mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-10-31 18:36:17 +01:00
acc6cad623
Fixes #1583 The fixPermissions function in file manager was causing sites to become inaccessible after running "Fix Permissions" on Ubuntu 24. The root causes: 1. Async execution (popenExecutioner) caused race conditions where commands executed in unpredictable order 2. The public_html directory group was incorrectly changed from 'nogroup' to the user's group, breaking web server access Changes: - Changed all async popenExecutioner calls to sync executioner calls - Reordered commands to set permissions before ownership - Ensured public_html directory maintains correct group ownership (nogroup) - Added comments to clarify the purpose of each step This ensures the file manager's "Fix Permissions" feature works correctly on Ubuntu 24 while maintaining proper security.
1108 lines
51 KiB
Python
1108 lines
51 KiB
Python
import os
|
|
|
|
from django.shortcuts import HttpResponse
|
|
import json
|
|
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
|
|
from plogical.processUtilities import ProcessUtilities
|
|
from websiteFunctions.models import Websites
|
|
from random import randint
|
|
from django.core.files.storage import FileSystemStorage
|
|
from plogical.acl import ACLManager
|
|
from filemanager.models import Trash
|
|
|
|
|
|
class FileManager:
|
|
modes = {'php': 'application/x-httpd-php', 'javascript': 'javascript', 'python': 'text/x-python',
|
|
'html': 'text/html', 'go': 'text/x-go', 'css': 'text/css', 'java': 'text/x-java', 'perl': 'text/x-perl',
|
|
'scss': 'text/x-sass'}
|
|
|
|
def __init__(self, request, data):
|
|
self.request = request
|
|
self.data = data
|
|
|
|
@staticmethod
|
|
def findMode(fileName):
|
|
if fileName.endswith('.php'):
|
|
return FileManager.modes['php']
|
|
elif fileName.endswith('.js'):
|
|
return FileManager.modes['javascript']
|
|
elif fileName.endswith('.py'):
|
|
return FileManager.modes['python']
|
|
elif fileName.endswith('.html'):
|
|
return FileManager.modes['html']
|
|
elif fileName.endswith('.go'):
|
|
return FileManager.modes['go']
|
|
elif fileName.endswith('.css'):
|
|
return FileManager.modes['css']
|
|
elif fileName.endswith('.pl') or fileName.endswith('.PL'):
|
|
return FileManager.modes['perl']
|
|
elif fileName.endswith('.java'):
|
|
return FileManager.modes['java']
|
|
elif fileName.endswith('.scss'):
|
|
return FileManager.modes['scss']
|
|
else:
|
|
return ""
|
|
|
|
|
|
@staticmethod
|
|
def findModeFiles(mode):
|
|
|
|
if mode == FileManager.modes['php']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/javascript/javascript.min.js"
|
|
integrity="sha512-e3U/84Fo+2ZAnRhLkjStm2hYnkmZ/NRmeesZ/GHjDhcLh35eYTQxsfSeDppx6Se5aX0N6mrygH7tr4wugWsPeQ=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/javascript-hint.min.js"
|
|
integrity="sha512-PPI9W6pViVZfJ5uvmYZsHbPwf7T+voS0OpohIrN8Q4CRCCa6JK39JJ0R16HHmyV7EQR8MTa+O56CpWjfKOxl0A=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/css/css.min.js"
|
|
integrity="sha512-DG+5u//fVN9kpDgTGe78IJhJW8e5+tlrPaMgNqcrzyPXsn+GPaF2T62+X3ds7SuhFR9Qeb7XZ6kMD8X09FeJhA=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/xml/xml.min.js"
|
|
integrity="sha512-k1HnoY9EXahEfPz7kq/lD9DltloKH9OrB9XNKYoUQrNz9epe5F4mQP5PfuIfeRfoXHkNrE0gF3Mx4LhC5BVl9Q=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/htmlmixed/htmlmixed.min.js"
|
|
