diff --git a/app/http/requests/file/archive.go b/app/http/requests/file/archive.go index bd29bee0..6df568db 100644 --- a/app/http/requests/file/archive.go +++ b/app/http/requests/file/archive.go @@ -17,8 +17,8 @@ func (r *Archive) Authorize(ctx http.Context) error { func (r *Archive) Rules(ctx http.Context) map[string]string { return map[string]string{ "paths": "array", - "paths.*": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", - "file": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_not_exists", + "paths.*": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", + "file": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_not_exists", } } diff --git a/app/http/requests/file/copy.go b/app/http/requests/file/copy.go index ce18a166..667405d4 100644 --- a/app/http/requests/file/copy.go +++ b/app/http/requests/file/copy.go @@ -16,8 +16,8 @@ func (r *Copy) Authorize(ctx http.Context) error { func (r *Copy) Rules(ctx http.Context) map[string]string { return map[string]string{ - "old": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", - "new": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "old": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", + "new": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", } } diff --git a/app/http/requests/file/exist.go b/app/http/requests/file/exist.go index 25d312aa..e6eebe23 100644 --- a/app/http/requests/file/exist.go +++ b/app/http/requests/file/exist.go @@ -15,7 +15,7 @@ func (r *Exist) Authorize(ctx http.Context) error { func (r *Exist) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/([a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*)?$|path_exists", + "path": "regex:^/([a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*)?$|path_exists", } } diff --git a/app/http/requests/file/move.go b/app/http/requests/file/move.go index 8946d8cc..18ded61d 100644 --- a/app/http/requests/file/move.go +++ b/app/http/requests/file/move.go @@ -16,8 +16,8 @@ func (r *Move) Authorize(ctx http.Context) error { func (r *Move) Rules(ctx http.Context) map[string]string { return map[string]string{ - "source": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", - "target": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "source": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", + "target": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", } } diff --git a/app/http/requests/file/not_exist.go b/app/http/requests/file/not_exist.go index e98f9a2b..25349305 100644 --- a/app/http/requests/file/not_exist.go +++ b/app/http/requests/file/not_exist.go @@ -15,7 +15,7 @@ func (r *NotExist) Authorize(ctx http.Context) error { func (r *NotExist) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_not_exists", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_not_exists", } } diff --git a/app/http/requests/file/permission.go b/app/http/requests/file/permission.go index 3489eea9..ff050c89 100644 --- a/app/http/requests/file/permission.go +++ b/app/http/requests/file/permission.go @@ -18,7 +18,7 @@ func (r *Permission) Authorize(ctx http.Context) error { func (r *Permission) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", "mode": "regex:^[0-7]{3}$|uint", "owner": "regex:^[a-zA-Z0-9_-]+$", "group": "regex:^[a-zA-Z0-9_-]+$", diff --git a/app/http/requests/file/save.go b/app/http/requests/file/save.go index e6d44a1b..a9caa55e 100644 --- a/app/http/requests/file/save.go +++ b/app/http/requests/file/save.go @@ -16,7 +16,7 @@ func (r *Save) Authorize(ctx http.Context) error { func (r *Save) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", "content": "required|string", } } diff --git a/app/http/requests/file/search.go b/app/http/requests/file/search.go index 07ebac38..e43a46f2 100644 --- a/app/http/requests/file/search.go +++ b/app/http/requests/file/search.go @@ -16,7 +16,7 @@ func (r *Search) Authorize(ctx http.Context) error { func (r *Search) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", "keyword": "required|string", } } diff --git a/app/http/requests/file/un_archive.go b/app/http/requests/file/un_archive.go index 98db1a9f..22926cda 100644 --- a/app/http/requests/file/un_archive.go +++ b/app/http/requests/file/un_archive.go @@ -16,8 +16,8 @@ func (r *UnArchive) Authorize(ctx http.Context) error { func (r *UnArchive) Rules(ctx http.Context) map[string]string { return map[string]string{ - "file": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_exists", - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$|path_not_exists", + "file": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_exists", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$|path_not_exists", } } diff --git a/app/http/requests/file/upload.go b/app/http/requests/file/upload.go index e958f391..d0eca7cd 100644 --- a/app/http/requests/file/upload.go +++ b/app/http/requests/file/upload.go @@ -18,7 +18,7 @@ func (r *Upload) Authorize(ctx http.Context) error { func (r *Upload) Rules(ctx http.Context) map[string]string { return map[string]string{ - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", "file": "required", } } diff --git a/app/http/requests/plugins/rsync/create.go b/app/http/requests/plugins/rsync/create.go index 88ea38e9..77dd31e7 100644 --- a/app/http/requests/plugins/rsync/create.go +++ b/app/http/requests/plugins/rsync/create.go @@ -21,7 +21,7 @@ func (r *Create) Authorize(ctx http.Context) error { func (r *Create) Rules(ctx http.Context) map[string]string { return map[string]string{ "name": "required|regex:^[a-zA-Z0-9-_]+$", - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", "comment": "string", "auth_user": "required|regex:^[a-zA-Z0-9-_]+$", "secret": "required|min_len:8", diff --git a/app/http/requests/plugins/rsync/update.go b/app/http/requests/plugins/rsync/update.go index 083c69e8..883835b7 100644 --- a/app/http/requests/plugins/rsync/update.go +++ b/app/http/requests/plugins/rsync/update.go @@ -21,7 +21,7 @@ func (r *Update) Authorize(ctx http.Context) error { func (r *Update) Rules(ctx http.Context) map[string]string { return map[string]string{ "name": "required|regex:^[a-zA-Z0-9-_]+$", - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", "comment": "string", "auth_user": "required|regex:^[a-zA-Z0-9-_]+$", "secret": "required|min_len:8", diff --git a/app/http/requests/website/add.go b/app/http/requests/website/add.go index e8e0fd1e..73977e67 100644 --- a/app/http/requests/website/add.go +++ b/app/http/requests/website/add.go @@ -27,7 +27,7 @@ func (r *Add) Rules(ctx http.Context) map[string]string { "name": "required|regex:^[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+)*$|not_exists:websites,name|not_in:phpmyadmin,mysql,panel,ssh", "domains": "required|slice", "ports": "required|slice", - "path": "regex:^/[a-zA-Z0-9_.@#$%-]+(\\/[a-zA-Z0-9_.@#$%-]+)*$", + "path": "regex:^/[a-zA-Z0-9_.@#$%- []()]+(/[a-zA-Z0-9_.@#$%- []()]+)*$", "php": "required", "db": "bool", "db_type": "required_if:db,true|in:0,mysql,postgresql",