From 262515805921ede9c7a67ce0b0811bc74e513f68 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Fri, 13 Aug 2021 14:55:08 +0500 Subject: [PATCH] =?UTF-8?q?security=20fix:=20CP-18:=20Users=20=E2=80=93=20?= =?UTF-8?q?Create=20New=20User?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plogical/acl.py | 8 ++++++++ userManagment/views.py | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/plogical/acl.py b/plogical/acl.py index cf5479b7c..f8f11fbf7 100644 --- a/plogical/acl.py +++ b/plogical/acl.py @@ -53,6 +53,14 @@ class ACLManager: else: return 0 + @staticmethod + def CheckRegEx(RegexCheck, value): + import re + if re.match(RegexCheck, value): + return 1 + else: + return 0 + @staticmethod diff --git a/userManagment/views.py b/userManagment/views.py index 2f164173d..305128f09 100755 --- a/userManagment/views.py +++ b/userManagment/views.py @@ -131,6 +131,23 @@ def submitUserCreation(request): websitesLimit = data['websitesLimit'] selectedACL = data['selectedACL'] + if ACLManager.CheckRegEx("^[\w'\-,.][^0-9_!¡?÷?¿/\\+=@#$%ˆ&*(){}|~<>;:[\]]{2,}$", firstName) == 0: + data_ret = {'status': 0, 'createStatus': 0, 'error_message': 'First Name can only contain Alphabets and should be more then 2 characters..'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + if ACLManager.CheckRegEx("^[\w'\-,.][^0-9_!¡?÷?¿/\\+=@#$%ˆ&*(){}|~<>;:[\]]{2,}$", lastName) == 0: + data_ret = {'status': 0, 'createStatus': 0, 'error_message': 'First Name can only contain Alphabets and should be more then 2 characters..'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + + import validators + if not validators.email(email): + data_ret = {'status': 0, 'createStatus': 0, + 'error_message': 'Invalid email address.'} + json_data = json.dumps(data_ret) + return HttpResponse(json_data) + try: securityLevel = data['securityLevel'] except: