Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 13:56:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix to fm after security improvements

Browse Source
This commit is contained in:
Usman Nasir
2020-02-05 15:34:12 +05:00
parent 20ae44e986
commit b5c0c169fd
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
filemanager/filemanager.py
View File

@@ -365,7 +365,7 @@ class FileManager:
finalData['fileName'] = fs.url(filename)
pathCheck = '/home/%s' % (self.data['domainName'])
if self.data['completePath'].find(pathCheck) == -1 or self.data['completePath'].find('..') > -1:
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or ((self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name)