zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-16 17:46:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Security fixes in CP

Browse source
This commit is contained in:
Pinga 2024-02-24 11:52:00 +02:00
parent ca1654a4eb
commit 25c736b68b
14 changed files with 194 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

18
cp/app/Controllers/ApplicationsController.php
View file

@ -755,6 +755,14 @@ class ApplicationsController extends Controller
$csrfTokenName = $this->container->get('csrf')->getTokenName(); $csrfTokenName = $this->container->get('csrf')->getTokenName();
$csrfTokenValue = $this->container->get('csrf')->getTokenValue(); $csrfTokenValue = $this->container->get('csrf')->getTokenValue();
if (strpos($domain['name'], 'xn--') === 0) {
$domain['punycode'] = $domain['name'];
$domain['name'] = idn_to_utf8($domain['name'], IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
} else {
$domain['punycode'] = $domain['name'];
}
$_SESSION['applications_to_update'] = [$domain['punycode']];
return view($response,'admin/domains/updateApplication.twig', [ return view($response,'admin/domains/updateApplication.twig', [
'domain' => $domain, 'domain' => $domain,
@ -784,7 +792,12 @@ class ApplicationsController extends Controller
// Retrieve POST data // Retrieve POST data
$data = $request->getParsedBody(); $data = $request->getParsedBody();
$db = $this->container->get('db'); $db = $this->container->get('db');
$domainName = $data['domainName'] ?? null; if (!empty($_SESSION['applications_to_update'])) {
$domainName = $_SESSION['applications_to_update'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No application specified for update');
return $response->withHeader('Location', '/applications')->withStatus(302);
}
$domain_id = $db->selectValue('SELECT id FROM application WHERE name = ?', [$domainName]); $domain_id = $db->selectValue('SELECT id FROM application WHERE name = ?', [$domainName]);
if ($_SESSION["auth_roles"] != 0) { if ($_SESSION["auth_roles"] != 0) {
@ -948,7 +961,8 @@ class ApplicationsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302); return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302);
} }
unset($_SESSION['applications_to_update']);
$this->container->get('flash')->addMessage('success', 'Application ' . $domainName . ' has been updated successfully on ' . $update); $this->container->get('flash')->addMessage('success', 'Application ' . $domainName . ' has been updated successfully on ' . $update);
return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302); return $response->withHeader('Location', '/application/update/'.$domainName)->withStatus(302);
} }

28
cp/app/Controllers/ContactsController.php
View file

@ -504,7 +504,9 @@ class ContactsController extends Controller
[ $contact['id'] ]); [ $contact['id'] ]);
$contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?', $contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?',
[ $contact['id'] ]); [ $contact['id'] ]);
$_SESSION['contacts_to_update'] = [$contact['identifier']];
$responseData = [ $responseData = [
'contact' => $contact, 'contact' => $contact,
'contactStatus' => $contactStatus, 'contactStatus' => $contactStatus,
@ -585,7 +587,9 @@ class ContactsController extends Controller
[ $contact['id'] ]); [ $contact['id'] ]);
$contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?', $contactPostal = $db->select('SELECT * FROM contact_postalInfo WHERE contact_id = ?',
[ $contact['id'] ]); [ $contact['id'] ]);
$_SESSION['contacts_to_validate'] = [$contact['identifier']];
$responseData = [ $responseData = [
'contact' => $contact, 'contact' => $contact,
'contactStatus' => $contactStatus, 'contactStatus' => $contactStatus,
@ -676,7 +680,12 @@ class ContactsController extends Controller
// Get the current URI // Get the current URI
$uri = $request->getUri()->getPath(); $uri = $request->getUri()->getPath();
$identifier = trim($data['identifier']); if (!empty($_SESSION['contacts_to_validate'])) {
$identifier = $_SESSION['contacts_to_validate'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No contact specified for validation');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $identifier)) { if (!preg_match('/^[a-zA-Z0-9\-]+$/', $identifier)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact ID format'); $this->container->get('flash')->addMessage('error', 'Invalid contact ID format');
@ -720,7 +729,8 @@ class ContactsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
unset($_SESSION['contacts_to_validate']);
$this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been validated successfully on ' . $stamp); $this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been validated successfully on ' . $stamp);
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
@ -741,7 +751,12 @@ class ContactsController extends Controller
$db = $this->container->get('db'); $db = $this->container->get('db');
$iso3166 = new ISO3166(); $iso3166 = new ISO3166();
$countries = $iso3166->all(); $countries = $iso3166->all();
$identifier = $data['identifier'] ?? null; if (!empty($_SESSION['contacts_to_update'])) {
$identifier = $_SESSION['contacts_to_update'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No contact specified for update');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
if ($_SESSION["auth_roles"] != 0) { if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]); $clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
@ -1077,7 +1092,8 @@ class ContactsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
unset($_SESSION['contacts_to_update']);
$this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been updated successfully on ' . $update); $this->container->get('flash')->addMessage('success', 'Contact ' . $identifier . ' has been updated successfully on ' . $update);
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }

