Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 23:36:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

securify fix: CP-29: Manage Website – SMTP Hosts – Verify

Browse Source
This commit is contained in:
Usman Nasir
2021-08-30 12:51:18 +05:00
parent be9f5d7620
commit b9342a905a
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
emailMarketing/emailMarketingManager.py
View File

@@ -599,6 +599,7 @@ class EmailMarketingManager:
userID = self.request.session['userID'] userID = self.request.session['userID']
admin = Administrator.objects.get(pk=userID) admin = Administrator.objects.get(pk=userID)
currentACL = ACLManager.loadedACL(userID)
if emACL.checkIfEMEnabled(admin.userName) == 0: if emACL.checkIfEMEnabled(admin.userName) == 0:
return ACLManager.loadErrorJson() return ACLManager.loadErrorJson()
@@ -610,6 +611,10 @@ class EmailMarketingManager:
if operation == 'delete': if operation == 'delete':
delHost = SMTPHosts.objects.get(id=id) delHost = SMTPHosts.objects.get(id=id)
if ACLManager.VerifySMTPHost(currentACL, delHost.owner, admin) == 0:
return ACLManager.loadErrorJson()
currentACL = ACLManager.loadedACL(userID) currentACL = ACLManager.loadedACL(userID)
if currentACL['admin'] == 1: if currentACL['admin'] == 1:
pass pass
@@ -622,6 +627,10 @@ class EmailMarketingManager:
else: else:
try: try:
verifyHost = SMTPHosts.objects.get(id=id) verifyHost = SMTPHosts.objects.get(id=id)
if ACLManager.VerifySMTPHost(currentACL, verifyHost.owner, admin) == 0:
return ACLManager.loadErrorJson()
verifyLogin = smtplib.SMTP(str(verifyHost.host), int(verifyHost.port)) verifyLogin = smtplib.SMTP(str(verifyHost.host), int(verifyHost.port))
if int(verifyHost.port) == 587: if int(verifyHost.port) == 587:

10
plogical/acl.py
View File

@@ -43,6 +43,16 @@ class ACLManager:
'"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \ '"dkimManager": 1, "createFTPAccount": 1, "deleteFTPAccount": 1, "listFTPAccounts": 1, "createBackup": 1,' \
' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \ ' "restoreBackup": 0, "addDeleteDestinations": 0, "scheduleBackups": 0, "remoteBackups": 0, "googleDriveBackups": 1, "manageSSL": 1, ' \
'"hostnameSSL": 0, "mailServerSSL": 0 }' '"hostnameSSL": 0, "mailServerSSL": 0 }'
@staticmethod
def VerifySMTPHost(currentACL, owner, user):
if currentACL['admin'] == 1:
return 1
elif owner == user:
return 1
else:
return 0
@staticmethod @staticmethod
def FindIfChild(): def FindIfChild():
try: try: