securityfix: CP-30: Manage Website – Compose

usmannasir · usmannasir · commit ec7264c9462d · 2021-08-30T12:56:26.000+05:00
diff --git a/emailMarketing/emailMarketingManager.py b/emailMarketing/emailMarketingManager.py
@@ -690,6 +690,9 @@ def saveEmailTemplate(self):
             replyTo = data['replyTo']
             emailMessage = data['emailMessage']
 
+            if ACLManager.CheckRegEx('[\w\d\s]+$', name) == 0:
+                return ACLManager.loadErrorJson()
+
             admin = Administrator.objects.get(pk=userID)
             newTemplate = EmailTemplate(owner=admin, name=name.replace(' ', ''), subject=subject, fromName=fromName, fromEmail=fromEmail,
                                         replyTo=replyTo, emailMessage=emailMessage)