29
cp/app/Controllers/DomainsController.php
View file

@ -1087,6 +1087,8 @@ class DomainsController extends Controller
} else { } else {
$domain['punycode'] = $domain['name']; $domain['punycode'] = $domain['name'];
} }
$_SESSION['domains_to_update'] = [$domain['punycode']];
return view($response,'admin/domains/updateDomain.twig', [ return view($response,'admin/domains/updateDomain.twig', [
'domain' => $domain, 'domain' => $domain,
'domainStatus' => $domainStatus, 'domainStatus' => $domainStatus,
@ -1117,9 +1119,14 @@ class DomainsController extends Controller
// Retrieve POST data // Retrieve POST data
$data = $request->getParsedBody(); $data = $request->getParsedBody();
$db = $this->container->get('db'); $db = $this->container->get('db');
$domainName = $data['domainName'] ?? null; if (!empty($_SESSION['domains_to_update'])) {
$domainName = $_SESSION['domains_to_update'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No domain specified for update');
return $response->withHeader('Location', '/domains')->withStatus(302);
}
$domain_id = $db->selectValue('SELECT id FROM domain WHERE name = ?', [$domainName]); $domain_id = $db->selectValue('SELECT id FROM domain WHERE name = ?', [$domainName]);
if ($_SESSION["auth_roles"] != 0) { if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]); $clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$domain_clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]); $domain_clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
@ -1598,7 +1605,8 @@ class DomainsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302); return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302);
} }
unset($_SESSION['domains_to_update']);
$this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' has been updated successfully on ' . $update); $this->container->get('flash')->addMessage('success', 'Domain ' . $domainName . ' has been updated successfully on ' . $update);
return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302); return $response->withHeader('Location', '/domain/update/'.$domainName)->withStatus(302);
} }
@ -1707,7 +1715,13 @@ class DomainsController extends Controller
// Retrieve POST data // Retrieve POST data
$data = $request->getParsedBody(); $data = $request->getParsedBody();
$db = $this->container->get('db'); $db = $this->container->get('db');
$domainName = $data['domainName'] ?? null; if (!empty($_SESSION['domains_to_renew'])) {
$domainName = $_SESSION['domains_to_renew'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No domain specified for renewal');
return $response->withHeader('Location', '/domains')->withStatus(302);
}
$renewalYears = $data['renewalYears'] ?? null; $renewalYears = $data['renewalYears'] ?? null;
$parts = extractDomainAndTLD($domainName); $parts = extractDomainAndTLD($domainName);
@ -1729,7 +1743,7 @@ class DomainsController extends Controller
} else { } else {
$clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]); $clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
} }
$date_add = 0; $date_add = 0;
$date_add = ($renewalYears * 12); $date_add = ($renewalYears * 12);
@ -1852,7 +1866,8 @@ class DomainsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during renew: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during renew: ' . $e->getMessage());
return $response->withHeader('Location', '/domain/renew/'.$domainName)->withStatus(302); return $response->withHeader('Location', '/domain/renew/'.$domainName)->withStatus(302);
} }
unset($_SESSION['domains_to_renew']);
$this->container->get('flash')->addMessage('success','Domain ' . $domainName . ' has been renewed for ' . $renewalYears . ' ' . ($renewalYears > 1 ? 'years' : 'year')); $this->container->get('flash')->addMessage('success','Domain ' . $domainName . ' has been renewed for ' . $renewalYears . ' ' . ($renewalYears > 1 ? 'years' : 'year'));
return $response->withHeader('Location', '/domains')->withStatus(302); return $response->withHeader('Location', '/domains')->withStatus(302);
} }
@ -1922,6 +1937,8 @@ class DomainsController extends Controller
} else { } else {
$domain['punycode'] = $domain['name']; $domain['punycode'] = $domain['name'];
} }
$_SESSION['domains_to_renew'] = [$domain['punycode']];
return view($response,'admin/domains/renewDomain.twig', [ return view($response,'admin/domains/renewDomain.twig', [
'domain' => $domain, 'domain' => $domain,
'domainStatus' => $domainStatus, 'domainStatus' => $domainStatus,

