Skip to content
Permalink
Browse files

path check

  • Loading branch information
usmannasir committed Jan 17, 2020
1 parent 050c020 commit b88922ee7cccce611eb7571c59db86b1118b5778
Showing with 5 additions and 0 deletions.
  1. +5 −0 filemanager/filemanager.py
@@ -272,6 +272,11 @@ def readFileContents(self):
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)

pathCheck = '/home/%s' % (domainName)

if self.data['fileName'].find(pathCheck) == -1:
return self.ajaxPre(0, 'Not allowed.')

command = 'cat ' + self.returnPathEnclosed(self.data['fileName'])
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command, website.externalApp)

0 comments on commit b88922e

Please sign in to comment.
You can’t perform that action at this time.