integrity="sha512-p15qsXPrhaUkH+/RPE6QzCmxUAPkCRw89ityx+tWC1lAYI6Et2L0UpN+iqifxUdt+ss1FQ+9CuzxpBeT9mR3/w=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/clike/clike.min.js" integrity="sha512-HT3t3u7HfQ7USbSZa0Tk5caEnUfO8s58OWqMBwm96xaZAbA17rpnXXHDefR8ixVmSSVssbOv3W3OMh6mNX/XuQ==" crossorigin="anonymous"></script>
|
|
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/anyword-hint.min.js" integrity="sha512-wdYOcbX/zcS4tP3HEDTkdOI5UybyuRxJMQzDQIRcafRLY/oTDWyXO+P8SzuajQipcJXkb2vHcd1QetccSFAaVw==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/css-hint.min.js" integrity="sha512-iXuwWkAmdAUNuO5rUtzmJZ/LoeJoSG8ZeQVdcUBCkV0dxfe7bxfzQMKCwQ6uNNs0FZ9jmSrN/jzJX7G1bOs4Nw==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/html-hint.min.js" integrity="sha512-aGi2Yn9VkLP9HiwiMXfkY7KQoGfwDW6JiGUtPhiPJAL9J7+rwwPVWUtUYvHW+xp3yJ7F0UhTPoPumUZv3+E/Rg==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/sql-hint.min.js" integrity="sha512-zVNOyYBOmDcGRo9/Tz+rYW8vjhAO4D/jqbj9+IIb1xWMU1ROyNWPCeWcOoBTquOBBmdiue78xJg5kkdWzsZJog==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/xml-hint.min.js" integrity="sha512-XtLGFClKrm3hNY3bS01LPiIkF64i9CnlxCqj5O+TSQq7UW8kFhFIc3kOR3bJ98h4ThxFaKdJA9PpQC76LvD/oQ==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/php/php.min.js"
|
|
integrity="sha512-m8sosGXUwyH6Ppzoy+CoQ/r5zAwZRGdNFUgGH81E3RDQkFnAsE4cP1I3tokvZwgMsDZB5mHxs+7egAgvhaCcMw=="
|
|
crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['javascript']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/show-hint.min.js"
|
|
integrity="sha512-ge9uKCpgPmuJY2e2zPXhpYCZfyb1/R7KOOfMZ3SzSX3ZayWpINs3sHnI8LGEHUf6UOFX/D03FVHgR36uRL8/Vw=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/javascript/javascript.min.js"
|
|
integrity="sha512-e3U/84Fo+2ZAnRhLkjStm2hYnkmZ/NRmeesZ/GHjDhcLh35eYTQxsfSeDppx6Se5aX0N6mrygH7tr4wugWsPeQ=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/javascript-hint.min.js"
|
|
integrity="sha512-PPI9W6pViVZfJ5uvmYZsHbPwf7T+voS0OpohIrN8Q4CRCCa6JK39JJ0R16HHmyV7EQR8MTa+O56CpWjfKOxl0A=="
|
|
crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['python']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/python/python.min.js" integrity="sha512-DS+asaww1mE0V/N6YGVgoNIRj+yXB9hAV68vM6rVeWs0G+OyMd24LKrnS4Z+g26rgghU7qvGeEnRVUArV7nVog==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['html']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/javascript/javascript.min.js"
|
|
integrity="sha512-e3U/84Fo+2ZAnRhLkjStm2hYnkmZ/NRmeesZ/GHjDhcLh35eYTQxsfSeDppx6Se5aX0N6mrygH7tr4wugWsPeQ=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/javascript-hint.min.js"
|
|
integrity="sha512-PPI9W6pViVZfJ5uvmYZsHbPwf7T+voS0OpohIrN8Q4CRCCa6JK39JJ0R16HHmyV7EQR8MTa+O56CpWjfKOxl0A=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/css/css.min.js"
|
|
integrity="sha512-DG+5u//fVN9kpDgTGe78IJhJW8e5+tlrPaMgNqcrzyPXsn+GPaF2T62+X3ds7SuhFR9Qeb7XZ6kMD8X09FeJhA=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/xml/xml.min.js"
|
|
integrity="sha512-k1HnoY9EXahEfPz7kq/lD9DltloKH9OrB9XNKYoUQrNz9epe5F4mQP5PfuIfeRfoXHkNrE0gF3Mx4LhC5BVl9Q=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/htmlmixed/htmlmixed.min.js"
|
|
integrity="sha512-p15qsXPrhaUkH+/RPE6QzCmxUAPkCRw89ityx+tWC1lAYI6Et2L0UpN+iqifxUdt+ss1FQ+9CuzxpBeT9mR3/w=="
|
|
crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/anyword-hint.min.js" integrity="sha512-wdYOcbX/zcS4tP3HEDTkdOI5UybyuRxJMQzDQIRcafRLY/oTDWyXO+P8SzuajQipcJXkb2vHcd1QetccSFAaVw==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/css-hint.min.js" integrity="sha512-iXuwWkAmdAUNuO5rUtzmJZ/LoeJoSG8ZeQVdcUBCkV0dxfe7bxfzQMKCwQ6uNNs0FZ9jmSrN/jzJX7G1bOs4Nw==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/html-hint.min.js" integrity="sha512-aGi2Yn9VkLP9HiwiMXfkY7KQoGfwDW6JiGUtPhiPJAL9J7+rwwPVWUtUYvHW+xp3yJ7F0UhTPoPumUZv3+E/Rg==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/sql-hint.min.js" integrity="sha512-zVNOyYBOmDcGRo9/Tz+rYW8vjhAO4D/jqbj9+IIb1xWMU1ROyNWPCeWcOoBTquOBBmdiue78xJg5kkdWzsZJog==" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/addon/hint/xml-hint.min.js" integrity="sha512-XtLGFClKrm3hNY3bS01LPiIkF64i9CnlxCqj5O+TSQq7UW8kFhFIc3kOR3bJ98h4ThxFaKdJA9PpQC76LvD/oQ==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['go']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/go/go.min.js" integrity="sha512-DxeIplahS44UYHUdqtsLJ21g5xHilhuP7Y4i+NSsD7J4ow+LXIXLHsjvEpMqcTSg15rkaqBRIXEETAjq3yb5Cw==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['css']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/css/css.min.js" integrity="sha512-DG+5u//fVN9kpDgTGe78IJhJW8e5+tlrPaMgNqcrzyPXsn+GPaF2T62+X3ds7SuhFR9Qeb7XZ6kMD8X09FeJhA==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['java']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/clike/clike.min.js" integrity="sha512-HT3t3u7HfQ7USbSZa0Tk5caEnUfO8s58OWqMBwm96xaZAbA17rpnXXHDefR8ixVmSSVssbOv3W3OMh6mNX/XuQ==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['perl']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/perl/perl.min.js" integrity="sha512-6rKFA1mIjmFqxMM/b0dtjQOWFRAoqKCmhb7/6u2KohJcP4poKbrUI08Yf5GXsK+rkCr2dQnppV7gMe2a0HGQBQ==" crossorigin="anonymous"></script>
|
|
"""
|
|
elif mode == FileManager.modes['scss']:
|
|
return """
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/mode/sass/sass.min.js" integrity="sha512-lFZETu8ovGFrFbFWAJnwgJrRcQ06C0BhjySIpBFPUatL/vqFz/mZIvXhlLtbOwbvRCp+XcLCmTEigKOJPN+YhA==" crossorigin="anonymous"></script>
|
|
"""
|
|
else:
|
|
return ''
|
|
|
|
@staticmethod
|
|
def findThemeFile(theme):
|
|
return '<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.58.1/theme/%s.min.css" />' % (theme)
|
|
|
|
@staticmethod
|
|
def findAdditionalOptions(mode):
|
|
if mode == 'text/x-python':
|
|
return """<select ng-model="optionValue" ng-change="additionalOptions()">
|
|
<option>Python 2</option>
|
|
<option>Python 3</option>
|
|
</select>
|
|
"""
|
|
else:
|
|
return ""
|
|
|
|
def ajaxPre(self, status, errorMessage):
|
|
final_dic = {'status': status, 'error_message': errorMessage, 'uploadStatus': status}
|
|
final_json = json.dumps(final_dic)
|
|
return HttpResponse(final_json)
|
|
|
|
def returnPathEnclosed(self, path):
|
|
return "'" + path + "'"
|
|
|
|
def changeOwner(self, path):
|
|
try:
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
if path.find('..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = "chown -R " + website.externalApp + ':' + website.externalApp + ' ' + self.returnPathEnclosed(path)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
except:
|
|
print("Permisson not changed")
|
|
|
|
|
|
def listForTable(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
|
|
try:
|
|
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
pathCheck = '/home/%s' % (domainName)
|
|
|
|
if self.data['completeStartingPath'].find(pathCheck) == -1 or self.data['completeStartingPath'].find(
|
|
'..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed to browse this path, going back home!')