119
cp/app/Controllers/HostsController.php
View file

@ -391,6 +391,8 @@ class HostsController extends Controller
} else { } else {
$host['punycode'] = $host['name']; $host['punycode'] = $host['name'];
} }
$_SESSION['hosts_to_update'] = [$host['punycode']];
return view($response,'admin/hosts/updateHost.twig', [ return view($response,'admin/hosts/updateHost.twig', [
'host' => $host, 'host' => $host,
'hostIPv4' => $hostIPv4, 'hostIPv4' => $hostIPv4,
@ -415,7 +417,12 @@ class HostsController extends Controller
// Retrieve POST data // Retrieve POST data
$data = $request->getParsedBody(); $data = $request->getParsedBody();
$db = $this->container->get('db'); $db = $this->container->get('db');
$hostName = $data['hostName'] ?? null; if (!empty($_SESSION['hosts_to_update'])) {
$hostName = $_SESSION['hosts_to_update'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No host specified for update');
return $response->withHeader('Location', '/hosts')->withStatus(302);
}
$host_id = $db->selectValue('SELECT id FROM host WHERE name = ?', [$hostName]); $host_id = $db->selectValue('SELECT id FROM host WHERE name = ?', [$hostName]);
if ($_SESSION["auth_roles"] != 0) { if ($_SESSION["auth_roles"] != 0) {
@ -430,15 +437,21 @@ class HostsController extends Controller
$ipv4 = $data['ipv4'] ?? null; $ipv4 = $data['ipv4'] ?? null;
$ipv6 = $data['ipv6'] ?? null; $ipv6 = $data['ipv6'] ?? null;
// Validate IPv4 address // Check if both IPv4 and IPv6 are empty or null
if ($ipv4 !== null && !filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { if (empty($ipv4) && empty($ipv6)) {
$this->container->get('flash')->addMessage('error', 'At least one IP address (IPv4 or IPv6) is required');
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
}
// Validate IPv4 address, if provided
if (!empty($ipv4) && !filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$this->container->get('flash')->addMessage('error', 'Invalid IPv4 address'); $this->container->get('flash')->addMessage('error', 'Invalid IPv4 address');
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302); return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
} }
// Validate IPv6 address // Validate IPv6 address, if provided
if ($ipv6 !== null && !filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { if (!empty($ipv6) && !filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$this->container->get('flash')->addMessage('error', 'Invalid IPv6 address'); $this->container->get('flash')->addMessage('error', 'Invalid IPv6 address');
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302); return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
} }
@ -446,56 +459,73 @@ class HostsController extends Controller
try { try {
$db->beginTransaction(); $db->beginTransaction();
if (isset($ipv4) && !empty($ipv4)) { if (isset($ipv4)) {
$ipv4 = normalize_v4_address($ipv4); if (!empty($ipv4)) {
$ipv4 = normalize_v4_address($ipv4);
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v4'", [$host_id]);
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v4'", [$host_id]);
if ($does_it_exist) {
$db->update( if ($does_it_exist) {
'host_addr', $db->update(
[ 'host_addr',
'addr' => $ipv4 ['addr' => $ipv4],
], [
[ 'host_id' => $host_id,
'host_id' => $host_id, 'ip' => 'v4'
'ip' => 'v4' ]
] );
); } else {
$db->insert(
'host_addr',
[
'addr' => $ipv4,
'host_id' => $host_id,
'ip' => 'v4'
]
);
}
} else { } else {
$db->insert( // If $ipv4 is set but is an empty string, delete the existing IPv4 address entry
$db->delete(
'host_addr', 'host_addr',
[ [
'addr' => $ipv4,
'host_id' => $host_id, 'host_id' => $host_id,
'ip' => 'v4' 'ip' => 'v4'
] ]
); );
} }
} }
if (isset($ipv6) && !empty($ipv6)) { if (isset($ipv6)) {
$ipv6 = normalize_v6_address($ipv6); if (!empty($ipv6)) {
$ipv6 = normalize_v6_address($ipv6);
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v6'", [$host_id]);
$does_it_exist = $db->selectValue("SELECT id FROM host_addr WHERE host_id = ? AND ip = 'v6'", [$host_id]);
if ($does_it_exist) {
$db->update( if ($does_it_exist) {
'host_addr', $db->update(
[ 'host_addr',
'addr' => $ipv6 ['addr' => $ipv6],
], [
[ 'host_id' => $host_id,
'host_id' => $host_id, 'ip' => 'v6'
'ip' => 'v6' ]
] );
); } else {
$db->insert(
'host_addr',
[
'addr' => $ipv6,
'host_id' => $host_id,
'ip' => 'v6'
]
);
}
} else { } else {
$db->insert( // If $ipv6 is set but is an empty string, delete the existing IPv6 address entry
$db->delete(
'host_addr', 'host_addr',
[ [
'addr' => $ipv6,
'host_id' => $host_id, 'host_id' => $host_id,
'ip' => 'v6' 'ip' => 'v6'
] ]
@ -521,7 +551,8 @@ class HostsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302); return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
} }
unset($_SESSION['hosts_to_update']);
$this->container->get('flash')->addMessage('success', 'Host ' . $hostName . ' has been updated successfully on ' . $update); $this->container->get('flash')->addMessage('success', 'Host ' . $hostName . ' has been updated successfully on ' . $update);
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302); return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
} }

