bug fix: allow file with spaces to be uploaded

usmannasir · usmannasir · commit fdc2134c7e34 · 2020-02-26T11:31:19.000+05:00
diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
@@ -54,13 +54,6 @@ def __call__(self, request):
                     if request.path.find('gitNotify') > -1:
                         break
 
-                    # if request.path.find('users') > -1 or request.path.find('firewall') > -1 or request.path.find('servicesAction') > -1 or request.path.find('sslForHostName') > -1:
-                    #     logging.writeToFile(request.body)
-                    #     final_dic = {'error_message': "Data supplied is not accepted.",
-                    #                  "errorMessage": "Data supplied is not accepted."}
-                    #     final_json = json.dumps(final_dic)
-                    #     return HttpResponse(final_json)
-
                     if type(value) == str or type(value) == bytes:
                         pass
                     else:
diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py
@@ -20,11 +20,9 @@ def ajaxPre(self, status, errorMessage):
         return HttpResponse(final_json)
 
     def returnPathEnclosed(self, path):
-        htmlParser = html.parser.HTMLParser()
-        path = html.unescape(path)
-        return path
         return "'" + path + "'"
 
+
     def changeOwner(self,  path):
         domainName = self.data['domainName']
         website = Websites.objects.get(domain=domainName)
@@ -367,8 +365,13 @@ def upload(self):
 
             myfile = self.request.FILES['file']
             fs = FileSystemStorage()
-            filename = fs.save(myfile.name, myfile)
-            finalData['fileName'] = fs.url(filename)
+
+            try:
+                filename = fs.save(myfile.name, myfile)
+                finalData['fileName'] = fs.url(filename)
+            except BaseException as msg:
+                logging.writeToFile('%s. [375:upload]' % (str(msg)))
+
             pathCheck = '/home/%s' % (self.data['domainName'])
 
             if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
diff --git a/plogical/acl.py b/plogical/acl.py
@@ -19,14 +19,17 @@ class ACLManager:
 
     @staticmethod
     def commandInjectionCheck(value):
-        if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
-                or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
-                or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
-            "{") > -1 or value.find("}") > -1 \
-                or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
-            return 1
-        else:
-            return 0
+        try:
+            if value.find(';') > -1 or value.find('&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
+                    or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
+                    or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
+                "{") > -1 or value.find("}") > -1 \
+                    or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
+                return 1
+            else:
+                return 0
+        except BaseException as msg:
+            logging.writeToFile('%s. [32:commandInjectionCheck]' % (str(msg)))
 
     @staticmethod
     def loadedACL(val):