|
|
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
|
self.data['completeStartingPath'])
|
|
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
|
|
|
|
except:
|
|
pathCheck = '/'
|
|
|
|
if self.data['completeStartingPath'].find(pathCheck) == -1 or self.data['completeStartingPath'].find(
|
|
'..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed to browse this path, going back home!')
|
|
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
|
self.data['completeStartingPath'])
|
|
output = ProcessUtilities.outputExecutioner(command).splitlines()
|
|
|
|
counter = 0
|
|
for items in output:
|
|
try:
|
|
currentFile = items.split(' ')
|
|
currentFile = [a for a in currentFile if a != '']
|
|
|
|
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total' or currentFile[-1].startswith('mail.'):
|
|
continue
|
|
|
|
if len(currentFile) > 9:
|
|
fileName = currentFile[8:]
|
|
currentFile[-1] = " ".join(fileName)
|
|
|
|
dirCheck = 0
|
|
if currentFile[0][0] == 'd':
|
|
dirCheck = 1
|
|
|
|
size = str(int(int(currentFile[4]) / float(1024)))
|
|
lastModified = currentFile[5] + ' ' + currentFile[6] + ' ' + currentFile[7]
|
|
finalData[str(counter)] = [currentFile[-1], currentFile[-1], lastModified, size, currentFile[0],
|
|
dirCheck]
|
|
counter = counter + 1
|
|
except BaseException as msg:
|
|
logging.writeToFile(str(msg))
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def list(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
try:
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
|
self.data['completeStartingPath'])
|
|
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
|
|
|
|
counter = 0
|
|
for items in output:
|
|
try:
|
|
currentFile = items.split(' ')
|
|
currentFile = [a for a in currentFile if a != '']
|
|
|
|
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
|
|
continue
|
|
|
|
if len(currentFile) > 9:
|
|
fileName = currentFile[8:]
|
|
currentFile[-1] = " ".join(fileName)
|
|
|
|
dirCheck = False
|
|
if currentFile[0][0] == 'd':
|
|
dirCheck = True
|
|
|
|
finalData[str(counter)] = [currentFile[-1],
|
|
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
|
|
counter = counter + 1
|
|
except:
|
|
continue
|
|
except:
|
|
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
|
|
self.data['completeStartingPath'])
|
|
output = ProcessUtilities.outputExecutioner(command).splitlines()
|
|
|
|
counter = 0
|
|
for items in output:
|
|
try:
|
|
currentFile = items.split(' ')
|
|
currentFile = [a for a in currentFile if a != '']
|
|
|
|
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
|
|
continue
|
|
|
|
if len(currentFile) > 9:
|
|
fileName = currentFile[8:]
|
|
currentFile[-1] = " ".join(fileName)
|
|
|
|
dirCheck = False
|
|
if currentFile[0][0] == 'd':
|
|
dirCheck = True
|
|
|
|
finalData[str(counter)] = [currentFile[-1],
|
|
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
|
|
counter = counter + 1
|
|
except:
|
|
continue
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def createNewFile(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
|
|
try:
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
if self.data['fileName'].find('..') > -1 or self.data['fileName'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = "touch " + self.returnPathEnclosed(self.data['fileName'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
|
|
except:
|
|
homePath = '/'
|
|
|
|
if self.data['fileName'].find('..') > -1 or self.data['fileName'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = "touch " + self.returnPathEnclosed(self.data['fileName'])
|
|
ProcessUtilities.executioner(command)
|
|
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def createNewFolder(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
try:
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
|
|
except:
|
|
homePath = '/'
|
|
|
|
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
|
|
ProcessUtilities.executioner(command)
|
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def deleteFolderOrFile(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
try:
|
|
try:
|
|
skipTrash = self.data['skipTrash']
|
|
except:
|
|
skipTrash = False
