Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deny certain paths for mounts

Browse source
This commit is contained in:
Matthew Penner 2020-10-17 14:28:02 -06:00
parent b02a49f42e
commit c52c5d6736
1 changed files with 33 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
app/Http/Controllers/Admin/MountController.php
View file

@ -105,6 +105,21 @@ class MountController extends Controller
$model = (new Mount())->fill($request->validated()); $model = (new Mount())->fill($request->validated());
$model->forceFill(['uuid' => Uuid::uuid4()->toString()]); $model->forceFill(['uuid' => Uuid::uuid4()->toString()]);
if (str_starts_with($model->source, '/var/lib/pterodactyl/volumes')) {
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts');
}
if (str_starts_with($model->source, '/srv/daemon-data')) {
$this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts');
}
if (str_starts_with($model->target, '/home/container')) {
$this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
return redirect()->route('admin.mounts');
}
$model->saveOrFail(); $model->saveOrFail();
$mount = $model->fresh(); $mount = $model->fresh();
@ -128,7 +143,24 @@ class MountController extends Controller
return $this->delete($mount); return $this->delete($mount);
} }
$mount->forceFill($request->validated())->save(); $mount->forceFill($request->validated());
if (str_starts_with($mount->source, '/var/lib/pterodactyl/volumes')) {
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts.view', $mount->id);
}
if (str_starts_with($mount->source, '/srv/daemon-data')) {
$this->alert->danger('Invalid source path: "/srv/daemon-data" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts.view', $mount->id);
}
if (str_starts_with($mount->target, '/home/container')) {
$this->alert->danger('Invalid target path: "/home/container" cannot be used as a target path.')->flash();
return redirect()->route('admin.mounts.view', $mount->id);
}
$mount->save();
$this->alert->success('Mount was updated successfully.')->flash(); $this->alert->success('Mount was updated successfully.')->flash();