mirror of
https://github.com/getnamingo/registry.git
synced 2025-07-01 08:33:22 +02:00
parent
ef475600b3
commit
4fa1289334
6 changed files with 181 additions and 129 deletions
|
@ -152,53 +152,53 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
|
||||
if (!validateLocField($postalInfoLocName, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postalInfoLocOrg) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) {
|
||||
if (!validateLocField($postalInfoLocOrg, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet1) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) {
|
||||
if (!validateLocField($postalInfoLocStreet1, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet2) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) {
|
||||
if (!validateLocField($postalInfoLocStreet2, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet3) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) {
|
||||
if (!validateLocField($postalInfoLocStreet3, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) {
|
||||
if (!validateLocField($postalInfoLocCity, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postalInfoLocSp) {
|
||||
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) {
|
||||
if (!validateLocField($postalInfoLocSp, 2)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocPc) {
|
||||
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) {
|
||||
if (!validateLocField($postalInfoLocPc, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -237,53 +237,53 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
|
||||
if (!validateLocField($postalInfoLocName, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postalInfoLocOrg) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) {
|
||||
if (!validateLocField($postalInfoLocOrg, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet1) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) {
|
||||
if (!validateLocField($postalInfoLocStreet1, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet2) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) {
|
||||
if (!validateLocField($postalInfoLocStreet2, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocStreet3) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) {
|
||||
if (!validateLocField($postalInfoLocStreet3, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) {
|
||||
if (!validateLocField($postalInfoLocCity, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postalInfoLocSp) {
|
||||
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) {
|
||||
if (!validateLocField($postalInfoLocSp, 2)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoLocPc) {
|
||||
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) {
|
||||
if (!validateLocField($postalInfoLocPc, 3)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -666,4 +666,20 @@ function expandIPv6($ip) {
|
|||
}
|
||||
|
||||
return implode(':', $expanded);
|
||||
}
|
||||
|
||||
function validateLocField($input, $minLength = 5, $maxLength = 255) {
|
||||
// Normalize input to NFC form
|
||||
$input = normalizer_normalize($input, Normalizer::FORM_C);
|
||||
|
||||
// Remove control characters to prevent hidden injections
|
||||
$input = preg_replace('/[\p{C}]/u', '', $input);
|
||||
|
||||
// Define a general regex pattern to match Unicode letters, numbers, punctuation, and spaces
|
||||
$locRegex = '/^[\p{L}\p{N}\p{P}\p{Zs}\-\/&.,]+$/u';
|
||||
|
||||
// Check length constraints and regex pattern
|
||||
return mb_strlen($input) >= $minLength &&
|
||||
mb_strlen($input) <= $maxLength &&
|
||||
preg_match($locRegex, $input);
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue