Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 05:45:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

security fix: CP-24: Manage Website – Domain Alias (Delete)

Browse Source
This commit is contained in:
Usman Nasir
2021-08-20 19:42:06 +05:00
parent 9a47edc9ec
commit a288a88754
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plogical/acl.py
View File

@@ -7,7 +7,7 @@ django.setup()
from loginSystem.models import Administrator, ACL from loginSystem.models import Administrator, ACL
from django.shortcuts import HttpResponse from django.shortcuts import HttpResponse
from packages.models import Package from packages.models import Package
from websiteFunctions.models import Websites, ChildDomains from websiteFunctions.models import Websites, ChildDomains, aliasDomains
import json import json
from subprocess import call, CalledProcessError from subprocess import call, CalledProcessError
from shlex import split from shlex import split
@@ -43,6 +43,16 @@ class ACLManager:
'"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \ '"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \
' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \ ' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \
'"hostnameSSL": 0, "mailServerSSL": 0 }' '"hostnameSSL": 0, "mailServerSSL": 0 }'
@staticmethod
def AliasDomainCheck(currentACL, aliasDomain, master):
aliasOBJ = aliasDomains.objects.get(aliasDomain=aliasDomain)
masterOBJ = Websites.objects.get(domain=master)
if currentACL['admin'] == 1:
return 1
elif aliasOBJ.master == masterOBJ:
return 1
else:
return 0
@staticmethod @staticmethod
def CheckPackageOwnership(package, admin, currentACL): def CheckPackageOwnership(package, admin, currentACL):

10
websiteFunctions/website.py
View File

@@ -1674,6 +1674,11 @@ class WebsiteManager:
else: else:
return ACLManager.loadErrorJson('sslStatus', 0) return ACLManager.loadErrorJson('sslStatus', 0)
if ACLManager.AliasDomainCheck(currentACL, aliasDomain, self.domain) == 1:
pass
else:
return ACLManager.loadErrorJson('sslStatus', 0)
sslpath = "/home/" + self.domain + "/public_html" sslpath = "/home/" + self.domain + "/public_html"
## Create Configurations ## Create Configurations
@@ -1711,6 +1716,11 @@ class WebsiteManager:
else: else:
return ACLManager.loadErrorJson('deleteAlias', 0) return ACLManager.loadErrorJson('deleteAlias', 0)
if ACLManager.AliasDomainCheck(currentACL, aliasDomain, self.domain) == 1:
pass
else:
return ACLManager.loadErrorJson('deleteAlias', 0)
## Create Configurations ## Create Configurations
execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py" execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"