From 7d524d270badd798efbf3765004aebfe05bb5440 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Fri, 31 Jan 2020 21:17:23 +0500
Subject: [PATCH] status file proection

---
 websiteFunctions/website.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 9b48400fe..d8eb7e13b 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -1761,7 +1761,8 @@ class WebsiteManager:
         try:
             statusFile = data['statusFile']
 
-            if (statusFile[:16] == "/home/cyberpanel" or statusFile[:4] == '/tmp' or statusFile[:18] == '/usr/local/CyberCP') and statusFile != '/usr/local/CyberCP/CyberCP/settings.py':
+            if (statusFile[:16] == "/home/cyberpanel" or statusFile[:4] == '/tmp' or statusFile[:18] == '/usr/local/CyberCP') \
+                    and statusFile != '/usr/local/CyberCP/CyberCP/settings.py' and statusFile.find('..') == -1:
                 pass
             else:
                 data_ret = {'abort': 1, 'installStatus': 0, 'installationProgress': "100",