Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-10 23:36:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix: https://community.cyberpanel.net/t/bug-report-github-webhook-not-working-after-cyberpanel-upgrade/58865

Browse Source
This commit is contained in:
usmannasir
2025-07-03 18:33:24 +05:00
parent a3d1b0d132
commit eefa86c019
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CyberCP/secMiddleware.py
View File

@@ -164,11 +164,11 @@ class secMiddleware:
return HttpResponse(final_json)
# Allow JSON structure characters for API endpoints but keep security checks for dangerous characters
isAPIEndpoint = (FinalURL.find('api/remoteTransfer') > -1 or FinalURL.find('api/verifyConn') > -1 or
FinalURL.find('webhook') > -1 or FinalURL.find('saveSpamAssassinConfigurations') > -1 or
FinalURL.find('docker') > -1 or FinalURL.find('cloudAPI') > -1 or
FinalURL.find('verifyLogin') > -1 or FinalURL.find('submitUserCreation') > -1 or
FinalURL.find('/api/') > -1)
isAPIEndpoint = (pathActual.find('api/remoteTransfer') > -1 or pathActual.find('api/verifyConn') > -1 or
pathActual.find('saveSpamAssassinConfigurations') > -1 or
pathActual.find('docker') > -1 or pathActual.find('cloudAPI') > -1 or
pathActual.find('verifyLogin') > -1 or pathActual.find('submitUserCreation') > -1 or
pathActual.find('/api/') > -1)
if isAPIEndpoint:
# For API endpoints, still check for the most dangerous command injection characters