From e5ba1ef437aa9f48775e4d380b8714bbcbbcb7cd Mon Sep 17 00:00:00 2001
From: usmannasir <usman@cyberpersons.com>
Date: Thu, 10 Jul 2025 22:25:17 +0500
Subject: [PATCH] bug fix:
 https://community.cyberpanel.net/t/latest-panel-version-server-to-server-transfer-will-not-connect/58908/2

---
 CyberCP/secMiddleware.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
index 9210149db..7dde0f042 100644
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -224,7 +224,8 @@ class secMiddleware:
                             or key == 'time_of_day' or key == 'notification_emails' or key == 'domains':
                         continue
 
-                    if valueAlreadyChecked == 0:
+                    # Skip validation for API endpoints that need JSON structure characters
+                    if not isAPIEndpoint and valueAlreadyChecked == 0:
                         # Only check string values, skip lists and other types
                         if (type(value) == str or type(value) == bytes) and (value.find('- -') > -1 or value.find('\n') > -1 or value.find(';') > -1 or value.find(
                                 '&&') > -1 or value.find('|') > -1 or value.find('...') > -1 \
@@ -240,11 +241,12 @@ class secMiddleware:
                                 "errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
                             final_json = json.dumps(final_dic)
                             return HttpResponse(final_json)
-                    if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
+                    # Skip key validation for API endpoints that need JSON structure characters
+                    if not isAPIEndpoint and (key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
                             or key.find("`") > -1 or key.find("$") > -1 or key.find("(") > -1 or key.find(")") > -1 \
                             or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find(
                         "{") > -1 or key.find("}") > -1 \
-                            or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1 or key.find("&") > -1:
+                            or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1 or key.find("&") > -1):
                         logging.writeToFile(request.body)
                         final_dic = {'error_message': "Data supplied is not accepted.",
                                      "errorMessage": "Data supplied is not accepted following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}