Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 22:06:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix: file manager

Browse Source
This commit is contained in:
Usman Nasir
2021-09-01 14:39:12 +05:00
parent 1b5f0515b9
commit b01a42c0f4
2 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
filemanager/filemanager.py
View File

@@ -604,6 +604,15 @@ class FileManager:
pathCheck = '/home/%s' % (self.data['domainName']) pathCheck = '/home/%s' % (self.data['domainName'])
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
command = 'ls -la %s' % (self.data['completePath'])
result = ProcessUtilities.outputExecutioner(command, website.externalApp)
if result.find('->') > -1:
return self.ajaxPre(0, "Symlink attack.")
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1: if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!') return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
@@ -616,9 +625,6 @@ class FileManager:
self.data['completePath'] + '/' + myfile.name) self.data['completePath'] + '/' + myfile.name)
ProcessUtilities.executioner(command) ProcessUtilities.executioner(command)
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, command = 'chown %s:%s %s' % (website.externalApp, website.externalApp,
self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name)) self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
ProcessUtilities.executioner(command) ProcessUtilities.executioner(command)

18
websiteFunctions/website.py
View File

@@ -1000,6 +1000,15 @@ class WebsiteManager:
else: else:
fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log" fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log"
command = 'ls -la %s' % fileName
result = ProcessUtilities.outputExecutioner(command)
if result.find('->') > -1:
final_json = json.dumps(
{'status': 0, 'logstatus': 0,
'error_message': "Symlink attack."})
return HttpResponse(final_json)
## get Logs ## get Logs
website = Websites.objects.get(domain=self.domain) website = Websites.objects.get(domain=self.domain)
@@ -1059,6 +1068,15 @@ class WebsiteManager:
fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log" fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log"
command = 'ls -la %s' % fileName
result = ProcessUtilities.outputExecutioner(command)
if result.find('->') > -1:
final_json = json.dumps(
{'status': 0, 'logstatus': 0,
'error_message': "Symlink attack."})
return HttpResponse(final_json)
## get Logs ## get Logs
website = Websites.objects.get(domain=self.domain) website = Websites.objects.get(domain=self.domain)