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
self.homePath = '/home/%s' % (domainName)
|
|
|
|
RemoveOK = 1
|
|
|
|
command = 'touch %s/hello.txt' % (self.homePath)
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
|
|
if result.find('No such file or directory') > -1:
|
|
RemoveOK = 0
|
|
|
|
command = 'chattr -R -i %s' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
else:
|
|
command = 'rm -f %s/hello.txt' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
|
|
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
|
|
self.homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if skipTrash:
|
|
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
else:
|
|
trashPath = '%s/.trash' % (self.homePath)
|
|
|
|
command = 'mkdir %s' % (trashPath)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
Trash(website=website, originalPath=self.returnPathEnclosed(self.data['path']),
|
|
fileName=self.returnPathEnclosed(item)).save()
|
|
|
|
command = 'mv %s %s' % (self.returnPathEnclosed(self.data['path'] + '/' + item), trashPath)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
if RemoveOK == 0:
|
|
command = 'chattr -R +i %s' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
except:
|
|
try:
|
|
skipTrash = self.data['skipTrash']
|
|
except:
|
|
skipTrash = False
|
|
|
|
|
|
self.homePath = '/'
|
|
|
|
RemoveOK = 1
|
|
|
|
command = 'touch %s/hello.txt' % (self.homePath)
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
|
|
if result.find('No such file or directory') > -1:
|
|
RemoveOK = 0
|
|
|
|
command = 'chattr -R -i %s' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
else:
|
|
command = 'rm -f %s/hello.txt' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
|
|
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
|
|
self.homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if skipTrash:
|
|
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
if RemoveOK == 0:
|
|
command = 'chattr -R +i %s' % (self.homePath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def restore(self):
|
|
try:
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
|
|
domainName = self.data['domainName']
|
|
|
|
try:
|
|
skipTrash = self.data['skipTrash']
|
|
except:
|
|
skipTrash = False
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
self.homePath = '/home/%s' % (domainName)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
|
|
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
|
|
self.homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
trashPath = '%s/.trash' % (self.homePath)
|
|
|
|
tItem = Trash.objects.get(website=website, fileName=self.returnPathEnclosed(item))
|
|
|
|
command = 'mv %s %s' % (self.returnPathEnclosed(trashPath + '/' + item), tItem.originalPath)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
tItem.delete()
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def copy(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
|
|
domainName = self.data['domainName']
|
|
try:
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if len(self.data['fileAndFolders']) == 1:
|
|
|
|
if (self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'yes| cp -Rf %s %s' % (
|
|
self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['fileAndFolders'][0]),
|
|
self.data['newPath'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
self.changeOwner(self.data['newPath'])
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
except:
|
|
|
|
|
|
homePath = '/'
|
|
|
|
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if len(self.data['fileAndFolders']) == 1:
|
|
|
|
if (self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'yes| cp -Rf %s %s' % (
|
|
self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['fileAndFolders'][0]),
|
|
self.data['newPath'])
|
|
ProcessUtilities.executioner(command,)
|
|
self.changeOwner(self.data['newPath'])
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
if (self.data['basePath'] + '/' + item).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command)
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def move(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
try:
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
