From f12c6eede30f91b9ac2ac5a3fe4ede446d3ce183 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Mon, 13 Sep 2021 15:59:05 +0500 Subject: [PATCH] CP-21: Additional Security --- plogical/acl.py | 3 ++- websiteFunctions/website.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/plogical/acl.py b/plogical/acl.py index 29e136d30..71354a07a 100644 --- a/plogical/acl.py +++ b/plogical/acl.py @@ -789,8 +789,9 @@ class ACLManager: @staticmethod def CheckDomainBlackList(domain): import socket + BlackList = [ socket.gethostname(), 'hotmail.com', 'gmail.com', 'yandex.com', 'yahoo.com', 'localhost', 'aol.com', 'apple.com', - 'cloudlinux.com', 'email.com', 'facebook.com', 'gmail.com', 'gmx.de', 'gmx.com', 'google.com', + 'cloudlinux.com', 'email.com', 'facebook.com', 'gmx.de', 'gmx.com', 'google.com', 'hushmail.com', 'icloud.com', 'inbox.com', 'imunify360.com', 'juno.com', 'live.com', 'localhost.localdomain', 'localhost4.localdomain4', 'localhost6.localdomain6','mail.com', 'mail.ru', 'me.com', 'microsoft.com', 'mxlogic.net', 'outlook.com', 'protonmail.com', 'twitter.com', 'yandex.ru'] diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py index 9446867b3..fd02fd1cc 100755 --- a/websiteFunctions/website.py +++ b/websiteFunctions/website.py @@ -173,7 +173,8 @@ class WebsiteManager: json_data = json.dumps(data_ret) return HttpResponse(json_data) - if not validators.email(adminEmail): + + if not validators.email(adminEmail) or adminEmail.find('--') > -1: data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid email."} json_data = json.dumps(data_ret) return HttpResponse(json_data)