Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-08 14:26:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolve CP-26

Browse Source
This commit is contained in:
Usman Nasir
2021-09-25 13:09:40 +05:00
parent 9dc16251be
commit 803a3d53d7
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
filemanager/filemanager.py
View File

@@ -1,3 +1,5 @@
import os
from django.shortcuts import HttpResponse from django.shortcuts import HttpResponse
import json import json
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
@@ -609,7 +611,7 @@ class FileManager:
command = 'ls -la %s' % (self.data['completePath']) command = 'ls -la %s' % (self.data['completePath'])
result = ProcessUtilities.outputExecutioner(command, website.externalApp) result = ProcessUtilities.outputExecutioner(command, website.externalApp)
#
if result.find('->') > -1: if result.find('->') > -1:
return self.ajaxPre(0, "Symlink attack.") return self.ajaxPre(0, "Symlink attack.")
@@ -620,21 +622,26 @@ class FileManager:
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1: (self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!') return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed( command = 'cp ' + self.returnPathEnclosed(
'/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed( '/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(
self.data['completePath'] + '/' + myfile.name) self.data['completePath'] + '/' + myfile.name)
ProcessUtilities.executioner(command) ProcessUtilities.executioner(command, website.externalApp)
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp,
self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
ProcessUtilities.executioner(command)
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name)) self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
try:
os.remove(self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name))
except:
pass
json_data = json.dumps(finalData) json_data = json.dumps(finalData)
return HttpResponse(json_data) return HttpResponse(json_data)
except BaseException as msg: except BaseException as msg:
try:
os.remove(self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name))
except:
pass
return self.ajaxPre(0, str(msg)) return self.ajaxPre(0, str(msg))
def extract(self): def extract(self):

1
filemanager/views.py
View File

@@ -11,7 +11,6 @@ from .filemanager import FileManager as FM
from plogical.processUtilities import ProcessUtilities from plogical.processUtilities import ProcessUtilities
# Create your views here. # Create your views here.
def loadFileManagerHome(request,domain): def loadFileManagerHome(request,domain):
try: try:
userID = request.session['userID'] userID = request.session['userID']