|
|
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['newPath'] + '/' + item).find('..') > -1 or (self.data['newPath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'mv ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(
|
|
self.data['newPath'] + '/' + item)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
#self.changeOwner(self.data['newPath'])
|
|
|
|
#self.fixPermissions(domainName)
|
|
except:
|
|
|
|
|
|
homePath = '/'
|
|
|
|
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
|
|
ProcessUtilities.executioner(command)
|
|
|
|
for item in self.data['fileAndFolders']:
|
|
|
|
if (self.data['basePath'] + '/' + item).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['newPath'] + '/' + item).find('..') > -1 or (self.data['newPath'] + '/' + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'mv ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(
|
|
self.data['newPath'] + '/' + item)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
self.changeOwner(self.data['newPath'])
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def rename(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
try:
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'mv ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['newFileName'])
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
|
|
except:
|
|
homePath = '/'
|
|
|
|
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (
|
|
self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'mv ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['newFileName'])
|
|
ProcessUtilities.executioner(command)
|
|
|
|
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def readFileContents(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
try:
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
pathCheck = '/home/%s' % (domainName)
|
|
|
|
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed.')
|
|
|
|
# Ensure proper UTF-8 handling for file reading
|
|
# Use explicit UTF-8 locale for the cat command
|
|
command = 'LANG=C.UTF-8 LC_ALL=C.UTF-8 cat ' + self.returnPathEnclosed(self.data['fileName'])
|
|
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command, website.externalApp)
|
|
except:
|
|
pathCheck = '/'
|
|
|
|
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed.')
|
|
|
|
# Ensure proper UTF-8 handling for file reading
|
|
# Use explicit UTF-8 locale for the cat command
|
|
command = 'LANG=C.UTF-8 LC_ALL=C.UTF-8 cat ' + self.returnPathEnclosed(self.data['fileName'])
|
|
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command)
|
|
|
|
|
|
# Ensure proper UTF-8 encoding in JSON response
|
|
json_data = json.dumps(finalData, ensure_ascii=False)
|
|
return HttpResponse(json_data, content_type='application/json; charset=utf-8')
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def writeFileContents(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
try:
|
|
self.data['home'] = '/home/%s' % (self.data['domainName'])
|
|
|
|
ACLManager.CreateSecureDir()
|
|
tempPath = '%s/%s' % ('/usr/local/CyberCP/tmp', str(randint(1000, 9999)))
|
|
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
writeToFile = open(tempPath, 'wb')
|
|
writeToFile.write(self.data['fileContent'].encode('utf-8'))
|
|
writeToFile.close()
|
|
|
|
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, tempPath)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'cp %s %s' % (tempPath, self.returnPathEnclosed(self.data['fileName']))
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
os.remove(tempPath)
|
|
except:
|
|
self.data['home'] = '/'
|
|
|
|
ACLManager.CreateSecureDir()
|
|
tempPath = '%s/%s' % ('/usr/local/CyberCP/tmp', str(randint(1000, 9999)))
|
|
writeToFile = open(tempPath, 'wb')
|
|
writeToFile.write(self.data['fileContent'].encode('utf-8'))
|
|
writeToFile.close()
|
|
|
|
command = 'cp %s %s' % (tempPath, self.returnPathEnclosed(self.data['fileName']))
|
|
ProcessUtilities.executioner(command)
|
|
|
|
os.remove(tempPath)
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def upload(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['uploadStatus'] = 1
|
|
finalData['answer'] = 'File transfer completed.'
