security fix: CP-21: Websites – Create Website

2025-11-09 14:56:10 +01:00 · 2021-08-20 15:31:11 +05:00
parent c5ec9cc9ac
commit bf42a54be0
2 changed files with 2 additions and 2 deletions
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -80,7 +80,7 @@ class secMiddleware:
                            or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \
                            or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow':
                        continue
-                    if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
+                    if value.find('- -') > -1 or value.find('\n') > -1 or  value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
                            or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
                            or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\
                            or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -1813,7 +1813,7 @@ class WebsiteManager:
            statusFile = data['statusFile']
            if (statusFile[:16] == "/home/cyberpanel" or statusFile[:4] == '/tmp' or statusFile[:18] == '/usr/local/CyberCP') \
-                    and statusFile != '/usr/local/CyberCP/CyberCP/settings.py' and statusFile.find('..') == -1:
+                    and statusFile != '/usr/local/CyberCP/CyberCP/settings.py' and statusFile.find('..') == -1 and statusFile != '/home/cyberpanel/.my.cnf':
                pass
            else:
                data_ret = {'abort': 1, 'installStatus': 0, 'installationProgress': "100",