CP-21: Additional Security

usmannasir · usmannasir · commit f12c6eede30f · 2021-09-13T15:59:05.000+05:00
diff --git a/plogical/acl.py b/plogical/acl.py
@@ -789,8 +789,9 @@ def checkOwnerProtection(currentACL, owner, child):
     @staticmethod
     def CheckDomainBlackList(domain):
         import socket
+
         BlackList = [ socket.gethostname(), 'hotmail.com', 'gmail.com', 'yandex.com', 'yahoo.com', 'localhost', 'aol.com', 'apple.com',
-                     'cloudlinux.com', 'email.com', 'facebook.com', 'gmail.com', 'gmx.de', 'gmx.com', 'google.com',
+                     'cloudlinux.com', 'email.com', 'facebook.com', 'gmx.de', 'gmx.com', 'google.com',
                      'hushmail.com', 'icloud.com', 'inbox.com', 'imunify360.com', 'juno.com', 'live.com', 'localhost.localdomain',
                      'localhost4.localdomain4', 'localhost6.localdomain6','mail.com', 'mail.ru', 'me.com',
                      'microsoft.com', 'mxlogic.net', 'outlook.com', 'protonmail.com', 'twitter.com', 'yandex.ru']
diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
@@ -173,7 +173,8 @@ def submitWebsiteCreation(self, userID=None, data=None):
                 json_data = json.dumps(data_ret)
                 return HttpResponse(json_data)
 
-            if not validators.email(adminEmail):
+
+            if not validators.email(adminEmail) or adminEmail.find('--') > -1:
                 data_ret = {'status': 0, 'createWebSiteStatus': 0, 'error_message': "Invalid email."}
                 json_data = json.dumps(data_ret)
                 return HttpResponse(json_data)
