Skip to content

Commit 9a47edc

Browse files
committed
security fix: CP-22: Websites – Modify Website
1 parent bf42a54 commit 9a47edc

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

websiteFunctions/website.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -766,6 +766,12 @@ def saveWebsiteChanges(self, userID=None, data=None):
766766
else:
767767
return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
768768

769+
newOwner = Administrator.objects.get(userName=newUser)
770+
if ACLManager.checkUserOwnerShip(currentACL, admin, newOwner) == 1:
771+
pass
772+
else:
773+
return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
774+
769775
confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
770776
completePathToConfigFile = confPath + "/vhost.conf"
771777

0 commit comments

Comments
 (0)