Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 13:56:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix: security

Browse Source
This commit is contained in:
Usman Nasir
2022-01-26 12:49:07 +05:00
parent c40c452a7f
commit c10c3b7861
4 changed files with 34 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
filemanager/filemanager.py
View File

@@ -595,19 +595,7 @@ class FileManager:
finalData['uploadStatus'] = 1 finalData['uploadStatus'] = 1
finalData['answer'] = 'File transfer completed.' finalData['answer'] = 'File transfer completed.'
### Check if upload path tmp dir is not available ACLManager.CreateSecureDir()
UploadPath = '/usr/local/CyberCP/tmp/'
if not os.path.exists(UploadPath):
command = 'mkdir %s' % (UploadPath)
ProcessUtilities.executioner(command)
command = 'chown cyberpanel:cyberpanel %s' % (UploadPath)
ProcessUtilities.executioner(command)
command = 'chmod 711 %s' % (UploadPath)
ProcessUtilities.executioner(command)
## Random file name ## Random file name

1
loginSystem/views.py
View File

@@ -141,7 +141,6 @@ def verifyLogin(request):
json_data = json.dumps(data) json_data = json.dumps(data)
return HttpResponse(json_data) return HttpResponse(json_data)
@ensure_csrf_cookie @ensure_csrf_cookie
def loadLoginPage(request): def loadLoginPage(request):
try: try:

18
plogical/acl.py
View File

@@ -1,5 +1,8 @@
#!/usr/local/CyberCP/bin/python #!/usr/local/CyberCP/bin/python
import os,sys import os,sys
from .processUtilities import ProcessUtilities
sys.path.append('/usr/local/CyberCP') sys.path.append('/usr/local/CyberCP')
import django import django
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings") os.environ.setdefault("DJANGO_SETTINGS_MODULE", "CyberCP.settings")
@@ -831,5 +834,20 @@ class ACLManager:
domainName = Websites.objects.get(domain=domain) domainName = Websites.objects.get(domain=domain)
return domainName.externalApp return domainName.externalApp
@staticmethod
def CreateSecureDir():
### Check if upload path tmp dir is not available
UploadPath = '/usr/local/CyberCP/tmp/'
if not os.path.exists(UploadPath):
command = 'mkdir %s' % (UploadPath)
ProcessUtilities.executioner(command)
command = 'chown cyberpanel:cyberpanel %s' % (UploadPath)
ProcessUtilities.executioner(command)
command = 'chmod 711 %s' % (UploadPath)
ProcessUtilities.executioner(command)

17
plogical/vhost.py
View File

@@ -852,14 +852,27 @@ class vhost:
def finalizeDomainCreation(virtualHostUser, path): def finalizeDomainCreation(virtualHostUser, path):
try: try:
ACLManager.CreateSecureDir()
RanddomFileName = str(randint(1000, 9999))
FullPath = '%s/%s' % ('/usr/local/CyberCP/tmp', RanddomFileName)
FNULL = open(os.devnull, 'w') FNULL = open(os.devnull, 'w')
shutil.copy("/usr/local/CyberCP/index.html", path + "/index.html") #shutil.copy("/usr/local/CyberCP/index.html", path + "/index.html")
command = "chown " + virtualHostUser + ":" + virtualHostUser + " " + path + "/index.html" shutil.copy("/usr/local/CyberCP/index.html", FullPath)
command = "chown " + virtualHostUser + ":" + virtualHostUser + " " + FullPath
cmd = shlex.split(command) cmd = shlex.split(command)
subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT) subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT)
command = 'sudo -u %s cp %s %s/index.html' % (virtualHostUser, FullPath, path)
ProcessUtilities.normalExecutioner(command)
os.remove(FullPath)
vhostPath = vhost.Server_root + "/conf/vhosts" vhostPath = vhost.Server_root + "/conf/vhosts"
command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath
cmd = shlex.split(command) cmd = shlex.split(command)