From 7f11494d36f6037b54af55863c9ab7865e37e9cd Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Fri, 3 Mar 2023 17:17:13 -0500 Subject: [PATCH] Remove server detail route from panel_handler --- app/classes/web/panel_handler.py | 150 ------------------------------- 1 file changed, 150 deletions(-) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 27758bef..20700e8e 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -1555,156 +1555,6 @@ class PanelHandler(BaseHandler): role = self.controller.roles.get_role(r) exec_user_role.add(role["role_name"]) - if page == "server_detail": - if not permissions[ - "Config" - ] in self.controller.server_perms.get_user_id_permissions_list( - exec_user["user_id"], server_id - ): - if not superuser: - self.redirect("/panel/error?error=Unauthorized access to Config") - return - server_name = self.get_argument("server_name", None) - server_obj = self.controller.servers.get_server_obj(server_id) - shutdown_timeout = self.get_argument("shutdown_timeout", 60) - if superuser: - log_path = self.get_argument("log_path", "") - if log_path: - if Helpers.is_os_windows(): - log_path.replace(" ", "^ ") - log_path = Helpers.wtol_path(log_path) - if not self.helper.validate_traversal(server_obj.path, log_path): - log_path = "" - executable = self.get_argument("executable", None) - execution_command = self.get_argument("execution_command", None) - server_ip = self.get_argument("server_ip", None) - server_port = self.get_argument("server_port", None) - if int(server_port) < 1 or int(server_port) > 65535: - self.redirect( - "/panel/error?error=Constraint Error: " - "Port must be greater than 0 and less than 65535" - ) - return - executable_update_url = self.get_argument("executable_update_url", "") - show_status = int(float(self.get_argument("show_status", "0"))) - else: - execution_command = server_obj.execution_command - executable = server_obj.executable - stop_command = self.get_argument("stop_command", None) - auto_start_delay = self.get_argument("auto_start_delay", "10") - auto_start = int(float(self.get_argument("auto_start", "0"))) - crash_detection = int(float(self.get_argument("crash_detection", "0"))) - logs_delete_after = int(float(self.get_argument("logs_delete_after", "0"))) - java_selection = self.get_argument("java_selection", None) - # make sure there is no whitespace - ignored_exits = self.get_argument("ignored_exits", "").replace(" ", "") - # subpage = self.get_argument('subpage', None) - - server_id = self.check_server_id() - if server_id is None: - return - if java_selection: - try: - if self.helper.is_os_windows(): - execution_list = shlex.split(execution_command, posix=False) - else: - execution_list = shlex.split(execution_command, posix=True) - except ValueError: - self.redirect( - "/panel/error?error=Invalid execution command. Java path" - " must be surrounded by quotes." - " (Are you missing a closing quote?)" - ) - if ( - not any( - java_selection in path for path in Helpers.find_java_installs() - ) - and java_selection != "java" - ): - self.redirect( - "/panel/error?error=Attack attempted." - + " A copy of this report is being sent to server owner." - ) - self.controller.management.add_to_audit_log_raw( - exec_user["username"], - exec_user["user_id"], - server_id, - f"Attempted to send bad java path for {server_id}." - + " Possible attack. Act accordingly.", - self.get_remote_ip(), - ) - return - if java_selection != "java": - if self.helper.is_os_windows(): - execution_list[0] = '"' + java_selection + '/bin/java"' - else: - execution_list[0] = '"' + java_selection + '"' - else: - execution_list[0] = "java" - execution_command = "" - for item in execution_list: - execution_command += item + " " - - server_obj: Servers = self.controller.servers.get_server_obj(server_id) - stale_executable = server_obj.executable - # Compares old jar name to page data being passed. - # If they are different we replace the executable name in the - if str(stale_executable) != str(executable): - execution_command = execution_command.replace( - str(stale_executable), str(executable) - ) - - server_obj.server_name = server_name - server_obj.shutdown_timeout = shutdown_timeout - if superuser: - if Helpers.validate_traversal( - self.helper.get_servers_root_dir(), server_obj.path - ): - server_obj.log_path = log_path - if Helpers.validate_traversal( - self.helper.get_servers_root_dir(), executable - ): - server_obj.executable = executable - server_obj.execution_command = execution_command - server_obj.server_ip = server_ip - server_obj.server_port = server_port - server_obj.executable_update_url = executable_update_url - server_obj.show_status = show_status - else: - server_obj.log_path = server_obj.log_path - server_obj.executable = server_obj.executable - server_obj.execution_command = execution_command - server_obj.server_ip = server_obj.server_ip - server_obj.server_port = server_obj.server_port - server_obj.executable_update_url = server_obj.executable_update_url - server_obj.stop_command = stop_command - server_obj.auto_start_delay = auto_start_delay - server_obj.auto_start = auto_start - server_obj.crash_detection = crash_detection - server_obj.logs_delete_after = logs_delete_after - server_obj.ignored_exits = ignored_exits - failed = False - for servers in self.controller.servers.failed_servers: - if servers["server_id"] == int(server_id): - failed = True - if not failed: - self.controller.servers.update_server(server_obj) - else: - self.controller.servers.update_unloaded_server(server_obj) - self.controller.servers.init_all_servers() - self.controller.servers.crash_detection(server_obj) - - self.controller.servers.refresh_server_settings(server_id) - - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Edited server {server_id} named {server_name}", - server_id, - self.get_remote_ip(), - ) - - self.redirect(f"/panel/server_detail?id={server_id}&subpage=config") - if page == "server_backup": logger.debug(self.request.arguments)