indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Limit access to accounts directory

main
Bob Mottram 2025-05-19 11:42:05 +01:00
parent b42d03fb8a
commit 9cbd7fe1aa
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
daemon_get.py
View File

@ -311,6 +311,14 @@ def daemon_http_get(self) -> None:
http_404(self, 145) http_404(self, 145)
return return
# accounts directory should not be accessible
if self.path.startswith('/accounts/'):
if not self.path.startswith('/accounts/avatars') and \
not self.path.startswith('/accounts/headers'):
print('GET HTTP Attempt to get accounts file ' + self.path)
http_404(self, 145)
return
# php # php
if self.path.endswith('.php'): if self.path.endswith('.php'):
print('GET HTTP Attempt to access PHP file ' + self.path) print('GET HTTP Attempt to access PHP file ' + self.path)

8
daemon_post.py
View File

@ -122,6 +122,14 @@ def daemon_http_post(self) -> None:
http_404(self, 146) http_404(self, 146)
return return
# accounts directory should not be accessible
if self.path.startswith('/accounts/'):
if not self.path.startswith('/accounts/avatars') and \
not self.path.startswith('/accounts/headers'):
print('POST HTTP Attempt to post accounts file ' + self.path)
http_404(self, 146)
return
# php # php
if self.path.endswith('.php'): if self.path.endswith('.php'):
print('POST HTTP Attempt to access PHP file ' + self.path) print('POST HTTP Attempt to access PHP file ' + self.path)