CP-21: Additional Security

plogical/acl.py

@@ -789,8 +789,9 @@ class ACLManager:
     @staticmethod
     def CheckDomainBlackList(domain):
         import socket
+
         BlackList = [ socket.gethostname(), 'hotmail.com', 'gmail.com', 'yandex.com', 'yahoo.com', 'localhost', 'aol.com', 'apple.com',
-                     'cloudlinux.com', 'email.com', 'facebook.com', 'gmail.com', 'gmx.de', 'gmx.com', 'google.com',
+                     'cloudlinux.com', 'email.com', 'facebook.com', 'gmx.de', 'gmx.com', 'google.com',
                      'hushmail.com', 'icloud.com', 'inbox.com', 'imunify360.com', 'juno.com', 'live.com', 'localhost.localdomain',
                      'localhost4.localdomain4', 'localhost6.localdomain6','mail.com', 'mail.ru', 'me.com',
                      'microsoft.com', 'mxlogic.net', 'outlook.com', 'protonmail.com', 'twitter.com', 'yandex.ru']

websiteFunctions/website.py

@@ -173,7 +173,8 @@ class WebsiteManager:
                 json_data = json.dumps(data_ret)
                 return HttpResponse(json_data)
 
-            if not validators.email(adminEmail):
+
+            if not validators.email(adminEmail) or adminEmail.find('--') > -1:
                 data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid email."}
                 json_data = json.dumps(data_ret)
                 return HttpResponse(json_data)