yum install curl wget -y 1> /dev/null yum update curl wget ca-certificates -y 1> /dev/null - if [[ "$ID" == "centos" ]] ; then + if [ "$ID" = "centos" ]; then SERVER_OS="CentOS" else SERVER_OS="CloudLinux" From 8e07f7ea1a37ea5c1bf2878073d5325ebbe0e12e Mon Sep 17 00:00:00 2001 From: Znuff Date: Thu, 5 Mar 2020 21:02:38 +0200 Subject: [PATCH 4/4] Proper domain validation with the "validators" library. --- requirments.txt | 3 ++- websiteFunctions/website.py | 23 ++++++++--------------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/requirments.txt b/requirments.txt index 4b1b8bc45..619db9611 100755 --- a/requirments.txt +++ b/requirments.txt @@ -61,4 +61,5 @@ urllib3==1.22 websocket-client==0.56.0 zope.component==4.4.1 zope.event==4.3.0 -zope.interface==4.5.0 \ No newline at end of file +zope.interface==4.5.0 +validators==0.14.2 diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py index d779ce7c3..b277e48cf 100755 --- a/websiteFunctions/website.py +++ b/websiteFunctions/website.py @@ -180,14 +180,12 @@ class WebsiteManager: return ACLManager.loadErrorJson('createWebSiteStatus', 0) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain, - M | I): + if not validators.domain(domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) - if not match(r'\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b', adminEmail, - M | I): + if not validators.email(adminEmail): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid email."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -250,8 +248,7 @@ class WebsiteManager: path = data['path'] tempStatusPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain, - M | I): + if not validators.domain(domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -1593,8 +1590,7 @@ class WebsiteManager: aliasDomain = data['aliasDomain'] ssl = data['ssl'] - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', aliasDomain, - M | I): + if not validators.domain(aliasDomain): data_ret = {'status': 0, 'createAliasStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2683,14 +2679,12 @@ StrictHostKeyChecking no self.domain = data['masterDomain'] - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', self.domain, - M | I): + if not validators.domain(self.domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', data['domainName'], - M | I): + if not validators.domain(data['domainName']): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2756,8 +2750,7 @@ StrictHostKeyChecking no currentACL = ACLManager.loadedACL(userID) admin = Administrator.objects.get(pk=userID) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', data['childDomain'], - M | I): + if not validators.domain(data['childDomain']): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2828,4 +2821,4 @@ StrictHostKeyChecking no except BaseException as msg: data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) - return HttpResponse(json_data) \ No newline at end of file + return HttpResponse(json_data)