49
cp/app/Controllers/RegistrarsController.php
View file

@ -395,19 +395,22 @@ class RegistrarsController extends Controller
$whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?", $whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?",
[ $registrar['id'] ]); [ $registrar['id'] ]);
return view($response,'admin/registrars/updateRegistrar.twig', [ $_SESSION['registrars_to_update'] = [$registrar['clid']];
'registrar' => $registrar, $_SESSION['registrars_user_email'] = [$user['email']];
'contacts' => $contacts,
'ote' => $ote, return view($response,'admin/registrars/updateRegistrar.twig', [
'user' => $user, 'registrar' => $registrar,
'whitelist' => $whitelist, 'contacts' => $contacts,
'currentUri' => $uri, 'ote' => $ote,
'countries' => $countries 'user' => $user,
]); 'whitelist' => $whitelist,
} else { 'currentUri' => $uri,
// Registrar does not exist, redirect to the registrars view 'countries' => $countries
return $response->withHeader('Location', '/registrars')->withStatus(302); ]);
} } else {
// Registrar does not exist, redirect to the registrars view
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
} else { } else {
// Redirect to the registrars view // Redirect to the registrars view
return $response->withHeader('Location', '/registrars')->withStatus(302); return $response->withHeader('Location', '/registrars')->withStatus(302);
@ -424,7 +427,12 @@ class RegistrarsController extends Controller
// Retrieve POST data // Retrieve POST data
$data = $request->getParsedBody(); $data = $request->getParsedBody();
$db = $this->container->get('db'); $db = $this->container->get('db');
$registrar = $data['reg_clid'] ?? null; if (!empty($_SESSION['registrars_to_update'])) {
$registrar = $_SESSION['registrars_to_update'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No registrar specified for update');
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
$data['ipAddress'] = array_filter($data['ipAddress']); $data['ipAddress'] = array_filter($data['ipAddress']);
$iso3166 = new ISO3166(); $iso3166 = new ISO3166();
@ -497,6 +505,13 @@ class RegistrarsController extends Controller
$this->container->get('flash')->addMessage('error', $errorText); $this->container->get('flash')->addMessage('error', $errorText);
return $response->withHeader('Location', '/registrars')->withStatus(302); return $response->withHeader('Location', '/registrars')->withStatus(302);
} }
if (!empty($_SESSION['registrars_user_email'])) {
$regEmail = $_SESSION['registrars_user_email'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No email specified for update');
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
$db->beginTransaction(); $db->beginTransaction();
@ -634,7 +649,7 @@ class RegistrarsController extends Controller
'password' => $panelPassword, 'password' => $panelPassword,
], ],
[ [
'email' => $data['reg_email'] 'email' => $regEmail
] ]
); );
} }
@ -645,7 +660,9 @@ class RegistrarsController extends Controller
$this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage()); $this->container->get('flash')->addMessage('error', 'Database failure during update: ' . $e->getMessage());
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
} }
unset($_SESSION['registrars_to_update']);
unset($_SESSION['registrars_user_email']);
$this->container->get('flash')->addMessage('success', 'Registrar ' . $data['name'] . ' has been updated successfully on ' . $update); $this->container->get('flash')->addMessage('success', 'Registrar ' . $data['name'] . ' has been updated successfully on ' . $update);
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
} }

