From 803a3d53d7012da4c8ae482e3335153138faede5 Mon Sep 17 00:00:00 2001
From: Usman Nasir <usman@cyberpersons.com>
Date: Sat, 25 Sep 2021 13:09:40 +0500
Subject: [PATCH] resolve CP-26

---
 filemanager/filemanager.py | 21 ++++++++++++++-------
 filemanager/views.py       |  1 -
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py
index 2e376614d..7956cacb2 100755
--- a/filemanager/filemanager.py
+++ b/filemanager/filemanager.py
@@ -1,3 +1,5 @@
+import os
+
 from django.shortcuts import HttpResponse
 import json
 from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
@@ -609,7 +611,7 @@ class FileManager:
 
             command = 'ls -la %s' % (self.data['completePath'])
             result = ProcessUtilities.outputExecutioner(command, website.externalApp)
-
+            #
             if result.find('->') > -1:
                 return self.ajaxPre(0, "Symlink attack.")
 
@@ -620,21 +622,26 @@ class FileManager:
                     (self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
                 return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
 
-            command = 'mv ' + self.returnPathEnclosed(
+            command = 'cp ' + self.returnPathEnclosed(
                 '/home/cyberpanel/media/' + myfile.name) + ' ' + self.returnPathEnclosed(
                 self.data['completePath'] + '/' + myfile.name)
-            ProcessUtilities.executioner(command)
-
-            command = 'chown %s:%s %s' % (website.externalApp, website.externalApp,
-                                          self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
-            ProcessUtilities.executioner(command)
+            ProcessUtilities.executioner(command, website.externalApp)
 
             self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
 
+            try:
+                os.remove(self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name))
+            except:
+                pass
+
             json_data = json.dumps(finalData)
             return HttpResponse(json_data)
 
         except BaseException as msg:
+            try:
+                os.remove(self.returnPathEnclosed('/home/cyberpanel/media/' + myfile.name))
+            except:
+                pass
             return self.ajaxPre(0, str(msg))
 
     def extract(self):
diff --git a/filemanager/views.py b/filemanager/views.py
index 5e12a581a..f9475b1e5 100755
--- a/filemanager/views.py
+++ b/filemanager/views.py
@@ -11,7 +11,6 @@ from .filemanager import FileManager as FM
 from plogical.processUtilities import ProcessUtilities
 # Create your views here.
 
-
 def loadFileManagerHome(request,domain):
     try:
         userID = request.session['userID']