From e869ff9bd103ad27dfc046c4540cd11b121b3829 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Thu, 6 Feb 2020 22:11:20 +0500 Subject: [PATCH 1/6] symlink protection --- filemanager/filemanager.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py index 5cbdc81b6..98b52caf6 100755 --- a/filemanager/filemanager.py +++ b/filemanager/filemanager.py @@ -332,7 +332,10 @@ class FileManager: writeToFile.write(self.data['fileContent'].encode('utf-8')) writeToFile.close() - if os.path.islink(self.data['fileName']): + command = 'ls -la %s' % (self.data['fileName']) + output = ProcessUtilities.outputExecutioner(command) + + if output.find(website.externalApp) == -1: return self.ajaxPre(0, 'File exists and is symlink.') if self.data['fileName'].find(self.data['home']) == -1 or self.data['fileName'].find('..') > -1: From 5436f9b00f0f17b42e05fc09c785a53bc1d92d42 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Thu, 6 Feb 2020 22:14:27 +0500 Subject: [PATCH 2/6] symlink protection --- filemanager/filemanager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py index 98b52caf6..404ac36b7 100755 --- a/filemanager/filemanager.py +++ b/filemanager/filemanager.py @@ -335,7 +335,7 @@ class FileManager: command = 'ls -la %s' % (self.data['fileName']) output = ProcessUtilities.outputExecutioner(command) - if output.find(website.externalApp) == -1: + if output.find(website.externalApp) == -1 and output.find('No such file') == -1: return self.ajaxPre(0, 'File exists and is symlink.') if self.data['fileName'].find(self.data['home']) == -1 or self.data['fileName'].find('..') > -1: From 5dc98995447d8716c8c30b2183e3b0b9efdd3bf0 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Thu, 6 Feb 2020 22:19:27 +0500 Subject: [PATCH 3/6] symlink protection --- filemanager/filemanager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py index 404ac36b7..3f1dea3a5 100755 --- a/filemanager/filemanager.py +++ b/filemanager/filemanager.py @@ -335,7 +335,7 @@ class FileManager: command = 'ls -la %s' % (self.data['fileName']) output = ProcessUtilities.outputExecutioner(command) - if output.find(website.externalApp) == -1 and output.find('No such file') == -1: + if output.find('lrwxrwxrwx') > -1 and output.find('->') > -1: return self.ajaxPre(0, 'File exists and is symlink.') if self.data['fileName'].find(self.data['home']) == -1 or self.data['fileName'].find('..') > -1: From 2e1f3109f5ce57c83c98755a8e29709b57a00890 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Fri, 7 Feb 2020 17:13:58 +0500 Subject: [PATCH 4/6] add custom ssl check --- plogical/renew.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plogical/renew.py b/plogical/renew.py index ec1c8535f..63ecf9b84 100644 --- a/plogical/renew.py +++ b/plogical/renew.py @@ -37,7 +37,7 @@ class Renew: if int(diff.days) >= 15: logging.writeToFile( 'SSL exists for %s and is not ready to renew, skipping..' % (website.domain), 0) - elif x509.get_issuer().get_components()[1][1] == 'Denial': + elif x509.get_issuer().get_components()[1][1].decode('utf-8') == 'Denial': logging.writeToFile( 'SSL exists for %s and ready to renew..' % (website.domain), 0) logging.writeToFile( @@ -45,6 +45,9 @@ class Renew: virtualHostUtilities.issueSSL(website.domain, '/home/%s/public_html' % (website.domain), website.adminEmail) + elif x509.get_issuer().get_components()[1][1].decode('utf-8') != "Let's Encrypt": + logging.writeToFile( + 'Custom SSL exists for %s and ready to renew..' % (website.domain), 1) else: logging.writeToFile( 'SSL exists for %s and ready to renew..' % (website.domain), 0) From c9dc4f0b466e8ca165569acccb0715adae7ba5e1 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Fri, 7 Feb 2020 17:22:46 +0500 Subject: [PATCH 5/6] speed up list users --- userManagment/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/userManagment/views.py b/userManagment/views.py index 9511a7c2c..667198f53 100755 --- a/userManagment/views.py +++ b/userManagment/views.py @@ -991,7 +991,8 @@ def fetchTableUsers(request): diskUsage = 0 for webs in items.websites_set.all(): - diskUsage = virtualHostUtilities.getDiskUsage("/home/" + webs.domain, webs.package.diskSpace)[0] + diskUsage + #diskUsage = virtualHostUtilities.getDiskUsage("/home/" + webs.domain, webs.package.diskSpace)[0] + diskUsage + diskUsage = 1 owner = Administrator.objects.get(pk=items.owner) From f9eda7bc498dec0caf9475fe9ff0d948f41a20d1 Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Fri, 7 Feb 2020 18:05:07 +0500 Subject: [PATCH 6/6] bug fix: suspend user --- ftp/ftpManager.py | 2 -- userManagment/userManager.py | 2 +- userManagment/views.py | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/ftp/ftpManager.py b/ftp/ftpManager.py index 274b12117..c57cc421d 100755 --- a/ftp/ftpManager.py +++ b/ftp/ftpManager.py @@ -13,11 +13,9 @@ from loginSystem.models import Administrator import plogical.CyberCPLogFileWriter as logging from loginSystem.views import loadLoginPage from websiteFunctions.models import Websites -from plogical.virtualHostUtilities import virtualHostUtilities from plogical.ftpUtilities import FTPUtilities import os from plogical.acl import ACLManager -from plogical.processUtilities import ProcessUtilities class FTPManager: def __init__(self, request): diff --git a/userManagment/userManager.py b/userManagment/userManager.py index bc6c87115..44858cf0d 100644 --- a/userManagment/userManager.py +++ b/userManagment/userManager.py @@ -28,7 +28,7 @@ class UserManager(multi.Thread): def controlUserState(self): try: - websites = ACLManager.findAllSites(self.extraArgs['currentACL'],self.extraArgs['user']) + websites = ACLManager.findAllSites(self.extraArgs['currentACL'],self.extraArgs['user'].pk) from websiteFunctions.website import WebsiteManager wm = WebsiteManager() diff --git a/userManagment/views.py b/userManagment/views.py index 667198f53..3f37f5bc7 100755 --- a/userManagment/views.py +++ b/userManagment/views.py @@ -1053,7 +1053,7 @@ def controlUserState(request): extraArgs = {} extraArgs['user'] = user - extraArgs['currentACL'] = currentACL + extraArgs['currentACL'] = ACLManager.loadedACL(user.pk) extraArgs['state'] = state from userManagment.userManager import UserManager