18
cp/app/Controllers/SupportController.php
View file

@ -135,7 +135,7 @@ class SupportController extends Controller
ORDER BY tr.date_created DESC', [$ticketNumber]); ORDER BY tr.date_created DESC', [$ticketNumber]);
$category = $db->selectValue('SELECT name FROM ticket_categories WHERE id = ?', [$ticket['category_id']]); $category = $db->selectValue('SELECT name FROM ticket_categories WHERE id = ?', [$ticket['category_id']]);
// Default view for GET requests or if POST data is not set $_SESSION['current_ticket'] = [$ticket['id']];
return view($response,'admin/support/viewTicket.twig', [ return view($response,'admin/support/viewTicket.twig', [
'ticket' => $ticket, 'ticket' => $ticket,
'replies' => $replies, 'replies' => $replies,
@ -158,7 +158,12 @@ class SupportController extends Controller
$uri = $request->getUri()->getPath(); $uri = $request->getUri()->getPath();
$categories = $db->select("SELECT * FROM ticket_categories"); $categories = $db->select("SELECT * FROM ticket_categories");
$ticket_id = $data['ticket_id'] ?? null; if (!empty($_SESSION['current_ticket'])) {
$ticket_id = $_SESSION['current_ticket'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No ticket selected');
return $response->withHeader('Location', '/support')->withStatus(302);
}
$responseText = $data['responseText'] ?? null; $responseText = $data['responseText'] ?? null;
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]); $result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
@ -217,6 +222,7 @@ class SupportController extends Controller
// send message // send message
Mail::send($mailsubject, $message, $from, $to); Mail::send($mailsubject, $message, $from, $to);
unset($_SESSION['current_ticket']);
$this->container->get('flash')->addMessage('success', 'Reply has been posted successfully on ' . $crdate); $this->container->get('flash')->addMessage('success', 'Reply has been posted successfully on ' . $crdate);
return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302); return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302);
} catch (Exception $e) { } catch (Exception $e) {
@ -236,7 +242,12 @@ class SupportController extends Controller
$uri = $request->getUri()->getPath(); $uri = $request->getUri()->getPath();
$categories = $db->select("SELECT * FROM ticket_categories"); $categories = $db->select("SELECT * FROM ticket_categories");
$ticket_id = $data['ticket_id'] ?? null; if (!empty($_SESSION['current_ticket'])) {
$ticket_id = $_SESSION['current_ticket'][0];
} else {
$this->container->get('flash')->addMessage('error', 'No ticket selected');
return $response->withHeader('Location', '/support')->withStatus(302);
}
$action = $data['action'] ?? null; $action = $data['action'] ?? null;
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]); $result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
@ -294,6 +305,7 @@ class SupportController extends Controller
'id' => $ticket_id 'id' => $ticket_id
] ]
); );
unset($_SESSION['current_ticket']);
$this->container->get('flash')->addMessage('success', 'Ticket has been reopened successfully'); $this->container->get('flash')->addMessage('success', 'Ticket has been reopened successfully');
return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302); return $response->withHeader('Location', '/ticket/'.$ticket_id)->withStatus(302);
} else { } else {

