Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 05:45:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug fix: allow file with spaces to be uploaded

Browse Source
This commit is contained in:
Usman Nasir
2020-02-26 11:31:19 +05:00
parent 5e2f9aa085
commit fdc2134c7e
3 changed files with 19 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CyberCP/secMiddleware.py
View File

@@ -54,13 +54,6 @@ class secMiddleware:
if request.path.find('gitNotify') > -1: if request.path.find('gitNotify') > -1:
break break
# if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
# logging.writeToFile(request.body)
# final_dic = {'error_message': "Data supplied is not accepted.",
# "errorMessage": "Data supplied is not accepted."}
# final_json = json.dumps(final_dic)
# return HttpResponse(final_json)
if type(value) == str or type(value) == bytes: if type(value) == str or type(value) == bytes:
pass pass
else: else:

9
filemanager/filemanager.py
View File

@@ -20,11 +20,9 @@ class FileManager:
return HttpResponse(final_json) return HttpResponse(final_json)
def returnPathEnclosed(self, path): def returnPathEnclosed(self, path):
htmlParser = html.parser.HTMLParser()
path = html.unescape(path)
return path
return "'" + path + "'" return "'" + path + "'"
def changeOwner(self, path): def changeOwner(self, path):
domainName = self.data['domainName'] domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName) website = Websites.objects.get(domain=domainName)
@@ -367,8 +365,13 @@ class FileManager:
myfile = self.request.FILES['file'] myfile = self.request.FILES['file']
fs = FileSystemStorage() fs = FileSystemStorage()
try:
filename = fs.save(myfile.name, myfile) filename = fs.save(myfile.name, myfile)
finalData['fileName'] = fs.url(filename) finalData['fileName'] = fs.url(filename)
except BaseException as msg:
logging.writeToFile('%s. [375:upload]' % (str(msg)))
pathCheck = '/home/%s' % (self.data['domainName']) pathCheck = '/home/%s' % (self.data['domainName'])
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1: if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:

3
plogical/acl.py
View File

@@ -19,6 +19,7 @@ class ACLManager:
@staticmethod @staticmethod
def commandInjectionCheck(value): def commandInjectionCheck(value):
try:
if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \ if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \ or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find( or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
@@ -27,6 +28,8 @@ class ACLManager:
return 1 return 1
else: else:
return 0 return 0
except BaseException as msg:
logging.writeToFile('%s. [32:commandInjectionCheck]' % (str(msg)))
@staticmethod @staticmethod
def loadedACL(val): def loadedACL(val):