Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-08 06:16:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix to fm after security improvements

Browse Source
This commit is contained in:
Usman Nasir
2020-02-05 15:34:12 +05:00
parent 20ae44e986
commit b5c0c169fd
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
filemanager/filemanager.py
View File

@@ -365,7 +365,7 @@ class FileManager:
finalData['fileName'] = fs.url(filename) finalData['fileName'] = fs.url(filename)
pathCheck = '/home/%s' % (self.data['domainName']) pathCheck = '/home/%s' % (self.data['domainName'])
if self.data['completePath'].find(pathCheck) == -1 or self.data['completePath'].find('..') > -1: if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or ((self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!') return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name) command = 'mv ' + self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name)

4
filemanager/views.py
View File

@@ -59,10 +59,10 @@ def changePermissions(request):
command = "sudo chown -R lscpd:lscpd /home/" + domainName+"/logs" command = "sudo chown -R lscpd:lscpd /home/" + domainName+"/logs"
ProcessUtilities.popenExecutioner(command) ProcessUtilities.popenExecutioner(command)
command = "sudo find %s -type d -exec chmod 0755 {} \;" % ("/home/" + domainName + "/public_html") command = "find %s -type d -exec chmod 0755 {} \;" % ("/home/" + domainName + "/public_html")
ProcessUtilities.popenExecutioner(command) ProcessUtilities.popenExecutioner(command)
command = "sudo find %s -type f -exec chmod 0644 {} \;" % ("/home/" + domainName + "/public_html") command = "find %s -type f -exec chmod 0644 {} \;" % ("/home/" + domainName + "/public_html")
ProcessUtilities.popenExecutioner(command) ProcessUtilities.popenExecutioner(command)
data_ret = {'permissionsChanged': 1, 'error_message': "None"} data_ret = {'permissionsChanged': 1, 'error_message': "None"}