|
|
|
|
ACLManager.CreateSecureDir()
|
|
UploadPath = '/usr/local/CyberCP/tmp/'
|
|
|
|
## Random file name
|
|
|
|
RanddomFileName = str(randint(1000, 9999))
|
|
|
|
myfile = self.request.FILES['file']
|
|
fs = FileSystemStorage()
|
|
|
|
try:
|
|
filename = fs.save(RanddomFileName, myfile)
|
|
finalData['fileName'] = fs.url(filename)
|
|
except BaseException as msg:
|
|
logging.writeToFile('%s. [375:upload]' % (str(msg)))
|
|
|
|
|
|
|
|
domainName = self.data['domainName']
|
|
try:
|
|
pathCheck = '/home/%s' % (self.data['domainName'])
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
command = 'ls -la %s' % (self.data['completePath'])
|
|
result = ProcessUtilities.outputExecutioner(command, website.externalApp)
|
|
#
|
|
if result.find('->') > -1:
|
|
return self.ajaxPre(0, "Symlink attack.")
|
|
|
|
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or (
|
|
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'cp ' + self.returnPathEnclosed(
|
|
UploadPath + RanddomFileName) + ' ' + self.returnPathEnclosed(
|
|
self.data['completePath'] + '/' + myfile.name)
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
|
|
try:
|
|
os.remove(UploadPath + RanddomFileName)
|
|
except:
|
|
pass
|
|
except:
|
|
pathCheck = '/'
|
|
command = 'ls -la %s' % (self.data['completePath'])
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
logging.writeToFile("upload file res %s" % result)
|
|
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or (
|
|
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = 'cp ' + self.returnPathEnclosed(
|
|
UploadPath + RanddomFileName) + ' ' + self.returnPathEnclosed(
|
|
self.data['completePath'] + '/' + myfile.name)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
|
|
try:
|
|
os.remove(UploadPath + RanddomFileName)
|
|
except:
|
|
pass
|
|
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
try:
|
|
os.remove(UploadPath + RanddomFileName)
|
|
except:
|
|
pass
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def extract(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
|
|
domainName = self.data['domainName']
|
|
|
|
try:
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if self.data['extractionType'] == 'zip':
|
|
command = 'unzip -o ' + self.returnPathEnclosed(
|
|
self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
|
else:
|
|
command = 'tar -xf ' + self.returnPathEnclosed(
|
|
self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
#self.fixPermissions(domainName)
|
|
except:
|
|
|
|
homePath = '/'
|
|
|
|
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
if self.data['extractionType'] == 'zip':
|
|
command = 'unzip -o ' + self.returnPathEnclosed(
|
|
self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
|
else:
|
|
command = 'tar -xf ' + self.returnPathEnclosed(
|
|
self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
|
|
|
|
ProcessUtilities.executioner(command)
|
|
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def compress(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
try:
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
if self.data['compressionType'] == 'zip':
|
|
compressedFileName = self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
|
|
command = 'zip -r ' + compressedFileName + ' '
|
|
else:
|
|
compressedFileName = self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
|
|
command = 'tar -czvf ' + compressedFileName + ' '
|
|
|
|
homePath = '/home/%s' % (domainName)
|
|
|
|
for item in self.data['listOfFiles']:
|
|
|
|
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
|
|
command = '%s%s ' % (command, self.returnPathEnclosed(item))
|
|
|
|
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
|
|
|
|
ProcessUtilities.executioner(finalCommand, website.externalApp)
|
|
|
|
self.changeOwner(self.data['compressedFileName'])
|
|
except:
|
|
if self.data['compressionType'] == 'zip':
|
|
compressedFileName = self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
|
|
command = 'zip -r ' + compressedFileName + ' '
|
|
else:
|
|
compressedFileName = self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
|
|
command = 'tar -czvf ' + compressedFileName + ' '
|
|
|
|
homePath = '/'
|
|
|
|
for item in self.data['listOfFiles']:
|
|
|
|
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
|
|
homePath) == -1:
|
|
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
|
|
