From 8e07f7ea1a37ea5c1bf2878073d5325ebbe0e12e Mon Sep 17 00:00:00 2001 From: Znuff Date: Thu, 5 Mar 2020 21:02:38 +0200 Subject: [PATCH] Proper domain validation with the "validators" library. --- requirments.txt | 3 ++- websiteFunctions/website.py | 23 ++++++++--------------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/requirments.txt b/requirments.txt index 4b1b8bc45..619db9611 100755 --- a/requirments.txt +++ b/requirments.txt @@ -61,4 +61,5 @@ urllib3==1.22 websocket-client==0.56.0 zope.component==4.4.1 zope.event==4.3.0 -zope.interface==4.5.0 \ No newline at end of file +zope.interface==4.5.0 +validators==0.14.2 diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py index d779ce7c3..b277e48cf 100755 --- a/websiteFunctions/website.py +++ b/websiteFunctions/website.py @@ -180,14 +180,12 @@ class WebsiteManager: return ACLManager.loadErrorJson('createWebSiteStatus', 0) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain, - M | I): + if not validators.domain(domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) - if not match(r'\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b', adminEmail, - M | I): + if not validators.email(adminEmail): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid email."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -250,8 +248,7 @@ class WebsiteManager: path = data['path'] tempStatusPath = "/home/cyberpanel/" + str(randint(1000, 9999)) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', domain, - M | I): + if not validators.domain(domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -1593,8 +1590,7 @@ class WebsiteManager: aliasDomain = data['aliasDomain'] ssl = data['ssl'] - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', aliasDomain, - M | I): + if not validators.domain(aliasDomain): data_ret = {'status': 0, 'createAliasStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2683,14 +2679,12 @@ StrictHostKeyChecking no self.domain = data['masterDomain'] - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', self.domain, - M | I): + if not validators.domain(self.domain): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', data['domainName'], - M | I): + if not validators.domain(data['domainName']): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2756,8 +2750,7 @@ StrictHostKeyChecking no currentACL = ACLManager.loadedACL(userID) admin = Administrator.objects.get(pk=userID) - if not match(r'([\da-z\.-]+\.[a-z\.]{2,12}|[\d\.]+)([\/:?=&#]{1}[\da-z\.-]+)*[\/\?]?', data['childDomain'], - M | I): + if not validators.domain(data['childDomain']): data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid domain."} json_data = json.dumps(data_ret) return HttpResponse(json_data) @@ -2828,4 +2821,4 @@ StrictHostKeyChecking no except BaseException as msg: data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) - return HttpResponse(json_data) \ No newline at end of file + return HttpResponse(json_data)