From eefa86c0195db95fea7f7812d7a3a7d817302fee Mon Sep 17 00:00:00 2001
From: usmannasir <usman@cyberpersons.com>
Date: Thu, 3 Jul 2025 18:33:24 +0500
Subject: [PATCH] bug fix:
 https://community.cyberpanel.net/t/bug-report-github-webhook-not-working-after-cyberpanel-upgrade/58865

---
 CyberCP/secMiddleware.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index c79eeb779..fb2cc0729 100644
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -164,11 +164,11 @@ class secMiddleware:
                             return HttpResponse(final_json)
 
                     # Allow JSON structure characters for API endpoints but keep security checks for dangerous characters
-                    isAPIEndpoint = (FinalURL.find('api/remoteTransfer') > -1 or FinalURL.find('api/verifyConn') > -1 or 
-                                   FinalURL.find('webhook') > -1 or FinalURL.find('saveSpamAssassinConfigurations') > -1 or 
-                                   FinalURL.find('docker') > -1 or FinalURL.find('cloudAPI') > -1 or 
-                                   FinalURL.find('verifyLogin') > -1 or FinalURL.find('submitUserCreation') > -1 or 
-                                   FinalURL.find('/api/') > -1)
+                    isAPIEndpoint = (pathActual.find('api/remoteTransfer') > -1 or pathActual.find('api/verifyConn') > -1 or 
+                                   pathActual.find('saveSpamAssassinConfigurations') > -1 or 
+                                   pathActual.find('docker') > -1 or pathActual.find('cloudAPI') > -1 or 
+                                   pathActual.find('verifyLogin') > -1 or pathActual.find('submitUserCreation') > -1 or 
+                                   pathActual.find('/api/') > -1)
                     
                     if isAPIEndpoint:
                         # For API endpoints, still check for the most dangerous command injection characters