Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deny /etc/pterodactyl as a source path for mounts

Browse source
This commit is contained in:
Matthew Penner 2020-10-17 14:29:29 -06:00
parent c52c5d6736
commit f7520b721b
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/Admin/MountController.php
View file

@ -105,6 +105,11 @@ class MountController extends Controller
$model = (new Mount())->fill($request->validated()); $model = (new Mount())->fill($request->validated());
$model->forceFill(['uuid' => Uuid::uuid4()->toString()]); $model->forceFill(['uuid' => Uuid::uuid4()->toString()]);
if (str_starts_with($model->source, '/etc/pterodactyl')) {
$this->alert->danger('Invalid source path: "/etc/pterodactyl" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts');
}
if (str_starts_with($model->source, '/var/lib/pterodactyl/volumes')) { if (str_starts_with($model->source, '/var/lib/pterodactyl/volumes')) {
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash(); $this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts'); return redirect()->route('admin.mounts');
@ -145,6 +150,11 @@ class MountController extends Controller
$mount->forceFill($request->validated()); $mount->forceFill($request->validated());
if (str_starts_with($mount->source, '/etc/pterodactyl')) {
$this->alert->danger('Invalid source path: "/etc/pterodactyl" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts.view', $mount->id);
}
if (str_starts_with($mount->source, '/var/lib/pterodactyl/volumes')) { if (str_starts_with($mount->source, '/var/lib/pterodactyl/volumes')) {
$this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash(); $this->alert->danger('Invalid source path: "/var/lib/pterodactyl/volumes" cannot be used as a source path.')->flash();
return redirect()->route('admin.mounts.view', $mount->id); return redirect()->route('admin.mounts.view', $mount->id);