From 4611c327d6c741f9daf71b8e16a0315ba7a91300 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Sat, 8 Feb 2020 12:51:45 +0500
Subject: [PATCH] security fix: submitDomainCreation

---
 websiteFunctions/website.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 84886109a..d779ce7c3 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -261,6 +261,9 @@ def submitDomainCreation(self, userID=None, data=None):
             else:
                 return ACLManager.loadErrorJson('createWebSiteStatus', 0)
 
+            if data['path'].find('..') > -1:
+                return ACLManager.loadErrorJson('createWebSiteStatus', 0)
+
             if currentACL['admin'] != 1:
                 data['openBasedir'] = 1