Skip to content

Commit

Permalink
增强网站根目录限制提示
Browse files Browse the repository at this point in the history
  • Loading branch information
showpy committed Jun 11, 2021
1 parent 93d5fcc commit e9f54cd
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 12 deletions.
1 change: 0 additions & 1 deletion class/firewalls.py
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,6 @@ def GetSshInfo(self,get):
else:
status = public.ExecShell("/etc/init.d/sshd status | grep -e 'stopped' -e '已停'|grep -v grep")

# return status;
if len(status[0]) > 3:
status = False
else:
Expand Down
13 changes: 8 additions & 5 deletions class/panelSite.py
Original file line number Diff line number Diff line change
Expand Up @@ -478,7 +478,9 @@ def AddSite(self,get,multiple=None):

get.path = self.__get_site_format_path(get.path)

if not public.check_site_path(get.path): return public.returnMsg(False,'请不要将网站根目录设置到系统关键目录中')
if not public.check_site_path(get.path):
a,c = public.get_sys_path()
return public.returnMsg(False,'请不要将网站根目录设置到以下关键目录中: <br>{}'.format("<br>".join(a+c)))
try:
siteMenu = json.loads(get.webname)
except:
Expand Down Expand Up @@ -514,7 +516,7 @@ def AddSite(self,get,multiple=None):
#if siteMenu['count']:
# domain = get.domain.replace(' ','')
#表单验证
if not files.files().CheckDir(self.sitePath) or not self.__check_site_path(self.sitePath): return public.returnMsg(False,'PATH_ERROR')
if not self.__check_site_path(self.sitePath): return public.returnMsg(False,'PATH_ERROR')
if len(self.phpVersion) < 2: return public.returnMsg(False,'SITE_ADD_ERR_PHPEMPTY')
reg = r"^([\w\-\*]{1,100}\.){1,4}([\w\-]{1,24}|[\w\-]{1,24}\.[\w\-]{1,24})$"
if not re.match(reg, self.siteName): return public.returnMsg(False,'SITE_ADD_ERR_DOMAIN')
Expand Down Expand Up @@ -2824,9 +2826,10 @@ def SetPath(self,get):
Path = self.GetPath(get.path)
if Path == "" or id == '0': return public.returnMsg(False, "DIR_EMPTY")

import files
if not files.files().CheckDir(Path) or not self.__check_site_path(Path): return public.returnMsg(False, "PATH_ERROR")
if not public.check_site_path(Path): return public.returnMsg(False,'请不要将网站根目录设置到系统关键目录中')
if not self.__check_site_path(Path): return public.returnMsg(False, "PATH_ERROR")
if not public.check_site_path(Path):
a,c = public.get_sys_path()
return public.returnMsg(False,'请不要将网站根目录设置到以下关键目录中: <br>{}'.format("<br>".join(a+c)))

SiteFind = public.M("sites").where("id=?",(id,)).field('path,name').find()
if SiteFind["path"] == Path: return public.returnMsg(False, "SITE_PATH_ERR_RE")
Expand Down
34 changes: 28 additions & 6 deletions class/public.py
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,7 @@ def serviceReload():
return ServiceReload()


def ExecShell(cmdstring, cwd=None, timeout=None, shell=True):
def ExecShell(cmdstring, timeout=None, shell=True):
a = ''
e = ''
import subprocess,tempfile
Expand All @@ -493,15 +493,27 @@ def ExecShell(cmdstring, cwd=None, timeout=None, shell=True):
succ_f = tempfile.SpooledTemporaryFile(max_size=4096,mode='wb+',suffix='_succ',prefix='btex_' + rx ,dir='/dev/shm')
err_f = tempfile.SpooledTemporaryFile(max_size=4096,mode='wb+',suffix='_err',prefix='btex_' + rx ,dir='/dev/shm')
sub = subprocess.Popen(cmdstring, close_fds=True, shell=shell,bufsize=128,stdout=succ_f,stderr=err_f)
sub.wait()
if timeout:
s = 0
d = 0.01
while sub.poll() is None:
time.sleep(d)
s += d
if s >= timeout:
if not err_f.closed: err_f.close()
if not succ_f.closed: succ_f.close()
return 'Timed out'
else:
sub.wait()

err_f.seek(0)
succ_f.seek(0)
a = succ_f.read()
e = err_f.read()
if not err_f.closed: err_f.close()
if not succ_f.closed: succ_f.close()
except:
print(get_error_info())
return '',get_error_info()
try:
#编码修正
if type(a) == bytes: a = a.decode('utf-8')
Expand Down Expand Up @@ -3042,20 +3054,30 @@ def return_is_send_info():
return ret


def get_sys_path():
'''
@name 关键目录
@author hwliang<2021-06-11>
@return tuple
'''
a = ['/www','/usr','/','/dev','/home','/media','/mnt','/opt','/tmp','/var']
c = ['/www/Recycle_bin/','/www/backup/','/www/php_session/','/www/wwwlogs/','/www/server/','/etc/','/usr/','/var/','/boot/','/proc/','/sys/','/tmp/','/root/','/lib/','/bin/','/sbin/','/run/','/lib64/','/lib32/','/srv/']
return a,c


def check_site_path(site_path):
'''
@name 检查网站根目录是否为系统关键目录
@author hwliang<2021-05-31>
@param site_path<string> 网站根目录全路径
@return bool
'''
a,error_paths = get_sys_path()
site_path = site_path.strip()
if site_path[-1] == '/': site_path = site_path[:-1]
if site_path in ['/www','/usr','/','/dev','/home','/media','/mnt','/opt','/tmp','/var']:
if site_path in a:
return False

site_path += '/'
error_paths = ['/www/Recycle_bin/','/www/backup/','/www/php_session/','/www/wwwlogs/','/www/server/','/etc/','/usr/','/var/','/boot/','/proc/','/sys/','/tmp/','/root/','/lib/','/bin/','/sbin/','/run/','/lib64/','/lib32/','/srv/']
for ep in error_paths:
if site_path.find(ep) == 0: return False
return True

0 comments on commit e9f54cd

Please sign in to comment.