Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-08 06:16:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

security fix: CP-19: Websites – Create Website

Browse Source
This commit is contained in:
Usman Nasir
2021-09-01 14:13:42 +05:00
parent 2540490e25
commit c3a0cf459e
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plogical/acl.py
View File

@@ -786,4 +786,14 @@ class ACLManager:
else: else:
return 0 return 0
@staticmethod
def CheckDomainBlackList(domain):
BlackList = ['hotmail.com', 'gmail.com', 'yandex.com', 'yahoo.com', 'localhost']
for black in BlackList:
if domain.endswith(black):
return 0
return 1

5
websiteFunctions/website.py
View File

@@ -162,6 +162,11 @@ class WebsiteManager:
if ACLManager.checkOwnerProtection(currentACL, loggedUser, newOwner) == 0: if ACLManager.checkOwnerProtection(currentACL, loggedUser, newOwner) == 0:
return ACLManager.loadErrorJson('createWebSiteStatus', 0) return ACLManager.loadErrorJson('createWebSiteStatus', 0)
if ACLManager.CheckDomainBlackList(domain) == 0:
data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Blacklisted domain."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if not validators.domain(domain): if not validators.domain(domain):
data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."}
json_data = json.dumps(data_ret) json_data = json.dumps(data_ret)