Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-07 12:16:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Filemanager security update.

Browse Source
This commit is contained in:
usmannasir
2018-04-18 15:57:49 +05:00
parent 8bcc769297
commit d282142072
12 changed files with 444 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
install/FileManager/php/caller.php
View File

@@ -13,6 +13,25 @@ class Caller{
{
if ($_SERVER['REQUEST_METHOD'] === 'POST' and isset($_POST['method'])) {
$pathToSeed = '/home/' . $_POST['domainName'] . '/..filemanagerkey';
$receivedSeed = $_POST['domainRandomSeed'];
$myfile = fopen($pathToSeed, "r") or die("Unable to open file!");
$seed = fread($myfile,filesize($pathToSeed));
fclose($myfile);
if ($seed != $receivedSeed){
$answer = array(
'uploadStatus' => 0,
'answer' => 'Not allowed to upload in this path.',
'error_message' => "None",
'fileName' => $_FILES['file']['name']
);
$json = json_encode($answer);
echo $json;
return;
}
switch ($_POST['method']) {
case 'upload':
$this->uploadFile();

22
install/FileManager/php/fileManager.php
View File

@@ -11,6 +11,25 @@ class fileManager
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$pathToSeed = '/home/' . $request->domainName . '/..filemanagerkey';
$receivedSeed = $request->domainRandomSeed;
$myfile = fopen($pathToSeed, "r") or die("Unable to open file!");
$seed = fread($myfile,filesize($pathToSeed));
fclose($myfile);
if ($seed != $receivedSeed){
$json_data = array(
"error_message" => "You can not open filemanager for this domain.",
"copied" => 1,
);
$json = json_encode($json_data);
echo $json;
return;
}
if (isset($request->method)) {
switch ($request->method) {
@@ -84,7 +103,8 @@ class fileManager
if (is_dir($completePath) == true) {
array_push($tempDir, $dirFile);
} else {
array_push($tempFiles, $dirFile);
array_push($tempFiles, $dirFile);
}
}