Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-10 00:05:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

command injection check in some fm functions

Browse Source
This commit is contained in:
Usman Nasir
2020-02-07 21:29:05 +05:00
parent b774bc9d4c
commit ff0164fb8e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
filemanager/filemanager.py
View File

@@ -332,6 +332,12 @@ class FileManager:
writeToFile.write(self.data['fileContent'].encode('utf-8'))
writeToFile.close()
command = 'ls -la %s' % (self.data['fileName'])
output = ProcessUtilities.outputExecutioner(command)
if output.find('lrwxrwxrwx') > -1 and output.find('->') > -1:
return self.ajaxPre(0, 'File exists and is symlink.')
if ACLManager.commandInjectionCheck(self.data['fileName']) == 1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')