NussNougate/crafty-4
2
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2025-01-19 09:45:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disable backups directory from changing bad paths

Browse Source
This commit is contained in:
amcmanu3 2022-06-21 16:14:29 -04:00
parent b7099c308f
commit d3b1095867
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/classes/web/panel_handler.py
View File

@ -1503,6 +1503,17 @@ class PanelHandler(BaseHandler):
max_backups = bleach.clean(self.get_argument("max_backups", None)) max_backups = bleach.clean(self.get_argument("max_backups", None))
server_obj = self.controller.servers.get_server_obj(server_id) server_obj = self.controller.servers.get_server_obj(server_id)
if (
not backup_path
== self.helper.wtol_path(
os.path.join(self.helper.backup_path, server_obj.server_uuid)
)
and self.helper.wtol_path(self.controller.project_root) in backup_path
):
self.redirect(
"/panel/error?error=Nefarious activities detected."
" User attempted to make backup path within Crafty's root."
)
server_obj.backup_path = backup_path server_obj.backup_path = backup_path
self.controller.servers.update_server(server_obj) self.controller.servers.update_server(server_obj)
self.controller.management.set_backup_config( self.controller.management.set_backup_config(