bug fix: allow file with spaces to be uploaded

2025-11-07 05:45:59 +01:00 · 2020-02-26 11:31:19 +05:00
parent 5e2f9aa085
commit fdc2134c7e
3 changed files with 19 additions and 20 deletions
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -54,13 +54,6 @@ class secMiddleware:
                    if request.path.find('gitNotify') > -1:
                        break

-                    # if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
-                    #     logging.writeToFile(request.body)
-                    #     final_dic = {'error_message': "Data supplied is not accepted.",
-                    #                  "errorMessage": "Data supplied is not accepted."}
-                    #     final_json = json.dumps(final_dic)
-                    #     return HttpResponse(final_json)
-
                    if type(value) == str or type(value) == bytes:
                        pass
                    else:
--- a/filemanager/filemanager.py
+++ b/filemanager/filemanager.py
@@ -20,11 +20,9 @@ class FileManager:
        return HttpResponse(final_json)

    def returnPathEnclosed(self, path):
-        htmlParser = html.parser.HTMLParser()
-        path = html.unescape(path)
-        return path
        return "'" + path + "'"

+
    def changeOwner(self,  path):
        domainName = self.data['domainName']
        website = Websites.objects.get(domain=domainName)
@@ -367,8 +365,13 @@ class FileManager:

            myfile = self.request.FILES['file']
            fs = FileSystemStorage()
+
+            try:
                filename = fs.save(myfile.name, myfile)
                finalData['fileName'] = fs.url(filename)
+            except BaseException as msg:
+                logging.writeToFile('%s. [375:upload]' % (str(msg)))
+
            pathCheck = '/home/%s' % (self.data['domainName'])

            if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
--- a/plogical/acl.py
+++ b/plogical/acl.py
@@ -19,6 +19,7 @@ class ACLManager:

    @staticmethod
    def commandInjectionCheck(value):
+        try:
            if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
                    or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
                    or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
@@ -27,6 +28,8 @@ class ACLManager:
                return 1
            else:
                return 0
+        except BaseException as msg:
+            logging.writeToFile('%s. [32:commandInjectionCheck]' % (str(msg)))

    @staticmethod
    def loadedACL(val):