From 158b53dd6825f5295be391bf2ff5285fa53bc38f Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Wed, 29 Jan 2020 19:30:58 +0500
Subject: [PATCH] file path check

---
 websiteFunctions/website.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 2066beacc..15bd84025 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -1761,12 +1761,20 @@ class WebsiteManager:
         try:
             statusFile = data['statusFile']
 
-            statusData = ProcessUtilities.outputExecutioner("sudo cat " + statusFile).splitlines()
+            if (statusFile[:16] == "/home/cyberpanel" or statusFile[:4] == '/tmp' or statusFile[:18] == '/usr/local/CyberCP') and statusFile != '/usr/local/CyberCP/CyberCP/settings.py':
+                pass
+            else:
+                data_ret = {'abort': 1, 'installStatus': 0, 'installationProgress': "100",
+                            'currentStatus': 'Invalid status file.'}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+            statusData = ProcessUtilities.outputExecutioner("cat " + statusFile).splitlines()
 
             lastLine = statusData[-1]
 
             if lastLine.find('[200]') > -1:
-                command = 'sudo rm -f ' + statusFile
+                command = 'rm -f ' + statusFile
                 subprocess.call(shlex.split(command))
                 data_ret = {'abort': 1, 'installStatus': 1, 'installationProgress': "100",
                             'currentStatus': 'Successfully Installed.'}