From bf42a54be04b0c10ab395466834dcea63caf3f22 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Fri, 20 Aug 2021 15:31:11 +0500
Subject: [PATCH] =?UTF-8?q?security=20fix:=20CP-21:=20Websites=20=E2=80=93?=
 =?UTF-8?q?=20Create=20Website?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CyberCP/secMiddleware.py    | 2 +-
 websiteFunctions/website.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index 46f683235..2d40f8993 100755
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -80,7 +80,7 @@ class secMiddleware:
                             or key == 'modSecRules' or key == 'recordContentTXT' or key == 'SecAuditLogRelevantStatus' \
                             or key == 'fileContent' or key == 'commands' or key == 'gitHost' or key == 'ipv6' or key == 'contentNow':
                         continue
-                    if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
+                    if value.find('- -') > -1 or value.find('\n') > -1 or  value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
                             or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
                             or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\
                             or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 63074d778..574c69e01 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -1813,7 +1813,7 @@ class WebsiteManager:
             statusFile = data['statusFile']
 
             if (statusFile[:16] == "/home/cyberpanel" or statusFile[:4] == '/tmp' or statusFile[:18] == '/usr/local/CyberCP') \
-                    and statusFile != '/usr/local/CyberCP/CyberCP/settings.py' and statusFile.find('..') == -1:
+                    and statusFile != '/usr/local/CyberCP/CyberCP/settings.py' and statusFile.find('..') == -1 and statusFile != '/home/cyberpanel/.my.cnf':
                 pass
             else:
                 data_ret = {'abort': 1, 'installStatus': 0, 'installationProgress': "100",