2
cp/resources/views/admin/contacts/updateContact.twig
View file

@ -28,7 +28,7 @@
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<form action="/contact/update" method="post"> <form action="/contact/update" method="post">
{{ csrf.field | raw }}<input type="hidden" name="identifier" value="{{ contact.identifier }}"> {{ csrf.field | raw }}
{% set postal_int = null %} {% set postal_int = null %}
{% set postal_loc = null %} {% set postal_loc = null %}

2
cp/resources/views/admin/contacts/validateContact.twig
View file

@ -42,7 +42,7 @@
{% endif %}</h3> {% endif %}</h3>
<div class="card-actions"> <div class="card-actions">
<form action="/contact/approve" method="post"> <form action="/contact/approve" method="post">
{{ csrf.field | raw }}<input type="hidden" name="identifier" value="{{ contact.identifier }}"> {{ csrf.field | raw }}
<a href="/contact/update/{{ contact.identifier }}" class="btn btn-outline-secondary"> <a href="/contact/update/{{ contact.identifier }}" class="btn btn-outline-secondary">
<svg xmlns="http://www.w3.org/2000/svg" class="icon" width="24" height="24" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M9 11l-4 4l4 4m-4 -4h11a4 4 0 0 0 0 -8h-1" /></svg> <svg xmlns="http://www.w3.org/2000/svg" class="icon" width="24" height="24" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M9 11l-4 4l4 4m-4 -4h11a4 4 0 0 0 0 -8h-1" /></svg>
{{ __('Back to Contact Update') }} {{ __('Back to Contact Update') }}

7
cp/resources/views/admin/domains/renewDomain.twig
View file

@ -31,18 +31,15 @@
{{ csrf.field | raw }}{% endif %} {{ csrf.field | raw }}{% endif %}
<div class="mb-3"> <div class="mb-3">
<label for="domainName" class="form-label">{{ __('Domain Name') }}</label> <label for="domainName" class="form-label">{{ __('Domain Name') }}</label>
<div class="form-control-plaintext">{{ domain.name }}</div><input type="hidden" name="domainName" id="domainName" value="{{ domain.punycode }}"> <div class="form-control-plaintext">{{ domain.name }}</div>
</div> </div>
{% if maxYears >= 1 %} {% if maxYears >= 1 %}
<!-- Slider for years -->
<div class="mb-3"> <div class="mb-3">
<label for="renewalYears" class="form-label">{{ 'Renewal Years' }}</label> <label for="renewalYears" class="form-label">{{ 'Renewal Years' }}</label>
<input type="range" class="form-range" min="1" max="{{ maxYears }}" step="1" id="renewalYears" name="renewalYears" value="1"> <input type="range" class="form-range" min="1" max="{{ maxYears }}" step="1" id="renewalYears" name="renewalYears" value="1">
<span id="yearValue">1 Year</span> <span id="yearValue">1 Year</span>
</div> </div>
<!-- Placeholder for displaying domain price -->
<div class="mb-3" id="domainPriceDisplay" style="display:none;"> <div class="mb-3" id="domainPriceDisplay" style="display:none;">
<strong>{{ __('Estimated Price') }}: </strong><span id="domainPrice">{{ currency }} 0.00</span> <strong>{{ __('Estimated Price') }}: </strong><span id="domainPrice">{{ currency }} 0.00</span>
</div> </div>

2
cp/resources/views/admin/domains/updateApplication.twig
View file

@ -31,7 +31,7 @@
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h3 class="card-title"> <h3 class="card-title">
{{ __('Domain') }} {{ domain.name }}&nbsp;<input type="hidden" name="domainName" value="{{ domain.name }}"> {{ __('Domain') }} {{ domain.name }}&nbsp;
{% if domainStatus %} {% if domainStatus %}
{% if domainStatus is iterable %} {% if domainStatus is iterable %}
{% for status in domainStatus %} {% for status in domainStatus %}

2
cp/resources/views/admin/domains/updateDomain.twig
View file

@ -30,7 +30,7 @@
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h3 class="card-title"> <h3 class="card-title">
{{ __('Domain') }} {{ domain.name }}&nbsp;<input type="hidden" name="domainName" value="{{ domain.punycode }}"> {{ __('Domain') }} {{ domain.name }}&nbsp;
{% if domainStatus.status or domain.rgpstatus %} {% if domainStatus.status or domain.rgpstatus %}
{% if domainStatus is iterable %} {% if domainStatus is iterable %}
{% for status in domainStatus %} {% for status in domainStatus %}

