Prevent arbitrary code execution in register script
This commit is contained in:
parent
5f058a1f35
commit
f5d5bf0489
10
register
10
register
|
@ -10,8 +10,16 @@ class S(BaseHTTPRequestHandler):
|
|||
data = loads(self.rfile.read(content_length).decode('utf-8'))
|
||||
data['password'] = os.popen('slappasswd -s ' + data['password']).read()[:-1]
|
||||
print(data)
|
||||
if data['code'] != code:
|
||||
|
||||
bad = False
|
||||
if data['code'] != code: bad = True
|
||||
if not all(c.isdigit() or c.islower() for c in data['username']): bad = True
|
||||
if not all(c.islower() or c.isupper() for c in data['firstname']): bad = True
|
||||
if not all(c.islower() or c.isupper() for c in data['lastname']): bad = True
|
||||
if not all(c.islower() or c.isupper() or c == '@' or c == '.' for c in data['email']): bad = True
|
||||
if bad:
|
||||
return
|
||||
|
||||
os.system('adduser ' + data['username'] + ' ' + data['firstname'] + ' ' + data['lastname'] + ' ' + data['email'] + ' ' + data['password'] + ' "' + ldap_pass + '"')
|
||||
|
||||
self.send_response(200)
|
||||
|
|
Loading…
Reference in a new issue