From db444c7e1f982ab553fa79e8fd24e4298b05c237 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Sun, 15 Dec 2019 15:08:01 +0500
Subject: [PATCH] add info for
 https://github.com/usmannasir/cyberpanel/issues/179

---
 CyberCP/secMiddleware.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index fa382901c..986e1780a 100755
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -1,3 +1,4 @@
+# coding=utf-8
 from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
 import json
 from django.shortcuts import HttpResponse
@@ -81,8 +82,8 @@ class secMiddleware:
                             or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find("{") > -1 or value.find("}") > -1\
                             or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
                         logging.writeToFile(request.body)
-                        final_dic = {'error_message': "Data supplied is not accepted.",
-                                     "errorMessage": "Data supplied is not accepted."}
+                        final_dic = {'error_message': "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.",
+                                     "errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
                         final_json = json.dumps(final_dic)
                         return HttpResponse(final_json)
                     if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
@@ -90,7 +91,7 @@ class secMiddleware:
                             or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find("{") > -1 or key.find("}") > -1\
                             or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:
                         logging.writeToFile(request.body)
-                        final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted."}
+                        final_dic = {'error_message': "Data supplied is not accepted.", "errorMessage": "Data supplied is not accepted following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
                         final_json = json.dumps(final_dic)
                         return HttpResponse(final_json)
             except BaseException, msg: