zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-29 17:00:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed potential security issue and optimized panel

Browse source 
Fixed small IP validation bug as well.
This commit is contained in:
Pinga 2024-01-25 11:48:36 +02:00
parent d143aafabd
commit 47175b1192
4 changed files with 106 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

25
cp/app/Controllers/ApplicationsController.php
View file

@ -785,19 +785,18 @@ class ApplicationsController extends Controller
$data = $request->getParsedBody();
$db = $this->container->get('db');
$domainName = $data['domainName'] ?? null;
$domain_id = $db->selectValue('SELECT id FROM application WHERE name = ?', [$domainName]);
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($_SESSION["auth_roles"] != 0) {
$clid = $result['registrar_id'];
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$domain_clid = $db->selectValue('SELECT clid FROM application WHERE name = ?', [$domainName]);
if ($domain_clid != $clid) {
return $response->withHeader('Location', '/applications')->withStatus(302);
}
} else {
$clid = $db->selectValue('SELECT clid FROM application WHERE name = ?', [$domainName]);
}
$domain_id = $db->selectValue(
'SELECT id FROM application WHERE name = ?',
[$domainName]
);
$results = $db->select(
'SELECT status FROM application_status WHERE domain_id = ?',
[ $domain_id ]
@ -1305,16 +1304,24 @@ class ApplicationsController extends Controller
$this->container->get('flash')->addMessage('error', 'Invalid domain name format');
return $response->withHeader('Location', '/applications')->withStatus(302);
}
$domain = $db->selectRow('SELECT id, name FROM application WHERE name = ?',
$domain = $db->selectRow('SELECT id, clid, name FROM application WHERE name = ?',
[ $args ]);
$domainName = $domain['name'];
$domain_id = $domain['id'];
$registrar_id_domain = $domain['clid'];
$parts = extractDomainAndTLD($domainName);
$label = $parts['domain'];
$domain_extension = $parts['tld'];
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($registrar_id_domain != $clid) {
return $response->withHeader('Location', '/applications')->withStatus(302);
}
}
$result = $db->select('SELECT id, tld FROM domain_tld');
foreach ($result as $row) {

24
cp/app/Controllers/ContactsController.php
View file

@ -507,17 +507,18 @@ class ContactsController extends Controller
$db = $this->container->get('db');
$iso3166 = new ISO3166();
$countries = $iso3166->all();
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$identifier = $data['identifier'] ?? null;
if ($_SESSION["auth_roles"] != 0) {
$clid = $result['registrar_id'];
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$contact_clid = $db->selectValue('SELECT clid FROM contact WHERE identifier = ?', [$identifier]);
if ($contact_clid != $clid) {
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
} else {
$clid = $db->selectValue('SELECT clid FROM contact WHERE identifier = ?', [$identifier]);
}
$identifier = $data['identifier'] ?? null;
$postalInfoIntName = $data['intName'] ?? null;
$postalInfoIntOrg = $data['org'] ?? null;
$postalInfoIntStreet1 = $data['street1'] ?? null;
@ -863,8 +864,17 @@ class ContactsController extends Controller
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
$contact_id = $db->selectValue('SELECT id FROM contact WHERE identifier = ?',
$contact = $db->selectRow('SELECT id, clid FROM contact WHERE identifier = ?',
[ $args ]);
$contact_id = $contact['id'];
$registrar_id_contact = $contact['clid'];
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($registrar_id_contact != $clid) {
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
}
$is_linked_registrant = $db->selectRow('SELECT id FROM domain WHERE registrant = ?',
[ $contact_id ]);

65
cp/app/Controllers/DomainsController.php
View file

@ -1104,19 +1104,18 @@ class DomainsController extends Controller
$data = $request->getParsedBody();
$db = $this->container->get('db');
$domainName = $data['domainName'] ?? null;
$domain_id = $db->selectValue('SELECT id FROM domain WHERE name = ?', [$domainName]);
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($_SESSION["auth_roles"] != 0) {
$clid = $result['registrar_id'];
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$domain_clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
if ($domain_clid != $clid) {
return $response->withHeader('Location', '/domains')->withStatus(302);
}
} else {
$clid = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
}
$domain_id = $db->selectValue(
'SELECT id FROM domain WHERE name = ?',
[$domainName]
);
$results = $db->select(
'SELECT status FROM domain_status WHERE domain_id = ?',
[ $domain_id ]
@ -1737,11 +1736,16 @@ class DomainsController extends Controller
$this->container->get('flash')->addMessage('error', 'Low credit: minimum threshold reached');
return $response->withHeader('Location', '/domain/renew/'.$domainName)->withStatus(302);
}
$domain_id = $db->selectValue(
'SELECT id FROM domain WHERE name = ?',
$domain_query = $db->selectRow(
'SELECT id, clid FROM domain WHERE name = ?',
[$domainName]
);
$domain_id = $domain_query['id'];
$domain_clid = $domain_query['clid'];
if ($domain_clid != $clid) {
return $response->withHeader('Location', '/domains')->withStatus(302);
}
$results = $db->select(
'SELECT status FROM domain_status WHERE domain_id = ?',
[ $domain_id ]
@ -1836,7 +1840,7 @@ class DomainsController extends Controller
}
$this->container->get('flash')->addMessage('success','Domain ' . $domainName . ' has been renewed for ' . $renewalYears . ' ' . ($renewalYears > 1 ? 'years' : 'year'));
return $response->withHeader('Location', '/domain/renew/'.$domainName)->withStatus(302);
return $response->withHeader('Location', '/domains')->withStatus(302);
}
$db = $this->container->get('db');
@ -1939,7 +1943,7 @@ class DomainsController extends Controller
$this->container->get('flash')->addMessage('error', 'Invalid domain name format');
return $response->withHeader('Location', '/domains')->withStatus(302);
}
$domain = $db->selectRow('SELECT id, name, tldid, registrant, crdate, exdate, clid, crid, upid, trdate, trstatus, reid, redate, acid, acdate, rgpstatus, addPeriod, autoRenewPeriod, renewPeriod, renewedDate, transferPeriod FROM domain WHERE name = ?',
[ $args ]);
@ -1968,6 +1972,13 @@ class DomainsController extends Controller
$parts = extractDomainAndTLD($domainName);
$label = $parts['domain'];
$domain_extension = $parts['tld'];
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($registrar_id_domain != $clid) {
return $response->withHeader('Location', '/domains')->withStatus(302);
}
}
$result = $db->select('SELECT id, tld FROM domain_tld');
foreach ($result as $row) {
@ -1976,15 +1987,7 @@ class DomainsController extends Controller
break;
}
}
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($_SESSION["auth_roles"] != 0) {
$clid = $result['registrar_id'];
} else {
$clid = $registrar_id_domain;
}
$results = $db->select(
'SELECT status FROM domain_status WHERE domain_id = ?',
[ $domain_id ]
@ -2882,7 +2885,15 @@ class DomainsController extends Controller
if (!$domainName) {
$this->container->get('flash')->addMessage('error', 'Please provide the domain name');
return $response->withHeader('Location', '/transfers')->withStatus(302);
return $response->withHeader('Location', '/domains')->withStatus(302);
}
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$registrar_id_domain = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
if ($registrar_id_domain != $clid) {
return $response->withHeader('Location', '/domains')->withStatus(302);
}
}
$temp_id_rgpstatus = $db->selectValue(
@ -2957,7 +2968,15 @@ class DomainsController extends Controller
if (!$domainName) {
$this->container->get('flash')->addMessage('error', 'Please provide the domain name');
return $response->withHeader('Location', '/transfers')->withStatus(302);
return $response->withHeader('Location', '/domains')->withStatus(302);
}
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$registrar_id_domain = $db->selectValue('SELECT clid FROM domain WHERE name = ?', [$domainName]);
if ($registrar_id_domain != $clid) {
return $response->withHeader('Location', '/domains')->withStatus(302);
}
}
$temp_id = $db->selectValue(

43
cp/app/Controllers/HostsController.php
View file

@ -416,26 +416,36 @@ class HostsController extends Controller
$data = $request->getParsedBody();
$db = $this->container->get('db');
$hostName = $data['hostName'] ?? null;
$host_id = $db->selectValue('SELECT id FROM host WHERE name = ?', [$hostName]);
$result = $db->selectRow('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($_SESSION["auth_roles"] != 0) {
$clid = $result['registrar_id'];
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
$host_clid = $db->selectValue('SELECT clid FROM host WHERE name = ?', [$hostName]);
if ($host_clid != $clid) {
return $response->withHeader('Location', '/hosts')->withStatus(302);
}
} else {
$clid = $db->selectValue('SELECT clid FROM host WHERE name = ?', [$hostName]);
}
$ipv4 = $data['ipv4'] ?? null;
$ipv6 = $data['ipv6'] ?? null;
// Validate IPv4 address
if ($ipv4 !== null && !filter_var($ipv4, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
$this->container->get('flash')->addMessage('error', 'Invalid IPv4 address');
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
}
// Validate IPv6 address
if ($ipv6 !== null && !filter_var($ipv6, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
$this->container->get('flash')->addMessage('error', 'Invalid IPv6 address');
return $response->withHeader('Location', '/host/update/'.$hostName)->withStatus(302);
}
try {
$db->beginTransaction();
$host_id = $db->selectValue(
'SELECT id FROM host WHERE name = ?',
[$hostName]
);
if (isset($ipv4) && !empty($ipv4)) {
$ipv4 = normalize_v4_address($ipv4);
@ -539,8 +549,17 @@ class HostsController extends Controller
}
if ($args && isValidHostname($args)) {
$host_id = $db->selectValue('SELECT id FROM host WHERE name = ?',
$host = $db->selectRow('SELECT id, clid FROM host WHERE name = ?',
[ $args ]);
$host_id = $host['id'];
$registrar_id_host = $host['clid'];
if ($_SESSION["auth_roles"] != 0) {
$clid = $db->selectValue('SELECT registrar_id FROM registrar_users WHERE user_id = ?', [$_SESSION['auth_user_id']]);
if ($registrar_id_host != $clid) {
return $response->withHeader('Location', '/hosts')->withStatus(302);
}
}
$is_linked = $db->selectRow('SELECT domain_id FROM domain_host_map WHERE host_id = ?',
[ $host_id ]);