command = '%s%s ' % (command, self.returnPathEnclosed(item))
|
|
|
|
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
|
|
|
|
res = ProcessUtilities.outputExecutioner(finalCommand, "root")
|
|
logging.writeToFile("compress file res %s"%res)
|
|
|
|
self.changeOwner(self.data['compressedFileName'])
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def changePermissions(self):
|
|
try:
|
|
|
|
finalData = {}
|
|
finalData['status'] = 1
|
|
domainName = self.data['domainName']
|
|
website = Websites.objects.get(domain=domainName)
|
|
|
|
if self.data['recursive'] == 1:
|
|
command = 'chmod -R ' + self.data['newPermissions'] + ' ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['permissionsPath'])
|
|
else:
|
|
command = 'chmod ' + self.data['newPermissions'] + ' ' + self.returnPathEnclosed(
|
|
self.data['basePath'] + '/' + self.data['permissionsPath'])
|
|
|
|
ProcessUtilities.executioner(command, website.externalApp)
|
|
|
|
json_data = json.dumps(finalData)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException as msg:
|
|
return self.ajaxPre(0, str(msg))
|
|
|
|
def fixPermissions(self, domainName):
|
|
|
|
website = Websites.objects.get(domain=domainName)
|
|
externalApp = website.externalApp
|
|
|
|
if ProcessUtilities.decideDistro() == ProcessUtilities.centos or ProcessUtilities.decideDistro() == ProcessUtilities.cent8:
|
|
groupName = 'nobody'
|
|
else:
|
|
groupName = 'nogroup'
|
|
|
|
### symlink checks
|
|
|
|
command = 'ls -la /home/%s' % domainName
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
|
|
if result.find('->') > -1:
|
|
final_json = json.dumps(
|
|
{'status': 0, 'logstatus': 0,
|
|
'error_message': "Symlink attack."})
|
|
return HttpResponse(final_json)
|
|
|
|
# Set home directory ownership
|
|
command = 'chown %s:%s /home/%s' % (website.externalApp, website.externalApp, domainName)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
### Sym link checks
|
|
|
|
command = 'ls -la /home/%s/public_html/' % domainName
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
|
|
if result.find('->') > -1:
|
|
final_json = json.dumps(
|
|
{'status': 0, 'logstatus': 0,
|
|
'error_message': "Symlink attack."})
|
|
return HttpResponse(final_json)
|
|
|
|
# Set file permissions first (before ownership to avoid conflicts)
|
|
command = "find %s -type d -exec chmod 0755 {} \;" % ("/home/" + domainName + "/public_html")
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = "find %s -type f -exec chmod 0644 {} \;" % ("/home/" + domainName + "/public_html")
|
|
ProcessUtilities.executioner(command)
|
|
|
|
# Set ownership for all files inside public_html to user:user
|
|
command = 'chown -R -P %s:%s /home/%s/public_html/*' % (externalApp, externalApp, domainName)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'chown -R -P %s:%s /home/%s/public_html/.[^.]*' % (externalApp, externalApp, domainName)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
# Set public_html directory itself to user:nogroup with 750 permissions
|
|
command = 'chown %s:%s /home/%s/public_html' % (externalApp, groupName, domainName)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'chmod 750 /home/%s/public_html' % (domainName)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
for childs in website.childdomains_set.all():
|
|
command = 'ls -la %s' % childs.path
|
|
result = ProcessUtilities.outputExecutioner(command)
|
|
|
|
if result.find('->') > -1:
|
|
final_json = json.dumps(
|
|
{'status': 0, 'logstatus': 0,
|
|
'error_message': "Symlink attack."})
|
|
return HttpResponse(final_json)
|
|
|
|
# Set file permissions first
|
|
command = "find %s -type d -exec chmod 0755 {} \;" % (childs.path)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = "find %s -type f -exec chmod 0644 {} \;" % (childs.path)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
# Set ownership for all files inside child domain to user:user
|
|
command = 'chown -R -P %s:%s %s/*' % (externalApp, externalApp, childs.path)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'chown -R -P %s:%s %s/.[^.]*' % (externalApp, externalApp, childs.path)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
# Set child domain directory itself to 755 with user:nogroup
|
|
command = 'chmod 755 %s' % (childs.path)
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = 'chown %s:%s %s' % (externalApp, groupName, childs.path)
|
|
ProcessUtilities.executioner(command)
|