2
cp/resources/views/admin/hosts/updateHost.twig
View file

@ -28,7 +28,7 @@
<div class="card"> <div class="card">
<div class="card-body"> <div class="card-body">
<form action="/host/update" method="post"> <form action="/host/update" method="post">
{{ csrf.field | raw }}<input type="hidden" name="hostName" value="{{ host.punycode }}"> {{ csrf.field | raw }}
<div class="form-group mt-3"> <div class="form-group mt-3">
<label for="ipv4" class="form-label">{{ __('IPv4 Address') }}:</label> <label for="ipv4" class="form-label">{{ __('IPv4 Address') }}:</label>
<input type="text" class="form-control" id="ipv4" name="ipv4" placeholder="192.168.1.1" pattern="^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$" value="{{ hostIPv4[0].addr }}"> <input type="text" class="form-control" id="ipv4" name="ipv4" placeholder="192.168.1.1" pattern="^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$" value="{{ hostIPv4[0].addr }}">

4
cp/resources/views/admin/registrars/updateRegistrar.twig
View file

@ -25,7 +25,7 @@
<div class="container-xl"> <div class="container-xl">
<div class="col-12"> <div class="col-12">
{% include 'partials/flash.twig' %} {% include 'partials/flash.twig' %}
<form action="/registrar/update" method="post" autocomplete="off"><input type="hidden" name="reg_clid" value="{{ registrar.clid }}"> <form action="/registrar/update" method="post" autocomplete="off">
{{ csrf.field | raw }} {{ csrf.field | raw }}
<!-- Registrar Details Card --> <!-- Registrar Details Card -->
<div class="card mb-3"> <div class="card mb-3">
@ -378,7 +378,7 @@
<thead> <thead>
<tr> <tr>
<th scope="col required">{{ __('Username/CLID') }}</th> <th scope="col required">{{ __('Username/CLID') }}</th>
<th scope="col">{{ __('Login Email') }}</th><input type="hidden" name="reg_email" value="{{ user.email }}"> <th scope="col">{{ __('Login Email') }}</th>
<th scope="col">{{ __('Panel Password') }} <span class="text-red">*</span></th> <th scope="col">{{ __('Panel Password') }} <span class="text-red">*</span></th>
<th scope="col">{{ __('EPP Password') }} <span class="text-red">*</span></th> <th scope="col">{{ __('EPP Password') }} <span class="text-red">*</span></th>
</tr> </tr>

3
cp/resources/views/admin/support/viewTicket.twig
View file

@ -27,7 +27,6 @@
{% include 'partials/flash.twig' %} {% include 'partials/flash.twig' %}
<form action="/support/status" method="post"> <form action="/support/status" method="post">
{{ csrf.field | raw }} {{ csrf.field | raw }}
<input type="hidden" name="ticket_id" value="{{ ticket.id }}">
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h3 class="card-title">{{ __('Ticket') }} #{{ ticket.id }} - {{ ticket.subject }}</h3>&nbsp; <h3 class="card-title">{{ __('Ticket') }} #{{ ticket.id }} - {{ ticket.subject }}</h3>&nbsp;
@ -63,7 +62,7 @@
</form> </form>
{% if ticket.status != 'Closed' %}<form action="/support/reply" method="post"> {% if ticket.status != 'Closed' %}<form action="/support/reply" method="post">
{{ csrf.field | raw }} {{ csrf.field | raw }}
<input type="hidden" name="ticket_id" value="{{ ticket.id }}">{% endif %} {% endif %}
<div class="card-body"> <div class="card-body">
<h6 class="card-subtitle mb-2 text-muted">{{ __('Ticket Details') }}</h6> <h6 class="card-subtitle mb-2 text-muted">{{ __('Ticket Details') }}</h6>
<p><span>{{ __('Created On') }}:</span> <strong>{{ ticket.date_created }}</strong></p> <p><span>{{ __('Created On') }}:</span> <strong>{{ ticket.date_created }}</strong></p>