Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 07:16:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

security improvements to fm

Browse Source
This commit is contained in:
Usman Nasir
2020-02-04 19:22:42 +05:00
parent a5517b27bb
commit e5ebbd1fdf
2 changed files with 38 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
filemanager/views.py
View File

@@ -94,11 +94,15 @@ def downloadFile(request):
else:
return ACLManager.loadErrorJson('permissionsChanged', 0)
homePath = '/home/%s' % (domainName)
if fileToDownload.find('..') > -1 or fileToDownload.find(homePath) == -1:
return HttpResponse("Unauthorized access.")
response = HttpResponse(content_type='application/force-download')
response['Content-Disposition'] = 'attachment; filename=%s' % (fileToDownload.split('/')[-1])
response['X-LiteSpeed-Location'] = '%s' % (fileToDownload)
logging.CyberCPLogFileWriter.writeToFile('test 2')
return response
except KeyError: