security fix: CP-22: Websites – Modify Website

websiteFunctions/website.py

@@ -766,6 +766,12 @@ def saveWebsiteChanges(self, userID=None, data=None):
             else:
                 return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
 
+            newOwner = Administrator.objects.get(userName=newUser)
+            if ACLManager.checkUserOwnerShip(currentACL, admin, newOwner) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteDeleteStatus', 0)
+
             confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + domain
             completePathToConfigFile = confPath + "/vhost.conf"